Despite the popularity of social media networks and messengers, texting is still the most common way to communicate via smartphones. According to the 2020 State of Texting report by Zipwhip, 77% of people use their texting app more frequently than other messengers. 

But default SMS applications aren’t always comfortable for receiving SMS on Android, so users start looking for third-party apps. Additionally, non-messenger Android applications may still need SMS handling functionality (for example to confirm SMS authentication codes). In this article, we share our experience in developing SMS (and other service) handlers. In particular, we describe how to:

  • Make your application the default SMS handler
  • Develop an Android SMS receiver
  • Encrypt and decrypt SMS messages
  • Add texts to the SMS table in a device database

This text will be useful for developers who need to add SMS handling functionality to their app or create a new SMS messaging app.


Making an app the default SMS handler

Developing the Android app manifest file

Editing the ViewModel

Encrypting and decrypting SMS messages

Handling received SMS messages

Reading and decrypting SMS messages


Making an app the default SMS handler

It’s important to make your application the default for handling SMS messages because only such app can record data to the SMS database. Your app should request permission to become the default SMS app before requesting any other permissions. This is also a requirement of the Google Play Store: if an app requests SMS, MMS, or CALL LOG permissions and isn’t a default SMS or Contact app, it will be rejected by Google.

In order to become the default messaging app, your app needs to:

  • Register a receiver to handle incoming SMS messages
  • Register a receiver to handle incoming MMS messages
  • Create an activity that allows users to send new SMS or MMS messages in the Android application
  • Create a service that sends out quick response messages

In our example, we’ll focus on how to receive SMS and send new SMS and MMS messages on Android. All of this functionality must be implemented in order to make our app the default handler.

We can use this code to ask a user to make our app the default for receiving SMS messages on Android:

val setSmsAppIntent = Intent(Telephony.Sms.Intents.ACTION_CHANGE_DEFAULT)
setSmsAppIntent.putExtra(Telephony.Sms.Intents.EXTRA_PACKAGE_NAME, packageName)
startActivityForResult(setSmsAppIntent, REQUEST_DEFAULT_APP)

In the code above, REQUEST_DEFAULT_APP is the request code to store the user's choice. If the user allows the app to be the default, implementing this choice looks as follows:

override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
    super.onActivityResult(requestCode, resultCode, data)
    if (requestCode != Activity.RESULT_OK){
        REQUEST_DEFAULT_APP -> //user allowed the app to become default

Now we can proceed to the app manifest file and app permissions.

Related services

Custom Mobile App Development Services

Developing the Android app manifest file

The app manifest file is a very important part of an Android application. It contains information on the app’s:

  • Package name 
  • Components (activities, content providers, services, broadcast receivers)
  • Required permissions
  • Required software and hardware features

Let’s focus on the permissions for our application.

In Android 6, Google introduced runtime permissions. They protect the privacy of user data, tell users what information will be used by the app, and make sure users understand what an app can do with their data. 

The runtime permissions system defines two permission levels: 

  • Normal — Permissions to access data or resources that pose little to no risk to the user’s personal information (e.g. device time zone). These permissions don’t require the user’s approval.

Dangerous — Permissions to handle a user’s sensitive data (e.g. texts, messages, photos, notes, etc.). These require the user’s approval.

Types of Android permissions

When an application requests permission, a system dialog appears. It contains a list of the permissions the app requires and Allow and Deny buttons. 

If the user denies a permission, when the app requests it the next time, the dialog box will contain a Do not ask me again checkbox. 

When developing an app, you should take into account the scenario when a user denies permissions. All logic that relies on the denied permissions should not cause the app to fail.

In our example, the app’s manifest file declares permissions to read, send, and get all SMS in Android programmatically, as well as receive MMS messages, and receive push notifications:

<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.RECEIVE_MMS" />
<uses-permission android:name="android.permission.RECEIVE_WAP_PUSH" />

After the declaration, the app should get the following permissions:

if (ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_MMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_WAP_PUSH) != PackageManager.PERMISSION_GRANTED  ) {

And handle the result of its requests in this way:

override fun onRequestPermissionsResult(requestCode: Int,
                                        permissions: Array<String>, grantResults: IntArray) {
    val granted = if(permission.checkPermissionGranted(requestCode, permissions, grantResults)) "permission granted" else "permission not granted"
    Toast.makeText(this,granted, Toast.LENGTH_SHORT).show()
fun checkPermissionGranted(requestCode: Int,
                               permissions: Array<String>, grantResults: IntArray): Boolean{
        when (requestCode) {
                // If request is cancelled, the result arrays are empty.
                return (grantResults.isNotEmpty() && grantResults[0] == PackageManager.PERMISSION_GRANTED)
        return false

All of these permissions are in the same group, so they’re granted all together. If you request permissions from different permission groups, you’ll need to check the grantedResults array so you don’t miss any denied permissions.

