This article is useful for you if you want to develop your own SMS (or another service) handler. As a sample, I choose received SMS handler that receives SMS, encrypts them, and puts into the SMS table of  the Android system database.

  • Introduction
  • Android Manifest
  • View Model
  • Encryption/Decryption
  • Handle Received SMS
  • Read and Decrypt SMS
  • Resources


In this article,  I describe the following:

  • How to develop SMS receiver;
  • How to encrypt/decrypt data;
  • How to push custom SMS into SMS table in a device database.

Android Manifest

Manifest is a very important part of an Android application. You can find everything about the Android manifest by this link.

And now I’ll try to describe every line that is important for us.

The first are permissions . The application  must receive, write and read SMS from the database.  Permissions can be obtained as follows:

<uses-permission android:name="android.permission.WRITE_SMS" /> 
<uses-permission android:name="android.permission.READ_SMS" /> 
<uses-permission android:name="android.permission.RECEIVE_SMS" />

Now it’s time to write a standard activity starting. This is a part of an application that will show us SMS and will decrypt encrypted ones. There is nothing special:

<activity android:name=".SecureMessagesActivity" android:label="@string/app_name" >
    <action android:name="android.intent.action.MAIN" />
    <category android:name="android.intent.category.LAUNCHER" />

And now we need to catch all received SMS into our SMS receiver:

<receiver android:name=".SmsReceiver" android:exported="true" > 
  <intent-filter android:priority="1000"> 
    <action android:name="android.provider.Telephony.SMS_RECEIVED" />


android:exported indicates that  the SmsReceiver class must receive event not only from the application but also from the whole Android system.

android:priority=”999” indicates that receiver has the highest priority and will catch the SMS event before the system. Be careful with this because incorrect work of your receiver can corrupt the system or important data in your device. You can read about priority values here.

<action android:name="android.provider.Telephony.SMS_RECEIVED" /> indicates that we want to get received SMS.

View Model

The project contains only one XML layout. There is one button and one list. The button is used for getting inbox SMS from the system and the list is used for showing messages.

Here  is the XML layout code:

<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android=""
    android:orientation="vertical" android:layout_width="fill_parent"
    android:layout_height="fill_parent" android:id="@+id/MainLayout" 
    <Button android:layout_height="wrap_content"
            android:layout_width="match_parent" android:id="@+id/UpdateList"
            android:text="Update SMS list" />
    <ListView android:id="@+id/SMSList" 
            android:layout_margin="2dip" />

And the UI screenshot:


Listeners will be described later.



All incoming SMS will be encrypted. For this reason, the class, which  provides encrypting and decrypting, is added.

I use the AES algorithm and standard Android libraries. You can use this class for your own purposes.

String encrypt( String password, String data ) – encrypts string where the key will be generated using a password string. The returned value is a Base64 string that was previously encrypted.

// Encrypts string and encodes in Base64
public static String encrypt( String password, String data ) throws Exception 
    byte[] secretKey = generateKey( password.getBytes() );
      byte[] clear = data.getBytes();
      SecretKeySpec secretKeySpec = new SecretKeySpec( secretKey, CIPHER_ALGORITHM );
    Cipher cipher = Cipher.getInstance( CIPHER_ALGORITHM );
      cipher.init( Cipher.ENCRYPT_MODE, secretKeySpec );
      byte[] encrypted = cipher.doFinal( clear );
      String encryptedString = Base64.encodeToString( encrypted, Base64.DEFAULT );
    return encryptedString;

String decrypt( String password, String encryptedData ) – decrypts a Base64 string with a password string.

// Decrypts string encoded in Base64
public static String decrypt( String password, String encryptedData ) throws Exception 
    byte[] secretKey = generateKey( password.getBytes() );
    SecretKeySpec secretKeySpec = new SecretKeySpec( secretKey, CIPHER_ALGORITHM );
    Cipher cipher = Cipher.getInstance( CIPHER_ALGORITHM );
      cipher.init( Cipher.DECRYPT_MODE, secretKeySpec );
      byte[] encrypted = Base64.decode( encryptedData, Base64.DEFAULT );
      byte[] decrypted = cipher.doFinal( encrypted );
    return new String( decrypted );

byte[] generateKey( byte[] seed ) – generates a secret key using a seed (String.getBytes() in our case). A secret key is a byte array generated for the specific encryption algorithm.

public static byte[] generateKey( byte[] seed ) throws Exception
    KeyGenerator keyGenerator = KeyGenerator.getInstance( CIPHER_ALGORITHM );
    SecureRandom secureRandom = SecureRandom.getInstance( RANDOM_GENERATOR_ALGORITHM );
    secureRandom.setSeed( seed );
      keyGenerator.init( RANDOM_KEY_SIZE, secureRandom );
      SecretKey secretKey = keyGenerator.generateKey();
      return secretKey.getEncoded();

Handle Received SMS

The main class that receives the SMS is SmsReceiver. It extends BroadcastReceiver class. This is the main concept of any Android service or receiver. Any child of BroadcastReceiver must contain the onReceive method, which receives Context and Intent parameters. You can find all additional information on the Android developer documentation site.

