java – Read USSD Android code message


Using the API on Android is it possible to communicate via USSD?

Is it possible otherwise?

If yes, how can I get the response message in Java when entering a USSD code?


This link talks about it in general:

Where is the security breach?

To run a USSD code, you must enter it into your phone's keypad and press “Call”. What Borgaonkar found is that this code runs automatically in the background, without the user noticing that the action is taking place.

For this, he used a resource that belongs to the standard repertoire of smartphones: the link between the browser and the phone application (the dialer). That is: If I type a phone number in the browser, it will directly open the phone application with the number and we just need to click on “Call” for the process to run. For that, you need some HTML code:

<a href="tel:xyz">Clique aqui para ligar diretamente</a>

Now we can seamlessly replace phone number " xyz " with USSD code like *2767*3855# , easily. Using our example it would look like this:

<a href="tel:*2767*3855#">Clique aqui para ligar diretamente</a>

The above command assumes, however, that the user has clicked on a link, so the phone app starts. Borgaonkar has embedded this command in a frame, which looks like the structure below:

<frameset><frame src=“tel:*2767*3855#" /></frameset>

If this structure is placed on a website, any phone that accesses this page will immediately call this number without further security investigation. That's not the problem though, because when I go to a malicious-type website with my smartphone, the phone app opens, but I explicitly have to tap "Call" for something to happen and take action.

The security flaw is that some smartphones do not require certain user interactions. Instead, the call is immediately executed in the background. And if this background call hides a corresponding shortcut to a USSD code, that's where the problem lies. In Borgaonkar's demo this means that the Galaxy S2 can visit a malicious website and immediately begin the factory reset without the user knowing what is happening.


Scroll to Top