Last updated: 2026-05-26
SmsForwarder (“the App”) is an Android app that runs locally on the user’s device to forward text messages, picture messages, call events, and (when the user enables it) notifications from other apps. This Privacy Policy explains what information the App accesses, processes, stores, and sends when the user configures forwarding destinations.
When the App is launched for the first time on a device, an in-app disclosure dialog is shown before any sensitive permission is requested and before any forwarding takes place. The dialog explains, in summary form, that:
The user must explicitly accept the disclosure before the App enables forwarding features. Consent is recorded per device and is not included in exported backup files, so every fresh install or device migration requires the disclosure to be accepted again. AI features additionally require a separate one-time AI consent dialog (see the AI Processing (Advanced Subscription) section).
RECEIVE_SMS / RECEIVE_MMS / RECEIVE_WAP_PUSH / SEND_SMS / READ_SMS)When SMS or MMS forwarding is enabled and the required permissions are granted, the App reads incoming messages locally on the device so it can apply the user’s forwarding rules. This may include:
Message content is processed locally and is sent only to forwarding channels configured and enabled by the user. Message content is not sent to the developer.
If the user configures an SMS delivery channel, the App uses SEND_SMS to send the forwarded content to the phone number entered by the user. The user may choose the system default SIM, a specific SIM, the SIM that received the original message, or restrict sending to when the device is offline.
READ_SMS is optional and is only relevant to the Web Access (PC Sync) feature described below. When the user grants READ_SMS, the Web Access browser session can read the full SMS inbox from the device’s system SMS provider so the user can scroll through earlier conversations on a PC. When the user does not grant READ_SMS, the Web Access browser session only sees messages that the App has already recorded through its forwarding pipeline; the system SMS provider is not read. READ_SMS is only read on the device, and only when the browser session asks for inbox data while the permission is granted — there is no background uploader. When Web Access is in local network mode, the inbox content read under READ_SMS is returned directly to the browser on the local Wi-Fi network and never leaves the LAN. When Web Access is in access from anywhere mode, the App’s response to the browser — including any inbox content read under READ_SMS — transits the developer-operated relay in real time on its way back to the browser; the relay does not log, persist, or cache that content (see the Web Access (PC Sync) section). The user can revoke READ_SMS at any time in Android system settings; the Web Access feature continues to work in its degraded, forwarded-history-only mode.
READ_PHONE_STATE / READ_PHONE_NUMBERS / READ_CALL_LOG / READ_CONTACTS)When call forwarding is enabled and the required permissions are granted, the App listens for or reads the call information needed to forward call event notifications. This may include:
The App does not upload the user’s contacts and does not send call records to the developer. Call event details are sent only to the user’s configured forwarding destinations when call forwarding is enabled.
The App can optionally forward notifications posted by other apps. This feature is off by default and requires the user to grant Android’s notification access (BIND_NOTIFICATION_LISTENER_SERVICE) and to add a rule that targets app notifications. When enabled, the App may read the source app’s identifier (package name), title, and text of incoming notifications it is allowed to see, build a forwardable summary locally, and send it only to the user’s configured destinations. The App does not send notification data to the developer. The user can revoke notification access at any time in Android system settings, which disables the feature.
READ_PHONE_STATE / READ_PHONE_NUMBERS)The App may read active SIM information to:
This information is read and processed locally. It is not sent to the developer. If the user saves a channel or rule, the App may store the selected subscription ID or SIM-slot matching configuration locally.
The App stores user-created forwarding configuration locally on the device, including:
otp and other are always present and cannot be edited.EncryptedSharedPreferences (AES-256) and is not included in the same database row. Per-rule AI capability switches are stored on the rule, as listed above.These settings are stored in the App’s local application data. Users should protect their device and backup files because channel settings may contain sensitive credentials such as Telegram Bot Tokens, email passwords or app-specific authorization codes, webhook URLs, Slack webhook URLs, Bark device keys, WhatsApp Meta access tokens, and CallMeBot API keys. The AI cloud-provider API key, the Google Drive channel and scheduled-backup OAuth refresh tokens, and the Web Access access token are, by contrast, held only in the device’s encrypted preferences and are deliberately excluded from backup files and from Android Auto Backup.
