Used by scammers

[debosmit-git]

My uncle was scammed by asking to install this app. OTPs were stolen to do transactions.

Please add a scammer protection message for warning as bare minimum.

[EnixCoda]

Was your uncle told to install this app to redirect his messages to the scammer's phone? I'm sorry to hear that! Didn't expect this app would be used in that way.

I've removed the released APK and will release a new version with message during the weekend.

[debosmit-git]

Yes the app package name was modified as a courier app name and they asked to install it to receive some prepaid courier.

On installation and giving permissions, they were able to receive OTPs for some financial services allowing them to withdraw money.

I can think of two ways to prevent this while keeping the functionality:

1) A bold warning just before giving SMS permission, or an explicit one before allowing the Service SMS option.

2) Make the service SMS feature as a paid/donate Add-On for releases limited with device ID. This will prevent scammers from distributing it, even if they buy/donate for one apk.

I do understand the second one is a bit more complicated.

[EnixCoda]

Yes the app package name was modified as a courier app name and they asked to install it to receive some prepaid couriers.

That means the scammer can modify the source code and generate their own APK file. And users, like your uncle, did not download the APK from the releases page of this project.

If the scammer is capable of that. Adding messages in my project may not contribute much help, as that could be removed by the scammer easily. Anyway, I'll add the message to contribute what I am capable of.

[EnixCoda]

New APK has been released