Logo
blank Skip to main content

How to Develop an Application to Send and Receive SMS on Android

MDM

Despite the popularity of social media networks and messengers, texting is still the most common way to communicate via smartphones. According to the 2020 State of Texting report by Zipwhip, 77% of people use their texting app more frequently than other messengers.

But default applications for receiving SMS messages in Android arenโ€™t always comfortable, so users start looking for third-party apps. Additionally, non-messenger Android applications may still need SMS handling functionality (for example to confirm SMS authentication codes). In this article, we share our experience in SMS application development with adding handlers. In particular, we describe how to create an SMS app for Android through these steps:

  • Making your application the default SMS handler
  • Developing an Android SMS receiver
  • Encrypting and decrypt SMS messages
  • Adding texts to the SMS table in a device database

This text will be useful for developers who need to develop an application to send and receive SMS or to add a new handling functionality to their app .

Developing an Android App for receiving SMS messages

Itโ€™s important to make your application the default for handling SMS messages because only such app can record data to the SMS database. Your app should request permission to become the default SMS app before requesting any other permissions. This is also a requirement of the Google Play Store: if an app requests SMS, MMS, or CALL LOG permissions and isnโ€™t a default SMS or Contact app, it will be rejected by Google.

In order to become the default messaging app, your app needs to:

  • Register a receiver to handle incoming SMS messages
  • Register a receiver to handle incoming MMS messages
  • Create an activity that allows users to send new SMS or MMS messages in the Android application
  • Create a service that sends out quick response messages

In our example, weโ€™ll focus on how to receive SMS and send new SMS and MMS messages on Android. All of this functionality must be implemented in order to make our app the default handler. We will create an SMS app with Android Studio.

We can use this code to ask a user to make our app the default for receiving SMS messages on Android:

Java
val setSmsAppIntent = Intent(Telephony.Sms.Intents.ACTION_CHANGE_DEFAULT)
setSmsAppIntent.putExtra(Telephony.Sms.Intents.EXTRA_PACKAGE_NAME, packageName)
startActivityForResult(setSmsAppIntent, REQUEST_DEFAULT_APP)

In the code above, REQUEST_DEFAULT_APP is the request code to store the user’s choice. If the user allows the app to be the default, implementing this choice looks as follows:

Java
override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
    super.onActivityResult(requestCode, resultCode, data)
    if (requestCode != Activity.RESULT_OK){
        return
    }
    when(resultCode){
       REQUEST_DEFAULT_APP -> //user allowed the app to become default
    }
}

Now we can proceed to the app manifest file and app permissions.

Get a professional team to develop the mobile app of your dreams!

Entrust software development to Apriorit’s experienced engineers and QA specialists. Make your business benefit from a mobile app that complies with your needs and wants.

Developing the Android app manifest file

The app manifest file is a very important part of an Android application. It contains information on the appโ€™s:

  • Package name
  • Components (activities, content providers, services, broadcast receivers)
  • Required permissions
  • Required software and hardware features

Letโ€™s focus on the permissions for our application.

In Android 6, Google introduced runtime permissions. They protect the privacy of user data, tell users what information will be used by the app, and make sure users understand what an app can do with their data.

The runtime permissions system defines two permission levels:

  • Normal โ€” Permissions to access data or resources that pose little to no risk to the userโ€™s personal information (e.g. device time zone). These permissions donโ€™t require the userโ€™s approval.

Dangerous โ€” Permissions to handle a userโ€™s sensitive data (e.g. texts, messages, photos, notes, etc.). These require the userโ€™s approval.

types of android app permissions

When an application requests permission, a system dialog appears. It contains a list of the permissions the app requires and Allow and Deny buttons.

If the user denies a permission, when the app requests it the next time, the dialog box will contain a Do not ask me again checkbox.

When developing an app, you should take into account the scenario when a user denies permissions. All logic that relies on the denied permissions should not cause the app to fail.

