Here's a simple phone number verification servicebuilt on top of Nexmo (disclaimer, I do a little developer evangelism for Nexmo). I think it's basically what you're looking for, the goal is to verify that a number actually belongs to a user (could also be used for 2nd factor authentication).

这是一个建立在 Nexmo 之上的简单电话号码验证服务（免责声明，我为 Nexmo 做了一些开发者布道）。我认为这基本上就是你要找的东西，目标是验证一个数字实际上属于一个用户（也可以用于第二因素身份验证）。

The basic integration for a mobile app (specifically for this example code, but a common flow):

移动应用程序的基本集成（特别是此示例代码，但一个通用流程）：

• Send the phone number to be verified, receive a unique hash.
• The verification system sends a unique code to the user.
• Once the user passes that code to your application, the original hash and the code are sent to the verification system to be validated.

• 发送要验证的电话号码，接收唯一的哈希值。
• 验证系统向用户发送唯一代码。
• 一旦用户将该代码传递给您的应用程序，原始哈希和代码将发送到验证系统进行验证。

You can drop out the hosted portion, and just take those steps inside your application (generate a code, send via a SMS API, check the code the user enters). However, there are a few things to consider at that point:

您可以删除托管部分，并在您的应用程序中执行这些步骤（生成代码，通过 SMS API 发送，检查用户输入的代码）。但是，此时需要考虑以下几点：

• The credentials of the SMS API are compiled down into your distributed application. Is that something you want to risk?
• The code is send via the network from the device; while SSL will stop casual observation of the code, someone who wanted to fake a registration could more than likely capture the code from the HTTP request.

• SMS API 的凭据被编译到您的分布式应用程序中。这是你想冒险的东西吗？
• 代码通过网络从设备发送；虽然 SSL 将停止对代码的随意观察，但想要伪造注册的人很可能会从 HTTP 请求中捕获代码。

Both of those issues are solved by putting the verification system outside the mobile application.

通过将验证系统置于移动应用程序之外，这两个问题都得到了解决。

i know this post is too old, but this is for people that`ll visit this page in the future:

我知道这篇文章太旧了，但这是为将来会访问此页面的人准备的：

what the user "Harsh Shah" said is wrong..

用户“Harsh Shah”说的是错误的..

you SHOULD NOT generate a random number on the device itself! this compromise the whole verification,

您不应该在设备本身上生成随机数！这妥协了整个验证，

1. you ask the user for phone number, send it to the server.
2. as a response for that request, you generate a random number and save with the user number on there user records on db, and send SMS with that random number, the RESPONSE for the request should be SENT-OK, NOT-SENT.
3. the device gets the SMS and send it back to the server to compare with the existed db record.

1. 您向用户询问电话号码，将其发送到服务器。
2. 作为对该请求的响应，您生成一个随机数并与用户编号一起保存在 db 上的用户记录中，并使用该随机数发送 SMS，请求的响应应为 SENT-OK，NOT-SENT。
3. 设备获取 SMS 并将其发送回服务器以与现有的 db 记录进行比较。

data exchange:

数据交换：

1. phone sends('012345567')-> server respond('SENT-OK'); on background: server: [generate number, sends it in SMS, save in db for user 01234567, eg: 123123]

1. 电话发送（'012345567'）-> 服务器响应（'SENT-OK'）；在后台：服务器：[生成号码，通过短信发送，保存在用户 01234567 的数据库中，例如：123123]

[phone reads the SMS eg as '123123']

[手机读取短信如'123123']

1. phone sends('01234567','123123')->server responds('AUTH-OK');

2. 电话发送（'01234567'，'123123'）->服务器响应（'AUTH-OK'）；

on background: server: [check db for record user 01234567, compare the random number generated in step 1 with the number the user sent).

在后台：服务器：[检查数据库记录用户 01234567，将步骤 1 中生成的随机数与用户发送的数字进行比较）。

if you generate the number in the user phone, any script-kiddie can hack your authentication by extracting this number from the memory/storage (so easy to do) and spoofing an sms containing it (super easy to do as well)... you might think this is a rare case, but this is a major hole in the security, you can authenticate yourself as any existing user and steal data from them if you do it the way "Harsh Shah" said...

如果您在用户手机中生成号码，任何脚本小子都可以通过从内存/存储中提取此号码（很容易做到）并欺骗包含它的短信（也非常容易做到）来破解您的身份验证...您可能认为这是一种罕见的情况，但这是安全中的一个主要漏洞，如果您按照“Harsh Shah”所说的方式进行，您可以将自己作为任何现有用户进行身份验证并从他们那里窃取数据......

The basic fundamentals are :

基本原理是：

1. Generate a random code in your app on the device. Ask user for his mobile number.
2. Send this code and mobile number to your application running on server.
3. Call the sms gateway API to send the code as a message to the mobile number specified.

1. 在设备上的应用程序中生成随机代码。向用户询问他的手机号码。
2. 将此代码和手机号码发送到您在服务器上运行的应用程序。
3. 调用短信网关 API 将代码作为消息发送到指定的手机号码。

There are many SMS gateway providers. You can search on google. Most of them also provide a tutorial for using their API in various programming languages. The cost is mostly based on per message and generally they are to be bought in the form of package of number of SMSes.

有许多 SMS 网关提供商。你可以在谷歌上搜索。他们中的大多数还提供了在各种编程语言中使用他们的 API 的教程。费用主要基于每条消息，通常以短信数量的包裹形式购买。

This article explains how to integrate sms verification to your android app just like whats App.

本文解释了如何将短信验证集成到您的 android 应用程序中，就像什么应用程序一样。

Android adding SMS Verification Like WhatsApp – Part 1

Android 添加像 WhatsApp 一样的短信验证 – 第 1 部分

Android adding SMS Verification Like WhatsApp – Part 2

Android 添加像 WhatsApp 一样的短信验证 – 第 2 部分

Basically the following steps involves in verifying mobile number

基本上以下步骤涉及验证手机号码

1. First user mobile number will be sent to our server where new user row will be created.

2. Our server requests the SMS gateway for an sms to the mobile number with a verification code.

3. SMS gateway sends an SMS to the user device with the verification code.

4. The verification code will be sent back our server again for verification. Our server verifies it and activates the user.

1. 第一个用户手机号码将被发送到我们的服务器，在那里将创建新的用户行。

2. 我们的服务器向短信网关请求发送到带有验证码的手机号码的短信。

3. SMS 网关将带有验证码的 SMS 发送到用户设备。

4. 验证码将再次发送回我们的服务器进行验证。我们的服务器验证它并激活用户。