alt Hacker News> Don't read and act on my sms messages without me asking you to!
Doesn't that just turn a 0-click exploit into a 1-click exploit? It's unlikely the user can make an informed decision to not process a potentially malicious message, without clicking on the message.
Preferably a two-click exploit. One to view the message and one (if I decide it's safe) to process it through your buggy code.
A 0-click exploit is horrendously worse than even a 1-click one. I often don't even open messages from numbers I don't recognize