Testing SMS Short Codes - mobile

I've got an application that sits behind a US based SMS Short Code. I can test my application from the point of ingress into our systems to the point of egress and am confident about the functionality within those boundaries.
What I want to be able to do is extend the test to include the SMS Aggregator that is handling our short code. I want a service provider that will allow me to send and SMS via an API to a short code. We're working with 2 different SMS aggregators (a Tier1 and a Tier3) and both api's only allow SMS messages to be sent to long codes (10 digit numbers). I've also tried Tiwlio's SMS API, but they also do not allow SMS messages to be sent to a short code.
Can anyone recommend a service, hardware device, or other solution that would allow us to message a short code so that we can automate testing and monitoring of our short code based applications?
Thanks,
Kyle

This is probably disallowed by the aggregators due to difficulty in determining what short codes incur premium charges for MT messages.
Given that you can send to a shortcode from any GSM modem/handset with a valid SIM, why not interface with one of those and use the AT command set to send your test messages?

Related

How to do rate control from Google Cloud Platform?

How should I go about controlling the rate of my Google Cloud Platform code calling
an third party API?
Specifically, I need to send out SMS text messages over many different phone numbers
via Twilio. And Twilio requires us to send a) no more than 3 messages/second per phone numbers, b) no more than 25 messages/second across all numbers.
I explored several approaches for my code, but they all come down to one point: how do I reliably control the number of parallel executions of those code on the platform.
Thanks!
Combining number of messages/second per phone and number of message/second globally is not possible.
Else, you can use Cloud Task. Queue all your messages on Cloud Task, and set a rate limit to call a Cloud Functions that call Twilio API. You can put that limit to 25 per second for the global value
For the error that you will get with the same phone number, you can configure retry policies.

Mobile app client-server operations, pusher or just code it?

I'm starting an app, and am facing a big doubt.
Relevant info on the app:
Users can chat (p2p, or via server)
Users queue before chatting (i.e omegle, chatroulette, wakie, etc)
Basically, these is the client-server operations of the app. I was
searching for ways to implement this, to not reinvent the wheel, and
so i found Pusher and Quickblox.
Pusher: This is where i have doubts. I need one server to send events to clients, another server to listen to client events via webhook, and yet another server to handle authentication. Though i suppose everything can be on the same server, havent tried this.
Quickblox: to use for chatting, looks good enough, no doubts here for now.
Minus chatting, the only network operation is the queueing, which should be very simple, thus i am left wondering if this is the proper course.
Since these decisions have a major impact on the project (i shiver at the thought of having to rollback), I thought i would ask for some opinions here.
This is my opinion about pusher since I only know pusher.
I'm in the midst of writing my app using pusher now for 1 to 1 chat. (And you can have everything on the same server. )
Implementation is easy, including client events, authentication etc and we do not need to bother about maintaining the infrastructure.
The problem I've encountered over the course of my project is cost. For just sending of messages between 2 person, every time you send a message you are using up 2 message credits minimum(one to the channel, one to subscriber). This is fine, but if you want to create feature like read status, delivery status, and 'user is typing' status, the number of messages adds up very quickly if you have to use 2 message credit for every of such simple client event.
Hence if you have cost consideration like I do, what I did was to use pusher for more critical feature like sending messages in a 1-1 chat and checking whether user are online. On the other side I am planning to use Slanger or other similar pusher self hosted solutions to implement other features like delivery status, read status, and 'user typing' status which I feel are good to have but not as mission critical as sending/receiving the messages itself.
I've read a lot on pusher.com and their pricing is quite reasonable comparing to building and managing the architecture myself, and their service is reliable so far. So it depends on how mission critical is your app.

