This article is useful for you if you want to develop your own SMS (or another service) handler. As a sample, I choose received SMS handler that receives SMS, encrypts them, and puts into the SMS table of the Android system database.
- Android Manifest
- View Model
- Handle Received SMS
- Read and Decrypt SMS
In this article, I describe the following:
- How to develop SMS receiver;
- How to encrypt/decrypt data;
- How to push custom SMS into SMS table in a device database.
Manifest is a very important part of an Android application. You can find everything about the Android manifest by this link.
And now I’ll try to describe every line that is important for us.
The first are permissions . The application must receive, write and read SMS from the database. Permissions can be obtained as follows:
Now it’s time to write a standard activity starting. This is a part of an application that will show us SMS and will decrypt encrypted ones. There is nothing special:
And now we need to catch all received SMS into our SMS receiver:
android:exported indicates that the
SmsReceiver class must receive event not only from the application but also from the whole Android system.
android:priority=”999” indicates that receiver has the highest priority and will catch the SMS event before the system. Be careful with this because incorrect work of your receiver can corrupt the system or important data in your device. You can read about priority values here.
<action android:name="android.provider.Telephony.SMS_RECEIVED" /> indicates that we want to get received SMS.
The project contains only one XML layout. There is one button and one list. The button is used for getting inbox SMS from the system and the list is used for showing messages.
Here is the XML layout code:
And the UI screenshot:
Listeners will be described later.
All incoming SMS will be encrypted. For this reason, the class, which provides encrypting and decrypting, is added.
I use the AES algorithm and standard Android libraries. You can use this class for your own purposes.
String encrypt( String password, String data ) – encrypts string where the key will be generated using a
password string. The returned value is a Base64 string that was previously encrypted.
String decrypt( String password, String encryptedData ) – decrypts a Base64 string with a
byte generateKey( byte seed ) – generates a secret key using a seed (String.getBytes() in our case). A secret key is a byte array generated for the specific encryption algorithm.
Handle Received SMS
The main class that receives the SMS is
SmsReceiver. It extends
BroadcastReceiver class. This is the main concept of any Android service or receiver. Any child of
BroadcastReceiver must contain the
onReceive method, which receives
Intent parameters. You can find all additional information on the Android developer documentation site.
So, we get event and go into the
onReceive method. The first line is:
Bundle extras = intent.getExtras();
The Bundle object is a simple map. It contains pairs of keys and values. SMS are placed in this bundle. The key of SMS is
After this, the
smsExtra value contains arrays of bytes. Here is a full example:
So, when the SMS list gets into
smsExtra, then SMS should be parsed. And the method
SmsMessage class should be called for this. I do not write about the methods and fields of
SmsMessage class because it is documented enough.
SmsReceiver gets the SMS and now can do anything with it. In the example, SMS are encrypted and put into the SMS table of the device database. I need this to allow the encrypted SMS viewing by the default Android SMS viewer.
Of course, the PDU (Protocol Description Unit) can be parsed and generated manually, but its format can be changed anytime by Google. If you are interested in researching the PDU format, you can analyze it at Android sources for CDMA phones and for GSM phones.
When SMS is got, it is shown using the Toast class. And I want to tell you about the last commented line:
I commented it because it’s dangerous. As you remember, the receiver catches SMS events before the system works with it. So, the
abortBroadcast method stops the SMS dispatching to other receivers. If something is going wrong, the SMS will not be saved.
You can see the full example at the attached sources.
Read and Decrypt SMS
I want to tell you why the activity is needed. Below, the click listener for the button on the main screen is listed. In the following code, all SMS that are placed in Inbox are read and then the sender information and SMS text are put into the list:
The SMS text is obtained from the list, decrypted and then shown.
SmsReceiver.PASSWORD can be changed in any way. The list item listener is as follows:
- Android Developer reference
- Jesse Burns. Developing Secure Mobile Applications for Android.