For Twilio Verification SDK for Android to receive SMSs without requesting sms read permissions you will need to register your hash so that Google Play Services will be able to route the SMS to your app.
This is the way Google Play Services redirects the SMS to the app without forcing it to request the
To obtain your app’s hash you can use this script: sms_retriever_hash_v9.sh
sh sms_retriever_hash_v9.sh --package package_name --keystore keystore_file
sh sms_retriever_hash_v9.sh --package com.package.name --keystore ./debug.keystore
The script will prompt you to input the keystore password. For debug keystores the default password is
This is the transformation the script does:
Once obtained, browse to the Twilio Console -> Verify -> (application) -> Settings and add the hash in the Android SDK Hash Signature field then save it: