Building a fully featured burner phone with Kotlin

You walk into your favourite coffee shop and today they ask you if you’d like to register for a loyalty card. All they need is your name and phone number.

On the way back you stop for groceries and the cashier asks if you’d like to enter a prize draw. All they need is your name and phone number.

It’s finally time to put that lawn mower you’ve not used in years on Craigslist but at the end of the ad, it asks you to enter your phone number so buyers can contact you directly.

messages.gif

You need a burner phone!

Let’s look at how we can use Kotlin and Twilio to build and deploy a burner phone application so that we can use multiple phone numbers for these situations. If you just want to download the code you can have a look at this repo or deploy it to Heroku using the button below.

Our tools

  • I will be using IntelliJ IDEA for the code but feel free to use your preferred IDE as long as it works well with Gradle.
  • One or multiple Twilio Phone numbers for creating various burner phones. You can get them here.

The project

Let’s start by creating a new Gradle project in IntelliJ and adding Kotlin (Java) as the library.

I have described the entire process on the first part of Send and Receive SMS messages with Kotlin. You can follow it here. Alternatively you can just clone the repository as follows.

With that project open on IntelliJ, start by right clicking on App.kt and choosing “Run”.

Screen Shot 2017-07-11 at 13.06.18.png

In your browser go to http://localhost:8080/sms/ and you will see the default controller displayed.

Let’s change one configuration in App.kt so the application knows where to forward the SMS messages and calls to. Inside the main function add the following:

I have my telephone number set as an environment variable on my computer. My colleague Dominik wrote a nice article explaining how to set environment variables on Mac, Windows and Linux.

Once you have the “MY_NUMBER” variable set correctly for your environment with your own telephone number we’re ready to start building the application.

Forwarding SMS messages

We still want to get every SMS message sent to our burner phones, but we want them redirected to our own number. The beauty of doing this is that if we ever get tired of being spammed from a certain number, we can just discard that number on the Twilio console and be done with it.

Open SMSController.kt and create a new mapping called forwardSMS just below the one that is already there.

This new mapping will tell Twilio to forward any inbound SMS to our own number. It will forward the message so we still know whose number originally sent it.

It is useful to know who sent the message so you can respond if you need or just as easily add a condition to the top of the mapping to block any messages from that specific sender.

Restart the application and test it out by sending a POST request to it with cURL for example:

And the result should be the TwiML that will tell Twilio to forward the message.

Before we configure our Twilio numbers let’s add call forwarding to our application.

Forwarding Calls

To forward calls we will use the same principle as above but will have it in a different controller to keep things neat. If you cloned the starter application you should already have that controller.

Create a new Kotlin controler called CallController.kt alongside SMSController.kt if you don’t already have one.

In that controller add the highlighted code or just copy everything if you still have an empty controller.

Just like before, we are adding information about the caller for when the call is forwarded. So when you get a call to this Twilio number you hear a message that tells you the number that is calling.

You can also test that this is working correctly by making a POST request to it and checking that the TwiML returned looks right.

Before we configure our Twilio numbers to use the application we need to deploy it somewhere. Let’s look at how to do this with Heroku.

Deploying your Kotlin application to Heroku

If you haven’t yet create an account on Heroku. Once you have an account and installed the heroku toolbelt, go to your terminal and login from there.

Still in terminal create a new Heroku application.

If you haven’t created this application from scratch but cloned the starter-application repository, you will now need to merge it into master as follows:

You can skip the step above if you created the project from scratch, just make sure you in  master and we’re ready to push this to Heroku.

This will take a few seconds and when it’s complete you should see a message that looks like this on your terminal.

Copy this URL as we will use it later on to configure our Twilio numbers.

Just like in our local environment we need to set a phone number as an environment variable for this deployment. You can do this by running the following on your terminal:

Make sure you use your own telephone number as the value for MY_NUMBER. Now we’re ready to configure our burner numbers.

Creating burner numbers

The beauty of this application is that because we’re not hard-coding anything in the application itself, it can be used for as many Twilio numbers as we want. In our case we could have one number for loyalty cards, one for prize draws and one for selling things on the internet.

Head to the Twilio console and get as many numbers as you like, then configure and save them all as follows:

configure-number.png
Make sure you change the application URL to match what you copied earlier when you deployed your application to Heroku.

Give those numbers away instead of your own number now and just wait for all the messages and calls to start coming in.

spam.gif

Burn it!

giphy.gif

Having burner phones that can just be created and disposed of when they’re no longer needed has never been so easy.

I personally have each one of my burner numbers added to my contacts so they display nicely when I get a call or text message and I know roughly what to expect.

A nice addition to this application would be to add a way of blocking senders before messages or calls are forwarded to us, or adding a voicemail system for certain numbers to make sure we never miss any calls.

I would love to see what new features you add to it. Hit me up on twitter @marcos_placona or send me an email on marcos@twilio.com to tell me more about it.

  • Chris Nielsen

    I didn’t have time to read the entire post but I will return later and go over all the details. The one thing that struck me was what a WASTE it is to use and discard phone numbers as described. At some point when you get a new phone number, it will already get tons of spam from other people using it. :-(

    A better option might be to set up the number so that if you get a call you don’t want, you can hit a key and it will block any future calls from that number. You get to keep using the same number and block any junk that calls. This makes it easy for you to stop getting unwanted calls and should result in the number being removed from lists as they realize they can’t reach anyone.

    Of course, companies should adopt standards like we have with legit email that allows a user to take a simple action and “unsubscribe”. But I won’t hold my breath waiting for that common sense approach.

    • I agree. I just got a SIM for my tablet – have never given out the number – and I get about 10 texts a week – 100% noise. I can’t figure out how to disable texting.

      • Megan Speir

        Hi Chris & Dave,

        Twilio runs a rigorous screening process on every local and toll-free number in our inventory. This ensures that you don’t get unwanted spam calls and every phone number works as you expect.

        You can also text ‘STOP’ to numbers at any time and report abuse as we do take it seriously. https://www.twilio.com/help/abuse

        • Chris Nielsen

          Megan, You can’t ensure a user won’t get spam to a number. If you really feel that is true, I would like to get more information. But I don’t think you are being realistic about the massive phone spam/scam issue. :-) BTW, I like Twilio and am a shareholder.

    • Arvind Raj

      Self promotion alert: If you can do without texting … Buzzie (https://www.buzzie.me) should solve your problem no?

      Imagine this was a Craigslist ad. I’d say call me with this URL Chris … https://www.buzzie.me/c/rJhCv9irb

      • Chris Nielsen

        Calling with a URL is an interesting idea. I don’t want to have to use another service though. I want my phone service provider to offer what I need to manage my account. Currently, the phone companies provide more protection to telemarketers and scammers than they do for their own customers. I think that needs to change.

        • Arvind Raj

          Agreed, Im open to be acquired by Verizon :)

          By the way, they use the URL to call, you receive the call on your existing phone number. When you are done with selling your stuff on Craigslist, you delete the URL.

  • Arvind Raj

    I built Buzzie to solve the Craigslist use case. Checkout https://www.buzzie.me.
    Instead of phone-numbers you ask them to call you via a URL.

  • Gandhawk

    Save time. I use a google phone number for all of these type of situations..

    • Arvind Raj

      How do you make you callers forget your google phone number?

      • Gandhawk

        The gmail account is not linked to my other email accounts. So I do not care if the number is called again. I use this gmail account phone number for people I will never want to call me but I would like to get the voice message(which is also transcribed in the voicemail email). if you want to you can also change my gmail number anytime you want.

        • Chris Nielsen

          Google voice is a good option as you describe. It has the added benefit of being able to get text messages forwarded to you via email.

          What I want is to be able to hit a key when I get a spam/scam call, and have that number blocked. And I want the provider to block numbers from ALL callers once it can be confirmed that almost no one wants them. In the same way I should be able to “whitelist” numbers and maybe get optional reports on what numbers were blocked from contacting me. In other words, I was total control and a smart provider that can help me without getting in the way. :-)

          • Tim Asp

            The Pixel phones have this feature – easily the best, “hidden” feature of the phone. I wish they’d add it to the default phone app on android and get rid of the robo-calling scum.

            https://support.google.com/pixelphone/answer/3459196?hl=en

          • If you use the Google Voice app, you can report spam from the app, iirc. I wish they’d re-integrate hangouts again, so sick of them stripping every feature I loved out of hangouts.

        • Arvind Raj

          Thanks for the explanation @gandhawk:disqus. Google phone does give you texting, and voice mail. Would you feel confident in posting your number (Google or other ..) on a public forum like this?

  • xxdesmus

    The “Deploy to Heroku” button is literally just an image, unless I am missing something obvious.

  • I followed the entire tutorial and got it working. But, when I have someone (say Bob) call my Twilio number, the call gets forwarded to my real phone and the caller Id displays “Bob’s #” & not “Twilio’s #”. Strangely, when I end the call, Bob gets a response “You have a call from + Bob’s #”.

  • IMO the “burner phone” component of the title is click bait in that it advertises the anonymity properties of burner phones but doesn’t deliver them. AFAIK you can’t attach any number to a Twilio account without first registering a real number with the service and verifying it with an SMS. This means that while you can create and dispose numbers on the fly with the api there is no more anonymity with this approach as with using your sim card number directly – it’s just proxied anonymity (which as we know by the VPN analogy, isn’t anonymity at all). If law enforcement want to know the person behind recycled Twilio numbers, they can easily trace you back to your real non-burner phone attached to your Twilio account.. or by various other means.

    You could have simply titled this “Building a fully featured API-driven phone with Kotlin” or something else perhaps less lame-sounding, but instead the “burner phone” title sounds disingenuous to me.

  • Jerry Goyal

    lol… you can just install truecaller and block spammers :D