GAE two way communication with client (Channel API alternative for Java / iOS clients, or perhaps XMPP)? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'd like to implement two way communication between a cross platform mobile client (Android, PC - written in Java and iOS written in Objective-C) and my Google AppEngine (Java) server. It should:
Allow each side to initiate the communication (after the client connects).
Have relatively short latency (polling every X seconds is problematic, and to my understanding, since it's on AppEngine, long polling an http request is not an option).
Support messages that are at most few KB of text, and usually much smaller.
I have considered using the Channel API with some reverse engineered Java client, but this seems like taking a chance (since it isn't officially supported). Also, I'm not even sure there is a solution for Objective-C, and I prefer not to dive in and implement it myself.
I then considered using XMPP. However, I'm not sure how this is possible without having my users enter a Jabber account, which I cannot (the communication is in the background). Is there a way to create a temporary user for my client?
C2DM doesn't seem like a good option either. It's not cross platform, it seems very focused on "notification" and not communication, and makes no guarantees on the success of message transfer.
Or perhaps there is a completely different approach I haven't thought of? This type of communication is relatively new to me.
Thanks!
EDIT:
Since I'm looking for background communication, a new option came to mind: A single XMPP user, with resources as client identifiers. Meaning, I'll create a single XMPP user for my app once (something like: "AppBackgroundUser#domain.com"), and have the clients connect with their own unique ID as a resource ("AppBackgroundUser#domain.com/UNIQUEID"). Are there any drawbacks or severe security flaws to this method?
Two options I can think of:
You could embed an HTML page in your Java app and use the Channel API for its anonymous endpoints. Then signal out to your app when you get a message. This won't be subject to vagaries of changes in the Channel API's implementation.
You're correct that you need an XMPP account of some sort if you want to use the XMPP API. You could consider running a very simple XMPP server on AWS or elsewhere and connecting your clients to that; then you can send messages from your App Engine app to addresses on your own server. ejabberd seems to be the service of choice.
XMPP seems like your best bet, but you need to configure your server to allow anonymous clients to get around your registration issue.
I am not sure what you mean by either side initiating communication though. XMPP will require the client to initiate by connecting to the server, but after that it can receive messages unprompted. Of course, if the intent is for the server to send unprompted messages to a client, how do you know what client without some sort of client identity (which means some form of registration)?

How to programmatically send text message notifications without knowing provider?

Many banks, airlines, etc. offer the possibility to receive text message notifications by entering your mobile number. Some other sites have you enter your mobile number and wireless carrier and send messages to your free per-provider email-to-mobile number. But some people definitely do it without asking for the provider. How is this accomplished? Are there commercial services that provide this functionality?
(if this doesn't belong on SO, feel free to migrate to another SE site)
Edit: I'm primarily concerned with mobile numbers in the US, but interested in answers for other countries as well.
Yep, providers of this service are called SMS gateways, good ones should be able to set you up with an API for bi-directional use
There are a few different ways this can happen. If you have access to cellular hardware, like Multitech's MTC-H5 cellular modem or their rCell 100 cellular gateway, you're sending SMS just like a cell phone does, so this bypasses the need to know the carrier of the phone number. If the program you're using can't directly access the hardware, you could try to use a program like ours, PageGate, to receiving alerting notifications from that program to interface with the hardware to deliver the SMS.
There are also message aggregators, companies who provide a web API that allows you to send SMS. You submit the phone number with message to their API, they handle the delivery. Examples of these companies would be Infobip and Clickatell or if you're looking for something for medical markets, you could try TigerText, or for emergency management, you could try Active911 or I Am Responding.

Mobile programming: how secure is SMS

I am currently developing a web service that is configured to receive SMS text messages from different cell phones. Along with each message I also get the mobile number from which the SMS originated.
My question is it possible for someone to masquerade as a different phone number. That is it possible to send a SMS from phone (or other means) and make it look as if it came from a particular number?
I have read of SMS spoofing where it is possible to receive SMS intended for other numbers but I want to know if it is possible to send posing as someone else (send from phone or a web app etc).
Spoofing is pretty trivial with the right setup. For example, we send large numbers of SMS using a 3rd-party aggregator service, and each SMS has an "originator" field, which can be a phone number (specifically, a MSISDN), or a text value. We could, if we wanted, put anyone's number in there.
SMS is extremely insecure. It was designed as a back-channel for GSM engineers to test their networks, and turned out to be a nice revenue spinner, so they just left it as it is.
That's not to say you shouldn't send sensitive information over SMS, just be aware of the insecurity, and trust (or don't trust) messages accordingly. No channel is 100% secure, you need to decide if it's secure enough for what you want to send over it.
As I can send via GMX Webinterface - with my Phone number as Sender, I conclude that it is indeed possible.

Resources