To help the user confirm whether forwarding succeeded, the App stores recent forwarding records locally. Records may include:
Forwarding records are stored only on the user’s device. The user can adjust the retention limit in the App settings, and the App automatically removes older records according to that limit. The default limit is 500 records, with a supported range from 20 to 10,000 records.
The App also maintains diagnostic logs on the device; older entries are automatically replaced as new ones are written. The user can export them as a zip file from the settings page and choose whether to share that file (for example, when reporting a problem). Diagnostic logs are not sent anywhere automatically.
When the user activates the optional AI features that come with the Advanced subscription and turns on individual AI capabilities for a forwarding rule (one-time-code extraction, tags and spam score, translation, summary), or turns on the #AI natural-language remote command on the Remote Control page, or opens the Ask AI in-app assistant (see below), the App may make AI requests to the cloud path the user has selected. AI processing is opt-in: the AI master switch, every per-rule AI capability switch, the #AI remote-control toggle, and the selected cloud path are all off by default until the user turns them on. A separate one-time AI consent dialog must be acknowledged before the master switch can be turned on, and before an Advanced subscription can be purchased.
AI processing always runs in the cloud — there is no on-device AI path. The user picks one of two cloud paths in AI settings:
smsforwarder-api.zobubo.com. The proxy relays the request, using the developer’s own paid (billed) provider API keys, to a third-party LLM service — OpenAI, Anthropic, or Google Gemini — returns the structured result to the App, and discards the message body. The paid tier matters most for Gemini: under Google’s Gemini API Additional Terms of Service, paid-tier requests are excluded from being used to improve Google products or train Google’s generative models, whereas the free tier is not. OpenAI and Anthropic apply equivalent “do not train on API data” defaults to their standard API access. The proxy itself does not log, persist, or cache the message body; only request-level metrics (such as operation, response status, and per-subscriber usage counters) are kept.generativelanguage.googleapis.com, api.anthropic.com, or api.openai.com — and include the user’s API key in each request as that provider requires. The key is held only in Android EncryptedSharedPreferences (AES-256) and is never uploaded to the developer. The provider then processes the text under its own API terms and privacy policy. Whether the call falls under that provider’s paid or free tier depends on the API key the user supplies; in particular, for Google Gemini only the paid (billed) tier excludes prompts and responses from Google’s product-improvement and model-training data, so users who select Gemini are encouraged to use a paid API key.When the sender phone number of an incoming SMS matches an entry in the user’s local contacts, the App skips AI processing for that message and forwards it without any AI fields.
The AI step’s outputs (extracted one-time code, tags, spam score, summary, and translation) are stored alongside the related forwarding history record on the device. They are subject to the same retention limit as the rest of the forwarding history. The original cloud request payload is not persisted on the device: only the parsed result is stored. AI failures never block forwarding.
The optional #AI natural-language remote command always uses the AI cloud path the user currently has selected (built-in cloud or BYOK). The original #AI SMS body and the structured command the AI rewrote it into are saved together in the local forwarding history record for the user’s audit. The rewritten command is still validated against the same allow-list as the App’s other remote commands; anything outside that list is dropped.
The optional Ask AI in-app assistant lets the user have a multi-turn conversation with the configured cloud AI provider to get help with their own configuration (e.g., debugging a rule that did not fire, drafting a forwarding template, writing a content-filter expression). Ask AI also uses the same cloud path the user has selected and is gated by the Advanced subscription. The text the user types into the chat, plus a redacted snapshot of the on-screen context (the rule, channel, or push record the user opened the chat from — with credentials, full message bodies, and phone numbers stripped before sending), is sent to the cloud provider so the assistant can reply with relevant suggestions. Ask AI conversations are stored locally in the App’s database so the user can resume earlier chats; they are not uploaded to the developer and are removed by “clear all data” or by uninstalling the App. Ask AI has its own separate daily usage allowance, tracked alongside but independently of the message-classifier allowance.
The cloud AI providers used by both AI paths above are independent third-party services that the developer does not operate. Under the BYOK path the request is made directly from the device with the user’s own API key, so the traffic is governed by that provider’s API terms and privacy policy. Under the built-in cloud AI proxy path the same providers receive the message text from the developer-operated proxy, also as API key requests, and the same provider terms apply on top of the proxy’s own handling. Users are encouraged to review each provider’s published data-handling terms before enabling AI features. The most directly relevant reference for each:
The Email channel can send mail in one of two ways, chosen per channel:
smsforwarder-api.zobubo.com. The relay then delivers the message through a third-party email delivery service (Amazon SES) from a fixed verified sending address, with no reply-to address. Built-in sending requires an active subscription (Basic or Advanced), which is verified for each request. The relay does not log, persist, or cache the email content; only request-level metrics (such as response status and per-subscriber usage counters) are kept.Email channels that were already configured with a custom SMTP account continue to use that SMTP server; the built-in default applies only to email channels created afterward. The built-in relay is operated by the developer and delivers mail through Amazon SES, an independent third-party email delivery service.
When the user creates a Google Drive delivery channel, the App opens a Google sign-in screen in a Custom Tab. The user signs in with their own Google account and grants two OAuth scopes:
https://www.googleapis.com/auth/drive.file — lets the App create and modify only the files it has created itself in the user’s Drive. The App cannot list, read, or modify other Drive files.https://www.googleapis.com/auth/userinfo.email — lets the App display the signed-in Google account email on the channel card, so the user can verify which account is connected. The email is shown only on the device.The OAuth refresh token returned by Google is stored on the device under Android EncryptedSharedPreferences (AES-256). It is not uploaded to the developer and is not included in backup files or in Android Auto Backup; the user re-authenticates the channel after a fresh install.
When a forwarding rule fires through the Google Drive channel, the App calls https://www.googleapis.com/drive/v3/ directly from the device, using the user’s refresh token, to create (on first use) or append to the user’s chosen log file inside the user’s chosen folder. The forwarded message content and timestamp are stored inside that file, in the user’s own Drive. The developer does not receive a copy. If the user has configured a proxy on the channel, requests to Google’s APIs are routed through that proxy.
The same drive.file scope is also used by the optional Scheduled Google Drive Backup feature; see the Backup, Import, and Device Migration section below. Each Google Drive channel and the scheduled-backup feature each hold their own refresh token, so disconnecting one does not affect the other.
The optional Web Access feature lets the user open a browser on a separate device and read recent SMS, send SMS through the user’s SIM card, and operate remote-control surfaces of the App from that browser. The feature has two independent modes that the user enables separately:
smsforwarder-api.zobubo.com. The browser connects to a private URL on the relay (a per-device assigned slug, generated when the user enables this mode and reset when the user disables it). The relay forwards request and response traffic between the browser and the phone in real time and does not log, persist, or cache message content; only per-subscriber metrics (such as request counts and connection state) are kept. Browser ↔ relay traffic is over HTTPS.Both modes share a single access token stored on the device. The browser must present this token to log in; the token is shown to the user in the App once when it is generated, and the user can rotate it at any time. Rotating the token signs out every active browser session immediately. In access from anywhere mode the browser’s login request, including the access token it presents, passes through the developer-operated relay on its way to the phone; the relay forwards the handshake to the phone for validation in real time and does not log, persist, or cache the access token. The token is never uploaded to the developer as a stored credential, and is not included in backup files.
When the browser is logged in, the App responds with: recent message records (filtered to what the user’s READ_SMS grant allows — if READ_SMS is not granted, only messages the App has already forwarded are returned; the user’s full inbox is not), the matching outbound SMS API for the browser’s compose box (which uses SEND_SMS on the phone and therefore consumes the user’s carrier SMS allowance), and the same remote-control snapshots that #STATUS and #PING already return. The browser cannot reach the rest of the device, the rest of the App’s data, or the user’s contacts beyond what the in-app pages already display.
If the user’s subscription lapses while either Web Access mode is enabled, the browser receives a “subscription required” response on every request until the subscription is renewed or the feature is turned off.
The user may authorize specific phone numbers to send command messages to the device. When this feature is enabled and the sender’s number matches the user’s allow list (matched in international format, for example +14155551234, with a maximum of 50 entries), the App can:
#REPLY.#CTRL.#STATUS.#PING.#HELP.#REFRESH.#AI. See the AI Processing section above for the related cloud handling. #AI cannot run any command that is not already on the allow list.Command SMS are processed locally. The number-matching list is stored locally and is not uploaded to the developer. Numbers not on the allow list are ignored. Result messages can optionally be returned to the sender by SMS, or pushed through one or more of the user’s existing delivery channels, according to the user’s preference.
