Using Google reCAPTCHA in Android Application

In this tutorial, we will learn the working process of Google reCaptcha and integrate it in our Android application. Google's reCaptcha protects our application from malicious traffic. It is implemented using SafetyNet API.

Working of Google reCaptcha

The Google reCAPTCHA is validated by calling the network calls between Android application, SafetyNet server and your server:

  • An Android app makes a request with Site Key to SafetyNet server for reCAPTCHA validation.
  • The SafetyNet server generates the response by captcha token to the Android app using Site key.
  • Captcha token is sent to your server for validating using the Secret key.
  • Your android server makes a request to SafetyNet for validating captcha token using the Secret key.
  • SafetyNet verifies the token response and returns the result as a success or a fail.
  • Your Android server notifies the Android app by validating token and returns the result as a success or a fail.
Using Google reCAPTCHA in Android Application

Generating the reCAPTCHA Site key and Secret key:

Before creating the API keys, read the API terms of services https://developers.google.com/terms/ carefully.

  • Sign-up the Android reCAPTCHA site https://g.co/recaptcha/androidsignup.
Using Google reCAPTCHA in Android Application
  • Provide the input details of label, package name and accept the reCAPTCHA terms and Service.
    Label: It is a unique label for your key. You can use the name of your company or organization.
    Package Name: It is the package name of your android application.
Using Google reCAPTCHA in Android Application
  • The Site key, Secret key, client-side integration code, and server-side code are generated at next page.
Using Google reCAPTCHA in Android Application

Android example of integrating Google reCAPTCHA

Let's create an example of integrating Google reCAPTCHA in our Android application.

build.gradle

Add the following SafetyNet and Volley dependencies in build.gradle file.

AndroidManifest.xml

Add the internet permission in AndroidManifest.xml file.

activity_main.xml

Add the following code in activity_main.xml file.

MainActivity.java

Add the following code in the MainActivity.java class file. In this class, we make the client side integration with SafetyNet server and get the response in JSON String.

Replace the value of SITE_KEY and SECRET_KEY with your actual Site Key and Secret Key. When clicking on the button, it calls the SafetyNet.getClient() method to get the Site Key, if returns success than call handleSiteVerify() for token verify.

The Volley library is used for the following purpose:

  • The RequestQueue of Volley library maintains the server calls in a queue.
  • StringRequest is used to get the response as JSON String from your server.
  • The setRetryPolicy() method retry the server call if it fails within the time limit.

Output:

Using Google reCAPTCHA in Android Application Using Google reCAPTCHA in Android Application
Using Google reCAPTCHA in Android Application Using Google reCAPTCHA in Android Application
Next Topic#