To simplify the process of acquiring permissions, you can use a library like Quick Permissions.

Read also:
Information Security of Mobile Applications

Now it’s time to start a standard activity. In our example, this is part of an application that decrypts an SMS and shows it to the user. But in a real messaging app, there should also be an activity that provides functionality to create and send new SMS and MMS messages.

The part of our Manifest.xml file that describes our main activity looks like this:

<activity android:name=".MainActivity">
        <action android:name="android.intent.action.MAIN" />
        <category android:name="android.intent.category.LAUNCHER" />
        <action android:name="android.intent.action.SEND" />
        <action android:name="android.intent.action.SENDTO" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="sms" />
        <data android:scheme="smsto" />
        <data android:scheme="mms" />
        <data android:scheme="mmsto" />

Now we need to create an SMS receiver:

<receiver android:name=".SmsReceiver"
    <action android:name="android.provider.Telephony.SMS_RECEIVED" />
        <action android:name="android.provider.Telephony.SMS_DELIVER" />

We also need to create an MMS receiver:

<receiver android:name=".MmsReceiver"
            <action android:name="android.provider.Telephony.WAP_PUSH_DELIVER" />
            <data android:mimeType="application/vnd.wap.mms-message" />

Finally, we should add a service that allows the user to respond to texts:

<service android:name=".HeadlessSmsSendService"
    android:exported="true" >
        <action android:name="android.intent.action.RESPOND_VIA_MESSAGE" />
        <category android:name="android.intent.category.DEFAULT" />
        <data android:scheme="sms" />
        <data android:scheme="smsto" />
        <data android:scheme="mms" />
        <data android:scheme="mmsto" />

By this stage, our app can receive, display, and respond to texts. Let’s take a look at its ViewModel file.

Related services

Mobile Device and Application Management

Editing the ViewModel

At this stage, our project contains only one Extensible Markup Language (XML) layout. There’s one button and one list. The button is used for getting SMS messages from the system inbox; the list is used for showing messages.

Here’s the XML layout code:

<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
        android:text="Update SMS list"
        tools:layout_editor_absoluteX="2dp" />
        app:layout_constraintTop_toTopOf="parent" />

And here’s a screenshot of our simple user interface:

Our UI

As you can see, this XML doesn’t contain any listeners. We’ll add them later. Next, we need to introduce encryption and decryption algorithms.

Encrypting and decrypting SMS messages

All texts that our app receives will be encrypted. To handle them, we need to add a class that provides encryption and decryption.

In our application, encryption is done by executing the fun encrypt(data: String): String function. It encrypts a string with a key generated using the Password-Based Key Derivation Function (PBKDF2) algorithm. The returned value is an encrypted Base64 string.

Here’s what happens when we execute this function:

// Encrypts string and encode in Base64
fun encrypt(data: String): String {
    val encrypted = cryptoOperation(Cipher.ENCRYPT_MODE, data.toByteArray())
    return Base64.encodeToString(encrypted, Base64.DEFAULT)

After that, we need to decrypt the SMS. To do that, we use the fun decrypt(encryptedData: String): String function. It decrypts the Base64 string with a PBKDF2 algorithm.

The decryption process looks like this:

// Decrypts string encoded in Base64
fun decrypt(encryptedData: String): String {
    val encrypted = Base64.decode( encryptedData, Base64.DEFAULT )
    val decrypted = cryptoOperation(Cipher.DECRYPT_MODE, encrypted)
    return String(decrypted)

To encrypt and decrypt the given ByteArray, we can use the fun cryptoOperation(cipherMode: Int, data: ByteArray): ByteArray function. We can execute it using the following code:

private fun cryptoOperation(cipherMode: Int, data: ByteArray): ByteArray{
    val secretKey = generateKey()
    val secretKeySpec = SecretKeySpec(secretKey, CIPHER_ALGORITHM)
    val cipher = Cipher.getInstance(CIPHER_ALGORITHM)
    cipher.init(cipherMode, secretKeySpec)
    return  cipher.doFinal(data)

Encryption algorithms such as AES, Rivest–Shamir–Adleman, MD5, etc. require a secret key in the form of a ByteArray. We can generate a secret key that uses salt with the fun generateKey(): ByteArray function. Here’s an example of how to generate a key:

private fun generateKey(): ByteArray{
    val factory = SecretKeyFactory.getInstance(ALGORITHM)
    val ks = PBEKeySpec(PASSWORD.toCharArray(), SALT, 1024, RANDOM_KEY_SIZE)
    val secretKey = factory.generateSecret(ks)
    return secretKey.encoded

After executing these functions, our app can encrypt and decrypt texts. Now we can add an SMS handler.