In our example, the appโ€™s manifest file declares permissions in Android to receive SMS programmatically, as well as receive MMS messages, and receive push notifications:

XML
<uses-permission android:name="android.permission.READ_SMS" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.RECEIVE_MMS" />
<uses-permission android:name="android.permission.RECEIVE_WAP_PUSH" />

After the declaration, the app should get the following permissions:

Java
if (ContextCompat.checkSelfPermission(context, Manifest.permission.READ_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.SEND_SMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_MMS) != PackageManager.PERMISSION_GRANTED ||
    ContextCompat.checkSelfPermission(context, Manifest.permission.RECEIVE_WAP_PUSH) != PackageManager.PERMISSION_GRANTED  ) {
    ActivityCompat.requestPermissions(activity,
        arrayOf(Manifest.permission.READ_SMS,
            Manifest.permission.RECEIVE_SMS,
            Manifest.permission.SEND_SMS,
            Manifest.permission.RECEIVE_MMS,
            Manifest.permission.RECEIVE_WAP_PUSH),
        MY_PERMISSIONS_REQUEST_SMS)
}

And handle the result of its requests in this way:

Java
override fun onRequestPermissionsResult(requestCode: Int,
                                        permissions: Array<String>, grantResults: IntArray) {
    val granted = if(permission.checkPermissionGranted(requestCode, permissions, grantResults)) "permission granted" else "permission not granted"
    Toast.makeText(this,granted, Toast.LENGTH_SHORT).show()
}
  
fun checkPermissionGranted(requestCode: Int,
                               permissions: Array<String>, grantResults: IntArray): Boolean{
        when (requestCode) {
            MY_PERMISSIONS_REQUEST_SMS -> {
                // If request is cancelled, the result arrays are empty.
                return (grantResults.isNotEmpty() && grantResults[0] == PackageManager.PERMISSION_GRANTED)
            }
        }
        return false
    }
}

All of these permissions are in the same group, so theyโ€™re granted all together. If you request permissions from different permission groups, youโ€™ll need to check the grantedResults array so you donโ€™t miss any denied permissions.

To simplify the process of acquiring permissions, you can use a library like Quick Permissions.

Now itโ€™s time to start a standard activity. In our example, this is part of an application that decrypts an SMS and shows it to the user. But in a real messaging app, there should also be an activity that provides functionality to create and send new SMS and MMS messages.

The part of our Manifest.xml file that describes our main activity looks like this:

XML
<activity android:name=".MainActivity">
    <intent-filter>
        <action android:name="android.intent.action.MAIN" />
        <category android:name="android.intent.category.LAUNCHER" />
        <action android:name="android.intent.action.SEND" />
        <action android:name="android.intent.action.SENDTO" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="sms" />
        <data android:scheme="smsto" />
        <data android:scheme="mms" />
        <data android:scheme="mmsto" />
    </intent-filter>
</activity>

Now we need to create a tool to receive SMS in Android Studio, which is the SMS receiver:

XML
<receiver android:name=".SmsReceiver"
    android:permission="android.permission.BROADCAST_SMS">
    <intent-filter>
    <action android:name="android.provider.Telephony.SMS_RECEIVED" />
        <action android:name="android.provider.Telephony.SMS_DELIVER" />
    </intent-filter>
</receiver>

We also need to create an MMS receiver:

XML
<receiver android:name=".MmsReceiver"
    android:permission="android.permission.BROADCAST_WAP_PUSH">
        <intent-filter>
            <action android:name="android.provider.Telephony.WAP_PUSH_DELIVER" />
            <data android:mimeType="application/vnd.wap.mms-message" />
        </intent-filter>
</receiver>

Finally, we should add a service that allows the user to respond to texts:

XML
<service android:name=".HeadlessSmsSendService"
    android:permission="android.permission.SEND_RESPOND_VIA_MESSAGE"
    android:exported="true" >
    <intent-filter>
        <action android:name="android.intent.action.RESPOND_VIA_MESSAGE" />
        <category android:name="android.intent.category.DEFAULT" />
        <data android:scheme="sms" />
        <data android:scheme="smsto" />
        <data android:scheme="mms" />
        <data android:scheme="mmsto" />
    </intent-filter>
</service>

By this stage, our app can receive, display, and respond to texts. Letโ€™s take a look at its ViewModel file.

Related project

Building a Complex Parental Control App for Android

Discover a success story of how our client attracted a new category of users and grew their business. Read on to unveil the details of how Apriorit developed a new application for parental control on Android devices, designing everything from the appโ€™s architecture to user experience.

Project details
Building a Complex Parental Control App for Android

Editing the ViewModel

At this stage, our project contains only one Extensible Markup Language (XML) layout. Thereโ€™s one button and one list. The button is used for getting SMS messages from the system inbox; the list is used for showing messages.