So, we get event and go into the onReceive method. The first line is:

Bundle  extras = intent.getExtras();

The Bundle object is a simple map. It contains pairs of keys and values. SMS are placed in this bundle. The key of SMS is pdus:

public static final String SMS_EXTRA_NAME =”pdus”;
Object[] smsExtra = (Object[]) extras.get( SMS_EXTRA_NAME );

After this, the smsExtra value contains arrays of bytes. Here is a full example:

public void onReceive( Context context, Intent intent ) 
        // Get the SMS map from Intent
        Bundle extras = intent.getExtras();
        String messages = "";
        if ( extras != null )
            // Get received SMS array
            Object[] smsExtra = (Object[]) extras.get( SMS_EXTRA_NAME );
            // Get ContentResolver object for pushing encrypted SMS to the incoming folder
            ContentResolver contentResolver = context.getContentResolver();
            for ( int i = 0; i < smsExtra.length; ++i )
                SmsMessage sms = SmsMessage.createFromPdu((byte[])smsExtra[i]);
                String body = sms.getMessageBody().toString();
                String address = sms.getOriginatingAddress();
                messages += "SMS from " + address + " :\n";                    
                messages += body + "\n";
                // Here you can add any your code to work with incoming SMS
                // I added encrypting of all received SMS 
                putSmsToDatabase( contentResolver, sms );
            // Display SMS message
            Toast.makeText( context, messages, Toast.LENGTH_SHORT ).show();
        // WARNING!!! 
        // If you uncomment the next line then received SMS will not be put to incoming.
        // Be careful!
        // this.abortBroadcast(); 

So, when the SMS list gets into smsExtra, then SMS should be parsed. And the method createFromPdu from SmsMessage class should be called for this. I do not write about the methods and fields of SmsMessage class because it is documented enough.

So, SmsReceiver gets  the SMS and now can do anything with it. In the example, SMS are encrypted and put into the SMS table of the device database. I need this to allow the encrypted SMS viewing by the default Android SMS viewer.

Of course, the PDU (Protocol Description Unit) can be parsed and generated manually, but its format can be changed anytime by Google. If you are interested in researching the PDU format, you can analyze it at Android sources for CDMA phones and for GSM phones.

When SMS is got, it is shown using the Toast class. And I want to tell you about the last commented line:

//  this.abortBroadcast(); 

I commented it because it’s dangerous. As you remember, the receiver catches SMS events before the system works with it. So, the abortBroadcast method stops the SMS dispatching to other receivers.  If something is going wrong, the SMS will not be saved.

You can see the full example at the attached sources.

Read and Decrypt SMS

I want to tell you why the activity is needed. Below, the click listener for the button on the main screen is listed. In the following code, all SMS that are placed in Inbox are read and then the sender information and SMS text are put into the list:

public void onClick( View v ) 
    ContentResolver contentResolver = getContentResolver();
    Cursor cursor = contentResolver.query( Uri.parse( "content://sms/inbox" ), null, null, null, null);
    int indexBody = cursor.getColumnIndex( SmsReceiver.BODY );
    int indexAddr = cursor.getColumnIndex( SmsReceiver.ADDRESS );
    if ( indexBody < 0 || !cursor.moveToFirst() ) return;
        String str = "Sender: " + cursor.getString( indexAddr ) + "\n" + cursor.getString( indexBody );
        smsList.add( str );
    while( cursor.moveToNext() );
    ListView smsListView = (ListView) findViewById( );
    smsListView.setAdapter( new ArrayAdapter<String>( this, android.R.layout.simple_list_item_1, smsList) );
    smsListView.setOnItemClickListener( this );

The SMS text is obtained from the list, decrypted and then shown. SmsReceiver.PASSWORD can be changed in any way. The list item listener is as follows:

public void onItemClick( AdapterView<?> parent, View view, int pos, long id ) 
            String sender = smsList.get( pos ).split("\n")[0];
            String encryptedData = smsList.get( pos ).split("\n")[1];
            String data = sender + "\n" + StringCryptor.decrypt( new String(SmsReceiver.PASSWORD), encryptedData );
            Toast.makeText( this, data, Toast.LENGTH_SHORT ).show();
        catch (Exception e) 


  • Android Developer reference

  • Jesse Burns. Developing Secure Mobile Applications for Android.

Download sample (ZIP, 56KB)

Read more Android-related dev articles: Build Android app from command line


Learn more about Apriorit Mobile Development.

Subscribe to updates