alt Hacker NewsCodes arrive via SMS, which is available to all apps with the READ_SMS permission. This isn't an OS vuln. It is a property of the fact that SMS messages are delivered to a phone number and not an app.
On the Play store there is a bunch of annoying checking for apps that request READ_SMS to prevent this very thing. Off Play such defense is impossible.
Replies
Retr0id • yesterday at 8:40 PM
If they restricted sideloaded apps from sniffing SMS then I wouldn't mind all that much.
➕ show 2 replies
Only require Developer Registration for apps with READ_SMS then.