The App provides local backup and import features. Exported JSON backup files include general settings, delivery channels (excluding the OAuth refresh token for Google Drive channels), forwarding rules (including their per-rule AI capability switches, translation target language, summary minimum length, and source-type toggles), the user-edited AI tag vocabulary, the remote control allow list, SIM labels, and the AI cloud-path selection (built-in cloud or BYOK, and the BYOK provider choice). Forwarding history records, Ask AI conversation history, the Web Access access token, and scheduled-backup state are not exported. The first-launch privacy disclosure consent and the one-time AI consent are not exported either, so they must be accepted again on a fresh install. The AI cloud-provider API key (BYOK path), the Google Drive forwarding channel and scheduled-backup OAuth refresh tokens, and the Web Access access token are deliberately excluded from backup files and from Android Auto Backup; they must be re-entered or re-authorized on a fresh install or a new device.
Backup files may contain sensitive information in plain text, including Telegram Bot Tokens, email passwords or app-specific authorization codes, webhook URLs, Slack webhook URLs, Bark device keys, WhatsApp Meta access tokens, and CallMeBot API keys. The user creates a backup file in one of two ways the App offers side by side: Share backup sends the file to another app through the Android share sheet, and Save to device lets the user pick a folder with the system Storage Access Framework picker. In either case, the App writes the file locally and does not upload it to the developer. Users should transfer backup files only through trusted channels and delete them when they are no longer needed.
The App also offers an optional Scheduled Google Drive backup. When the user enables it, the App authenticates against the user’s Google account with the drive.file OAuth scope (independent of any Google Drive forwarding channel — the scheduled-backup feature holds its own refresh token, stored on the device under Android EncryptedSharedPreferences). On the chosen cadence (daily, weekly, or monthly) the App generates the same backup JSON described above, uploads it directly from the device to the user’s chosen Drive folder, and prunes older backups according to the user’s chosen retention count. The backup never passes through a developer-operated server in this mode. The user can disconnect the scheduled-backup feature at any time, which deletes the stored refresh token from the device; deleting older Drive files already uploaded is done through the user’s Google Drive.
When importing a backup, the App reads the JSON file selected by the user and writes the data locally using the user’s selected import mode, such as merge or replace.
com.android.vending.BILLING)The App uses Google Play Billing for subscription features and uses Google Play to verify subscription status. Subscription purchase flows are handled by Google Play, and Google may process payment, account, device, and order information according to Google’s own policies.
The App stores subscription state locally to determine which paid features are unlocked, including:
This information is used to unlock or disable paid features. Subscription state and purchase tokens are otherwise kept on the device — except when the user actively invokes a feature that runs through the developer-operated backend at smsforwarder-api.zobubo.com (currently the built-in cloud AI proxy and the built-in email sending option). In that case, the App sends the Google Play purchase token over HTTPS to the backend’s authentication endpoint; the backend validates the token against the Google Play Developer API, issues a short-lived session token (JWT) that the App reuses for subsequent relay requests so the raw purchase token does not need to be sent every time, and persists the validated subscription state (subscription tier, expiry time, latest verification timestamp, and per-subscriber usage counters) so that the entitlement check on each request is fast and so that the state can be kept in sync with Google Play’s Real-Time Developer Notifications. The purchase token, the issued session token, and the persisted subscription state are used only for entitlement verification, abuse prevention, and per-subscriber usage accounting — they are not joined to message content, not used for advertising or cross-feature tracking, and not sold.
The App may use Google Play in-app update features to check whether a newer version is available. It may also open Google Play store listings or subscription management pages. Those pages and purchase management flows are provided by Google Play.
The App reads network state to determine whether a network connection is available, to support the “SMS only when offline” channel option, and to apply timeout and retry behavior for Telegram, SMTP, webhook, Slack, Bark, WhatsApp, AI cloud providers, Google Play, and other network requests initiated by configured features.