Read also:
Top 7 Methods of Data Encryption in Android Applications

Handling received SMS messages

The main class that receives SMS messages is SmsReceiver. It extends the BroadcastReceiver class. Any child class of BroadcastReceiver must contain the onReceive method, which receives Context and Intent parameters. 

The BroadcastReceiver class is well-described in the official documentation, which is why we won’t focus on its properties.

When we get an event upon receiving a text, we need to go to the onReceive method. First, let’s confirm that all of the received content is valid:

    if(context == null || intent == null || intent.action == null){

The next step is to check that we’ve received the SMS data by checking the action value:

if (intent.action != (Telephony.Sms.Intents.SMS_RECEIVED_ACTION)) {

Now we’re ready to receive the SMS content with the val smsMessages = Telephony.Sms.Intents.getMessagesFromIntent(intent) method. It will provide us an array of smsMessages. Here’s an example:

override fun onReceive(context: Context?, intent: Intent?) {
    // Get SMS map from Intent
    if(context == null || intent == null || intent.action == null){
    if (intent.action != (Telephony.Sms.Intents.SMS_RECEIVED_ACTION)) {
    val contentResolver = context.contentResolver
    val smsMessages = Telephony.Sms.Intents.getMessagesFromIntent(intent)
    for (message in smsMessages) {
        Toast.makeText(context, "Message from ${message.displayOriginatingAddress} : body ${message.messageBody}", Toast.LENGTH_SHORT)
        putSmsToDatabase( contentResolver, message)

When the SMS list gets into Intent, then the SMS should be parsed. For this purpose, we call the getMessagesFromIntent method from the Telephony.Sms.Intents class.

Then SmsReceiver gets the SMS and can do anything with it. In our example, SMS messages are encrypted and recorded in the SMS table of the device database. We need to do this to allow the default Android SMS viewer to view encrypted SMS messages.

When our app receives an SMS, it’s displayed using the Toast class.

Read also:
How to Build a Mobile Device Management System

Reading and decrypting SMS messages

After we’ve created encryption procedures, it’s time to add functionality for reading and decrypting SMS messages. Let’s list the click listener for the button on the main screen. All texts from the inbox are read, and then the sender information and SMS text are put into the list using this code:

private fun click(){
    val contentResolver = contentResolver ?: return
    val cursor = contentResolver.query( Uri.parse( "content://sms/inbox" ), null, null, null, null)
        ?: return
    val indexBody = cursor.getColumnIndex( SmsReceiver.BODY );
    val indexAddr = cursor.getColumnIndex( SmsReceiver.ADDRESS );
    if ( indexBody < 0 || !cursor.moveToFirst() ) return
    do {
        val str = "Sender: " + cursor.getString( indexAddr ) + "\n" + cursor.getString( indexBody )
        smsList.add( str )
    } while( cursor.moveToNext() )
    smsListView = findViewById(R.id.SMSList)
    smsListView.adapter =
        ArrayAdapter<String>( this, android.R.layout.simple_list_item_1, smsList)
    smsListView.setOnItemClickListener { parent, view, position, id ->  clickItem(position)}

The SMS is obtained from the list, decrypted, and then displayed to the user. The item listener list is as follows:

private fun clickItem(pos: Int){
    try {
        val splitted = smsList.get( pos ).split("\n")
        val sender = splitted[0]
        var encryptedData = ""
        for(i in 1 until splitted.size){
            encryptedData += splitted[i]
        val data = sender + "\n" + StringEncryptor.decrypt(encryptedData)
        Toast.makeText( this, data, Toast.LENGTH_SHORT ).show()
    catch (e: Exception) {

After that, our application is ready to handle SMS messages!


An application for handling text messages is must on any device. Lots of users aren’t satisfied with their default SMS app and are looking for a more comfortable solution. But there are several tricks to making an SMS app in Android Studio. It has to:

  • be the default application for SMS messages
  • ask for all necessary permissions (and not crash it a user denies them)
  • receive, display, and allow the user to respond to texts
  • be secure
  • add received texts to the device’s SMS database

In this article, we’ve shown you how to build an Android app with this functionality. Creating such applications is only the tip of the iceberg in terms of our experience in mobile app development. If you have a complex Android-related project, challenge us with it!


Let's talk

4000 chars left
Attach a file
By clicking Send you give consent to processing your data

Book an Exploratory Call

Do not have any specific task for us in mind but our skills seem interesting? Get a quick Apriorit intro to better understand our team capabilities.

Book time slot

Contact Us

P: +1 202-780-9339
E: [email protected]

8 The Green, Suite #7106, Dover, DE 19901
United States

D-U-N-S number: 117063762