There is an application that should intercept sms and check if the sms came from one of the service numbers, then process this sms by our application (sms should not get into the list of incoming messages on the device and the new sms notification should not pop up; data from SMS and process them - no problem with that), if not from the service number - then send the standard SMS application on the device for processing (Messsages, Hangouts, etc.).

To accomplish this task, it is necessary that our application be the first to intercept incoming SMS, and for this, apparently, it should stand as the default application for SMS (correct if correct).

But, if our application will be the default for SMS, then let's say if our Receiver intercepted the incoming message, but determined that it came not from the service number, this message will be processed in a standard SMS application (Messsages, Hangouts, and .d.) with standard behavior (pop-up notification of a new SMS, etc.)?

Bottom line: our application needs to be able to intercept and process incoming messages only from certain phone numbers, and from all other numbers, so that sms are processed by applications that are designed specifically for these tasks (Messsages, Hangouts, etc.).

This functionality should work with the version of android 2.3 ending with the latest.

  • one
    Judging by the description, this is exactly the functionality that Trojans need to steal money from bank accounts imperceptibly to the user. Therefore, if in the old versions of the android something similar could have been done, then in the new versions such opportunities should be reliably blocked. - Yaant
  • @Yaant is not present, in this case it is an SMS from the service numbers for the application, for verifying the user's number, various kinds of confirmations of actions in the application, sending statuses / notifications, for example, if the user currently does not have internet, etc. it's just that even at least due to the fact that SMS will come often - the option for the user to collect garbage in incoming SMS or the user opens SMS every time and manually enter confirmation codes is not the best way out. just if you judge it like this, you can turn almost any functionality from good into harm)) - ragmon

1 answer 1

To accomplish this task, it is necessary that our application be the first to intercept incoming SMS, and for this, apparently, it should stand as the default application for SMS (correct if correct).

You are mistaken, only the default application has access to the sms database for recording, and anyone can intercept - this is not a problem.

Look at the sources of the custom receiver.

In the receiver, you need to recognize the number and if your number is, then just call abortBroadcast() , and if the number is not yours, then skip it further along the chain of receivers, so that it gets to the stock handler, which writes it to the database and all that.

A manifesto like this:

 <!-- SMS receiver --> <receiver android:name=".SmsReceiver" android:enabled="true" android:exported="true" android:permission="android.permission.BROADCAST_SMS" > <intent-filter android:priority="2147483647" > <!-- 999 is highest system priority, so it's hack 2147483647 --> <action android:name="android.provider.Telephony.SMS_RECEIVED" /> <!-- pre kitkat action --> <action android:name="android.provider.Telephony.SMS_DELIVER" /> <!-- kitkat action --> </intent-filter> </receiver>
  • abortBroadcast() - does not work for SMS from version 4.4 Kitkat (API 19). Those. Starting from version 4.4 and higher, can you not break the SMS interception circuit by listeners of other applications? - ragmon
  • But it turns out that since Kitkat opened a vulnerability. After all, with such success there can be some kind of trojan that will have permissions to listen on incoming SMS and, accordingly, access to confidential data from SMS, which should get only into the necessary application and no other. And if in the case with versions <4.4 there, the default application with the highest priority could at least break the chain of listeners. That in versions> = 4.4, I understand it with the interception of sms by applications that do not need to know what is contained in sms - it will not work out anymore? - ragmon