Whenever I get reminders for online meetings with a Teams or Zoomlink, the app deduces a part of the invite as an OTP. I would like to exclude my calendar app from Otp-scanning.

hey, I'd like to help you translate the application into Russian.
Here are the translated files:

full_description.txt
short_description.txt
strings.json
title.txt

Today I received an SMS, which had the https detected as the code. It should be noted that this SMS has no code whatsoever.

שלום שם , משלוח שהזמנת מFedEx שמספרו 7153853481 נקלט במערכת. המשלוח מיועד להימסר בנקודת חלוקה שנבחרה אוטומטית על ידי המערכת וסמוכה לכתובת: כתובת. מומלץ לוודא את הישוב ואת נקודת החלוקה אליה תשלח החבילה בלינק: https://ilto.run/UHgjdlGX . השינוי יכול להתבצע עד קליטת החבילה במחסן - במידה ולא ייקלט השינוי, החבילה תשלח לנקודת חלוקה באזור כתובתך.

Above is the SMS almost verbatim (with PII removed).

I was on v1.9.0 at the time.

Naomitr0n:

What about adding toggleable otp logging that shows detected codes and what app sends them etc.? I remember a bug in an older version where every F-Droid update was detected, would be great to enable logging for a bit and add apps to ignore as needed from that -- plus keep track of what's actually being detected in case there's a use case that isn't being caught correctly or that isn't caught at all.

Made an issue from the comment from #33 to not forget about it

The sensitive word "123456code" cannot be recognized.
The sensitive word "123456 code" can be recognized if a space is added here.

Found a couple cases where it copies from the wrong spot. Works really well otherwise! :)

GitHub SMS:

660679 is your GitHub authentication code.

@github.com #660679

What it copies: @github.com

MetroHealth SMS (Epic MyChart)

MetroHealth: Your verification code is: 163406. This code expires at 11:44 AM EDT.

What it copies: 163406. (adds a period)

I believe MetroHealth's OTP is generated from the Epic MyCharting system they use, so it would apply to other medical facilities as well. AARP uses this format too.

I'm not sure if OTP's containing periods nor at signs (@) exist, I usually only see ones matching RegEx similar to \b[a-zA-Z\d]+\b, which would grab github and com from the first example, and 163406 from the second example. While GitHub would still be pulling from the wrong spot, ignoring the period would fix MyChart, AARP, etc.

Also looks like GitHub putting the code directly before what it means ("____ is your authentication code") instead of after ("Your authentication code is ____") might be throwing it off.

After setting up the app and given all the permissions, I can't get the app to work.
The built in test text message is not read by the app nor any other SMS.

Unfortunately I can't create any debugs.

The problem might be the used device which is a Pixel with GrapheneOS with android 14.
The otphelper app has no restrictions or app hardening settings.

Latest app version 1.5.1

In Austria there is a service called Handy-Signatur (Phone Signature)

The OTP messages look as follows

Handy-Signatur für
 eid.oesterreich.gv.at
Vergleichswert
 v 7 n M Z S S H 6 l
TAN
 4 u 8 k u f
Bitte überprüfen Sie alle Werte!
(5 Min. gültig)

Where 4 u 8 k u f is the OTP Code

Could you add support for this please?

Hi. Thank you for this great tool. I saw you just added "One Time Password". I have a service sending passwords with the keyword "One-Time Password: P4SSW0RD". With the passworg being an alphanumeric, upper case string of length 8. Could that be added?

Hello, when I play video https://youtu.be/68SZYtgFF94, app automatically recognizes the OTP code as "ss97" even though there is no OTP code, "ss97" can be recognized from the channel name of the video above : "bigboss97"
Sorry for my bad English, hope you can understand, thanks

Hello again,

Noticed the following issue both in v1.10 and v1.11: a string such as

otp-helper--release-1.11.0--universal-14000-signed.apk

causes a "code" of release1 to be detected.

I think it would be easier than do translations in code and then creating PR

I hope it isnt fixed in new version, it still isnt in F-Droid
Sometimes it is fully "white", sometimes are also few texts black

So the message is

Quy khach se MAT TIEN va THONG TIN neu cung cap Ma xac thuc giao dich (OTP) cho bat ky ai. Ma OTP (het han sau 1 phut) cua Quy khach la 072-464

The OTP here was 072464. Could you add this pattern for detection?

Hello, I am a user from Vietnam. When using your app, I found the application doesn't recognize or misidentified the otp code. The otp code should have been 572123 but the application recognized it as 1533. Below is the SMS content in my language (Vietnamese):

GD truc tuyen VietinBank,ma GD 1533 ma OTP 572123 so tien 50000 tai web MOMOCE.QK tuyet doi KHONG cung cap OTP cho nguoi khac

Translate into English by Google translate: "VietinBank online transaction, transaction number 1533, OTP number 572123, amount 50,000 at MOMOCE website. Dear customers, DO NOT provide OTP to others"

As for other message content, the application does not recognize any OTP code:

Tai khoan quy khach se bi tru 6000000 VND qua kenh giao dich truc tuyen. Neu dung, quy khach thuc hien nhap OTP 840348 de hoan tat. Neu khong, LH 19009247

Translate into English: "Your account balance will be deducted 6000000 VND via online transaction channel. If using, customers need to enter OTP 840348 to complete. If not, contact 19009247"

Same thing happens with this message, the app doesn't recognize any code:

QK nhap ma OTP 771808 tuong ung voi ma giao dich 7709 de cap lai mat khau dich vu VietinBank iPay.TH QK khong thuc hien giao dich nay, LH 1900558868

Trans to Eng: "QK enters OTP code 771808 corresponding to transaction code 7709 to re-cap the VietinBank iPay service.TH QK cannot execute this transaction, contact 1900558868"

Sorry my English is not good, hope you understand

App is copying codes in Outlook mails, ignore is not working as the tags are not unique and keep changing:

Also a suggestion --> Can you make a whitelist of apps, so that it copies codes from only these apps, instead of manually ignoring unwanted apps every time.

@jd1378

Hi dev

I have translated the app into Arabic ( العربية )

Copy SMS Code (Arabic translation).zip

Thank you for this great app ♡

First of all, thanks for the app! Below are SMS contents that didn't trigger the app (v.1.3.0):

492609 הנו קוד האימות החד פעמי שלך לכניסה לאזור האישי באתר מנורה מבטחים.
@www.menoramivt.co.il #492609

The App copy number from user name, NOT code

Thanks

There should be

1. Author contact
2. Github source code
3. Translation link
4. Licence
5. App version

While using the app today, i noticed that it didn't catch a code sent via SMS.

original (german):

Ihre smsTAN lautet 736194. Freundliche Grüße, [...]

translation:

Your smsTAN is 736194. Friendly regards, [...]

As you can see in the image, you could might only know a word 'title'.

I am sure I do not translate test_notification_title startwith title, I translate it into "这是一条用来测试验证码提取的通知".

So I guess:

1. it use sms title to ignore
2. forget to add the title into translate keys, that is not found in string.xml

so I have a question, should we add a new translate key to title?

Occasionally the sender's number will be copied instead of the One-Time Passcode. For example these two from FedEx today:

FedEx: Verification code 228193 expires in 10 minutes. Do not share it with anyone.

FedEx: Authorization code 153317 expires in 10 minutes. If you didn't request the code, call 1.800.463.3339. Reply Stop to cancel. Msg&data rates may apply.

It instead copies 25161, which is the number that sent those two texts. Might have to do with the sender number being shorter maybe? Haven't seen it copy a full 9-digit number yet.

Hello, I am a user from China. When using your app, I found that the app cannot recognize the Chinese text message I received containing the verification code.

The specific text message content is:

【金山办公】验证码123456，10分钟内有效。验证码提供给他人可能导致账号被盗，请勿转发或泄露。

The English translation is:

[Kingsoft Office] Verification code 123456, valid within 10 minutes. Providing the verification code to others may lead to account theft, please do not forward or leak it.

If you have the energy, could you please see if you can change the recognition strategy to make the application suitable for the Chinese context, I would be very grateful.

الحمد لله :)

Sample message:

Your OTP for your card nb 123456******6789 is : '287633' and expires in 3 Minutes. Use it to complete trnx at 'Shop' for EGP 306.27.

Instead of 287633 the beginning of the card gets copied 123456

I would add it into menu with About page from #12

Options: Dark/Light/System.

Hello.
Well, all is in the title of issue.

I receive sms in russian and without any special tags like <#>.
Just ваш код: 654321
Also may be код подтверждения, код доступа and so on.
And otphelper not parse it.

Such ways to deal with it:

1. Every not-English-speaking guy, who wants to use otphelper, creates his own wordlist or/and algoritm right inside an app.
   1.1. And if we are all kindful people, then we have to share the wordlist for improving the tool.

2. I may to collect my sms, analyse and create algorithms, like so for English or Arabian if any.

Or app is running simply as (WATCH PATTERN <#>) ?

Please add an themed icon for Android 14

We can send that notification to post server or by making a post request to a url of our server

The message goes like this:

CMB
Le code pour la confirmation du virement SEPA du 31/12 à 12:12 est le 123456. Il est valide 5 min. NE DONNEZ JAMAIS CE CODE PAR TELEPHONE.

The code here is 123456. The word that translates to OTP in french here is code de confirmation or simply code.

Hey man just wanted to ask you which resources you used to learn kotlin & which videos will you refer to watch

你好！
这条消息没有被自动复制验证码，请问可以添加上吗？

【米哈游】验证码：206623（10分钟内有效）。您正在关闭新设备验证功能，请勿将验证码告诉他人哦。

This is the Vietnamese translation file that I created because it is not included in your application, hope you will accept it.

Hi and thanks for developing this useful app! Actually with the newest version from f-Droid it's not possible to set "Read Notifications" - the Android-Button is greyed out and ends with the message "For security reasons, this setting is currently not available". This issue is not present in the version from Google Play... BR, Reinhard

I was viewing a video on X (twitter) through the Firefox app, and otphelper was triggered with the following payload:

2Fblockquotescriptasyncsrc

Note that it only happens when visiting the url that includes all the urlparams ("?ref_src" and everything that follows). When visiting the same tweet and playing the same video from a "sanitized" url, this doesn't occurr.

Unless you developed a detection tool for malware/code injection, this seems like a false positive.

I'm on version 1.6.0

Is there any file for translate?

For a reason I don't know, I cannot upload a TXT file. Here is a text file sharing service link: https://justpaste.it/azmjw

The app wasn't able to recognize code in the following message:

(s/n an p/n) 301674634: 5512 kods vada gasdis 5 wuTSi

Meaning:

(S/N or F/N) 301674634: 5512 code expires in 5 days

Could you please update the code recognition pattern?

First off, thanks for creating and maintaining this app! I always wanted a simple offline OTP parser and this is a first.

HDFC is a major bank in India and for one of their logins, they send this SMS:

844556 is the One Time Password (OTP) to 2FA Login of your HDFC securities trading and investment account.

The OTP in this isn't detected, despite the message having the word "OTP" as well as its full form. Maybe the parser is having an issue due to brackets around "OTP"?

The received SMS is :

mTan-Code: 155160

But the copied code is Code

Thx for creating this app. I love the idea.

The following OTP from SMS are not recognised:

Le code à saisir pour votre achat de 200,00 EUR est 29444635. Ne donnez ce code à personne. Si vous n'avez pas réalisé cet achat, appelez le 09.69.32.00.04.

29444635 is the OTP.

To help with translation of the app, please translate the following files:

App UI

https://github.com/jd1378/otphelper/blob/main/app/src/main/res/values/strings.xml

Store listing (shown on google play and f-droid)

https://github.com/jd1378/otphelper/blob/main/fastlane/metadata/android/en-US/full_description.txt
https://github.com/jd1378/otphelper/blob/main/fastlane/metadata/android/en-US/short_description.txt
https://github.com/jd1378/otphelper/blob/main/fastlane/metadata/android/en-US/title.txt

please note:
max character limit for app title is 30 characters
max character limit for short description is 80 characters

If you are not familiar with GitHub and making a PR, then simply translate these files and send them back (by creating a new issue), I will do the rest

I like the premise of your app, however, it doesn't seem to like my Galaxy S22, with Android 13.

I came across this yesterday, a popular on-demand service platform uses "PIN" instead of OTP or password in their SMS:

<#> Welcome to Dunzo. Your PIN is 917778 1IofsghvRkq

I'm not sure how many other services use "Pin" but it seems like a good-enough word to add to the matcher. What do you think?