Posted by Joshua Wright on Dec 03

I put together a Drozer module to leverage this flaw:

https://github.com/joswr1ght/drozer-modules/blob/master/whfs/smsdraftsend.py

Note that this flaw can be used for SMS premium message (short code) delivery, but does not bypass the Android 4.2 and
later verification dialog box prior to delivery. Normal SMS message delivery works fine without the SEND_SMS privilege.

-Josh