secure-sms-proxy
secure-sms-proxy copied to clipboard
frimtec
:closed_lock_with_key: Secure way to support send and receive SMS for android applications on single phone number base.
Secure SMS Proxy (S2MSP)
App language translations maintained with the great localization platform Lokalise.
As Google strongly restricts the use of SMS permissions for applications in the Play-Store, S2MSP provides an API for third party applications to send and receive SMS to specific phone numbers via a secure SMS proxy.
S2MSP acts like a local firewall for SMS communication.
Each application that wants to send/receive SMS to a phone number can register itself on S2MSP. S2MSP asks the user for permission, whether the requesting application is allowed to send/receive SMS from and to the requested phone numbers or not.
In the main view of S2MSP all applications with their allowed phone numbers are listed.
With the trash icon, the allowed permission for an application can be revoked again.
All SMS exchanged with third party applications are strongly encrypted.
S2SMP itself requires SMS permissions (SEND_SMS and RECEIVE_SMS) from the Android system and will request these permissions upon startup. S2MSP does not need any other permissions. This ensures the integrity and security of S2MSP.
S2MSP supports the exchange of SMS for the following type of phone numbers:
| Type | Supported operation |
|---|---|
| Numeric national | SEND, RECEIVE |
| Numeric international | SEND, RECEIVE |
| Alphanumeric short code | RECEIVE only |
Installation
S2MSP cannot be offered on Google-Play as Google does only allow applications using SMS permissions in very rare cases (see Use of SMS or Call Log permission groups).
Install from IzzyOnDroid
The easiest way to install S2MSP and keep it up-to-date is to install it from IzzyOnDroid.
Install pre build APK
You can download the APK file from the GitHub release page. To install the APK you need to allow installation from unknown source.
Self build
Build S2MSP on your own and then install the APK via ADB to your android phone.
Integrating applications with S2MSP
S2MSP provides an easy API to integrate applications. The API supports the registration process, sending and receiving SMS, as well as querying if specific phone numbers are already granted for the application.
Adding the library to your project
The API is provided as an AAR (Android Archive) file and is available on Maven Central. You can add the following dependency to your application project:
dependencies {
implementation 'com.github.frimtec:secure-sms-proxy-api:3.2.6@aar'
implementation 'com.vdurmont:semver4j:3.1.0'
}
Define required permissions
In your applications Android-Manifest add the following queries:
<manifest package="your.application.package"
xmlns:android="http://schemas.android.com/apk/res/android">
...
<queries>
<package android:name="com.github.frimtec.android.securesmsproxy" />
</queries>
...
Register your application with S2MSP to communicate via SMS for some defined phone numbers
In you activity do the following:
package your.application.package;
...
public class YourActivity extends AppCompatActivity {
...
private static final int YOUR_REQUEST_CODE = ...;
private SecureSmsProxyFacade s2msp;
@Override
public void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
s2msp = SecureSmsProxyFacade.instance(this.getContext());
...
}
anyMethod() {
Set<String> phoneNumbers = ...;
s2msp.register(this, YOUR_REQUEST_CODE, phoneNumbers, YourSmsListener.class);
}
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == YOUR_REQUEST_CODE) {
RegistrationResult result = s2msp.getRegistrationResult(resultCode, data);
result.getSecret().ifPresent(secret -> {/* store the secret permanently for later SMS communication */});
if (result.getReturnCode().isSuccess()) {
Toast.makeText(this, "Registration OK.", Toast.LENGTH_LONG).show();
...
} else {
Toast.makeText(this, "Registration FAILED: " + result.getReturnCode().name(), Toast.LENGTH_LONG).show();
...
}
}
...
}
...
Receiving SMS in your registered SMS listener
The SMS listener registered in the previous step should look like this:
package your.application.package;
public class YourSmsListener extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
if ("your.application.package.SMS_RECEIVED".equals(intent.getAction())) {
List<Sms> receivedSms = getSmsFromIntent(context, intent);
for (Sms sms : receivedSms) {
...
}
}
}
private static List<Sms> getSmsFromIntent(Context context, Intent intent) {
SecureSmsProxyFacade s2msp = SecureSmsProxyFacade.instance(context);
String secret = ...; // secret from your registration
return s2msp.extractReceivedSms(intent, secret);
}
...
Sending an SMS
A SMS can be send with the following code:
void sendSms(Context context, String phoneNumber, String smsText) {
SecureSmsProxyFacade s2msp = SecureSmsProxyFacade.instance(context);
String secret = ...; // secret from your registration
s2msp.sendSms(new Sms(phoneNumber, smsText), secret);
}
Check if you application is allowed to send/receive SMS with specific phone numbers
You can check if you application is allowed to communicate to a given set of phone numbers:
SecureSmsProxyFacade s2msp = SecureSmsProxyFacade.instance(context);
Set<String> phoneNumbers = ...; // phone numbers to check
boolean allowed = s2msp.isAllowed(phoneNumbers);
Supported languages
Currently the following languages are supported in S2MSP:
- English
- German
- French
- Italian
Translation support for any additional language is warmly welcome - just get in contact with me. S2MSP is using Lokalise to maintain language translations.
Open-Source and free
S2MSP is Open-Source and available under Apache-2.0 licence. If you find S2MSP useful and use it on a regular basis for your on-call duties, a voluntary donation is warmly welcome.
Disclaimer
The use of S2MSP is at your own risk. The author assumes no liability for malfunctions of the application. Any warranty claims are excluded.
Development
S2MSP is developed with Android-Studio with Java 17. The current Android target SDK is 34 (Android 14-UpsideDownCake) and the minimal SDK is 24 (Android 7.0-Nougat).
Used libraries
Feedback
Feedback, bug reports or feature requests are very welcome. You can send an email to [email protected] or open an issue on GitHub.
frimtec