Hereโ€™s the XML layout code:

XML
<androidx.constraintlayout.widget.ConstraintLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    xmlns:tools="http://schemas.android.com/tools"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    tools:context=".MainActivity">
    <Button
        android:id="@+id/UpdateList"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_margin="2dip"
        android:text="Update SMS list"
        app:layout_constraintBottom_toBottomOf="parent"
        tools:layout_editor_absoluteX="2dp" />
    <ListView
        android:id="@+id/SMSList"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_margin="2dip"
        app:layout_constraintStart_toStartOf="parent"
        app:layout_constraintTop_toTopOf="parent" />
</androidx.constraintlayout.widget.ConstraintLayout>

And hereโ€™s a screenshot of our simple user interface:

secureSMS

As you can see, this XML doesnโ€™t contain any listeners. Weโ€™ll add them later. Next, we need to introduce encryption and decryption algorithms.

Read also

Android App-Backend Communication: Ably vs Azure IoT Hub vs Firebase Cloud Messaging

Explore professional tips and insights from Apriorit on back-end communications: how they work in applications, what are the key services for developing the back end, and what are the popular use cases and limitations of each tool.

Learn more

Encrypting and decrypting SMS messages

All texts that our app receives will be encrypted. To handle them, we need to add a class that provides encryption and decryption.

In our application, encryption is done by executing the fun encrypt(data: String): String function. It encrypts a string with a key generated using the Password-Based Key Derivation Function (PBKDF2) algorithm. The returned value is an encrypted Base64 string.

Hereโ€™s what happens when we execute this function:

Java
// Encrypts string and encode in Base64
@Throws(Exception::class)
fun encrypt(data: String): String {
    val encrypted = cryptoOperation(Cipher.ENCRYPT_MODE, data.toByteArray())
    return Base64.encodeToString(encrypted, Base64.DEFAULT)
}

After that, we need to decrypt the SMS. To do that, we use the fun decrypt(encryptedData: String): String function. It decrypts the Base64 string with a PBKDF2 algorithm.

The decryption process looks like this:

Java
// Decrypts string encoded in Base64
@Throws(Exception::class)
fun decrypt(encryptedData: String): String {
    val encrypted = Base64.decode( encryptedData, Base64.DEFAULT )
    val decrypted = cryptoOperation(Cipher.DECRYPT_MODE, encrypted)
    return String(decrypted)
}

To encrypt and decrypt the given ByteArray, we can use the fun cryptoOperation(cipherMode: Int, data: ByteArray): ByteArray function. We can execute it using the following code:

Java
private fun cryptoOperation(cipherMode: Int, data: ByteArray): ByteArray{
    val secretKey = generateKey()
    val secretKeySpec = SecretKeySpec(secretKey, CIPHER_ALGORITHM)
    val cipher = Cipher.getInstance(CIPHER_ALGORITHM)
    cipher.init(cipherMode, secretKeySpec)
    return  cipher.doFinal(data)
}

Encryption algorithms such as AES, Rivestโ€“Shamirโ€“Adleman, MD5, etc. require a secret key in the form of a ByteArray. We can generate a secret key that uses salt with the fun generateKey(): ByteArray function. Hereโ€™s an example of how to generate a key:

Java
private fun generateKey(): ByteArray{
    val factory = SecretKeyFactory.getInstance(ALGORITHM)
    val ks = PBEKeySpec(PASSWORD.toCharArray(), SALT, 1024, RANDOM_KEY_SIZE)
    val secretKey = factory.generateSecret(ks)
    return secretKey.encoded
}

After executing these functions, our app can encrypt and decrypt texts. Now we can add an SMS handler.

Related project

Developing a Custom MDM Solution with Enhanced Data Security

With Aprioritโ€™s help, our client delivered a mobile management solution for Android tablets with remote control for each device and a powerful admin panel. Explore the full text to find out how this project helped the client maintain a high level of security and offer their services to new users.

Project details
Developing a Custom MDM Solution with Enhanced Data Security

Handling received SMS messages

The main class that receives SMS messages is SmsReceiver. It extends the BroadcastReceiver class. Any child class of BroadcastReceiver must contain the onReceive method, which receives Context and Intent parameters.

The BroadcastReceiver class is well-described in the official documentation, which is why we wonโ€™t focus on its properties.

When we get an event upon receiving a text, we need to go to the onReceive method. First, letโ€™s confirm that all of the received content is valid:

Java
if(context == null || intent == null || intent.action == null){
    return
}

The next step is to check that weโ€™ve received the SMS data by checking the action value:

Java
if (intent.action != (Telephony.Sms.Intents.SMS_RECEIVED_ACTION)) {
        return
    }

Now weโ€™re ready to receive the SMS content with the val smsMessages = Telephony.Sms.Intents.getMessagesFromIntent(intent) method. It will provide us an array of smsMessages. Hereโ€™s an example:

Java
override fun onReceive(context: Context?, intent: Intent?) {
    // Get SMS map from Intent
    if(context == null || intent == null || intent.action == null){
        return
    }
    if (intent.action != (Telephony.Sms.Intents.SMS_RECEIVED_ACTION)) {
        return
    }
    val contentResolver = context.contentResolver
    val smsMessages = Telephony.Sms.Intents.getMessagesFromIntent(intent)
    for (message in smsMessages) {
        Toast.makeText(context, "Message from ${message.displayOriginatingAddress} : body ${message.messageBody}", Toast.LENGTH_SHORT)
            .show()
        putSmsToDatabase( contentResolver, message)
    }
}

When the SMS list gets into Intent, then the SMS should be parsed. For this purpose, we call the getMessagesFromIntent method from the Telephony.Sms.Intents class.

Then SmsReceiver gets the SMS and can do anything with it. In our example, SMS messages are encrypted and recorded in the SMS table of the device database. We need to do this to allow the default Android SMS viewer to view encrypted SMS messages.

When our app receives an SMS, itโ€™s displayed using the Toast class.

Reading and decrypting SMS messages

After weโ€™ve created encryption procedures, itโ€™s time to add functionality on Android to read SMS programmatically and decrypt them. Letโ€™s list the click listener for the button on the main screen. All texts from the inbox are read, and then the sender information and SMS text are put into the list using this code:

Java
private fun click(){
    val contentResolver = contentResolver ?: return
    val cursor = contentResolver.query( Uri.parse( "content://sms/inbox" ), null, null, null, null)
        ?: return
    val indexBody = cursor.getColumnIndex( SmsReceiver.BODY );
    val indexAddr = cursor.getColumnIndex( SmsReceiver.ADDRESS );
    if ( indexBody < 0 || !cursor.moveToFirst() ) return
    smsList.clear()
    do {
        val str = "Sender: " + cursor.getString( indexAddr ) + "\n" + cursor.getString( indexBody )
        smsList.add( str )
    } while( cursor.moveToNext() )
    smsListView = findViewById(R.id.SMSList)
    smsListView.adapter =
        ArrayAdapter<String>( this, android.R.layout.simple_list_item_1, smsList)
    smsListView.setOnItemClickListener { parent, view, position, id ->  clickItem(position)}
}

The SMS is obtained from the list, decrypted, and then displayed to the user. The item listener list is as follows:

Java
private fun clickItem(pos: Int){
    try {
        val splitted = smsList.get( pos ).split("\n")
        val sender = splitted[0]
        var encryptedData = ""
        for(i in 1 until splitted.size){
            encryptedData += splitted[i]
        }
        val data = sender + "\n" + StringEncryptor.decrypt(encryptedData)
        Toast.makeText( this, data, Toast.LENGTH_SHORT ).show()
    }
    catch (e: Exception) {
        e.printStackTrace();
    }
}

After that, our application is ready to handle SMS messages!

Conclusion

An application for handling text messages is a must on any device. Lots of users arenโ€™t satisfied with their default SMS app and are looking for a more comfortable solution. But there are several tricks to consider when you develop an application to send and receive SMS in Android. It has to:

  • be the default application for SMS messages
  • ask for all necessary permissions (and not crash it a user denies them)
  • receive, display, and allow the user to respond to texts
  • be secure
  • add received texts to the deviceโ€™s SMS database

In this article, weโ€™ve shown you how to develop an SMS application for Android with this functionality. SMS application development is only the tip of the iceberg in terms of our experience in mobile app development. If you have a complex Android-related project, challenge us with it!

Plan on delivering a security-focused mobile application?

Get yourself a development team with cybersecurity expertise and understanding of popular mobile platforms to build the solution that will meet all your expectations.

Have a question?

Ask our expert!

Tell us about
your project

...And our team will:

  • Process your request within 1-2 business days.
  • Get back to you with an offer based on your project's scope and requirements.
  • Set a call to discuss your future project in detail and finalize the offer.
  • Sign a contract with you to start working on your project.

Do not have any specific task for us in mind but our skills seem interesting? Get a quick Apriorit intro to better understand our team capabilities.