The App creates network requests only when the user configures, enables, or actively triggers a feature that requires them. These requests may include:
api.telegram.org.smsforwarder-api.zobubo.com, which then delivers the message through a third-party email delivery service (Amazon SES). See the Built-in Email Sending section for what the relay does and does not store.api.day.app server, or a self-hosted server).graph.facebook.com. When the user picks the CallMeBot mode, sending forwarded content together with the recipient phone number and CallMeBot API key to api.callmebot.com.https://www.googleapis.com/drive/v3/, under the drive.file OAuth scope. The OAuth sign-in itself opens accounts.google.com in a Custom Tab. See the Google Drive Channel section for the data flow.smsforwarder-api.zobubo.com, which forwards browser sessions to the phone. See the Web Access (PC Sync) section for what the relay does and does not store.generativelanguage.googleapis.com for Google Gemini, api.anthropic.com for Anthropic Claude, or api.openai.com for OpenAI. The provider’s own API key, supplied by the user, is included in the request as required by that provider, and the request is then governed by that provider’s API terms and privacy policy.When the user receives forwarded content through Telegram, email, an HTTP endpoint, Slack, Bark, WhatsApp, SMS, or any other third-party service, that third party may process the information according to its own privacy policy. The same applies to any AI cloud provider the user configures. Users should review the security and privacy practices of any destination or AI service they configure.
The App requests the following Android permissions for these purposes:
RECEIVE_SMS: Receive and read new SMS messages for SMS forwarding.RECEIVE_MMS and RECEIVE_WAP_PUSH: Receive incoming MMS for MMS forwarding.SEND_SMS: Send forwarded content (or remote control replies) by SMS to the phone number configured by the user.READ_SMS (optional): Read the device’s full SMS inbox only when serving a Web Access (PC Sync) browser session, so the browser can show earlier conversations from the system SMS provider. When this permission is not granted, the Web Access browser session falls back to showing only the messages the App has recorded itself through forwarding. There is no background uploader: READ_SMS is only read on demand when a Web Access browser session requests inbox data. In local-network Web Access mode the response stays on the LAN; in access-from-anywhere Web Access mode the response transits the developer-operated relay in real time on its way back to the browser, with the relay not logging, persisting, or caching the content. See the SMS and MMS Information section and the Web Access (PC Sync) section for the full data flow.READ_PHONE_STATE and READ_PHONE_NUMBERS: Read SIM and subscription information for SIM selection, SIM-slot matching, and forwarded-message details, and monitor call state to detect incoming and outgoing call events for call forwarding.READ_CALL_LOG: Read recent call log entries to obtain call duration, phone number, and cached contact name.READ_CONTACTS: Assist with contact name display for call events; the App does not upload contacts.INTERNET: Send forwarded content to configured network channels and access Google Play related services.ACCESS_NETWORK_STATE: Determine network availability for “SMS only when offline” behavior and request strategy.POST_NOTIFICATIONS: Show foreground service and forwarding status notifications.FOREGROUND_SERVICE, FOREGROUND_SERVICE_DATA_SYNC, and WAKE_LOCK: Keep the background forwarding service running reliably.RECEIVE_BOOT_COMPLETED: Restore the forwarding service after device restart, app update, or quick boot when the user enables related behavior.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS: Ask the user to allow the App to ignore battery optimization so background forwarding is less likely to be stopped by Android.com.android.vending.BILLING: Use Google Play subscriptions and purchases.In addition to the runtime permissions above, the App declares a notification listener service that relies on the system-level binding permission BIND_NOTIFICATION_LISTENER_SERVICE. This is not a runtime permission. Instead, the user must turn on Android’s “Notification access” (also called “Notification listener access”) special access setting for SmsForwarder before the App can read notifications posted by other apps. The App reads notifications only after this special access is granted and the user has enabled notification forwarding in the App; the user can revoke the access at any time from the same Android settings page.
Users can revoke permissions and the notification listener special access at any time in Android system settings. Features that depend on revoked permissions or revoked special access may stop working.
The App does not maintain a developer-operated server that collects SMS, MMS, call, contact, notification, or rule data. The following cases may involve sharing information outside the device:
drive.file OAuth scope. Google processes the upload under its own privacy policy.The App is designed to keep data local where possible, but its features may involve sensitive SMS, MMS, call event, notification, and channel credential data. Users should:
The App is not directed to children under 13 and does not knowingly collect personal information from children. If a parent or guardian believes that a child has provided personal information to the App or the developer, please contact the developer using the contact information below.
This Privacy Policy may be updated when the App’s features, permissions, or legal requirements change. Updates will be published on this documentation site or in app release notes.
For questions about this Privacy Policy or data handling practices, contact: