Your texts, on every device you own.
Sync incoming SMS from your Android to your laptop dashboard, email, Telegram, another phone, or your own webhook. Automate what happens to each message with rules you set.
How it works
SMS in. Rules apply. Synced everywhere.
SMS arrives
An SMS hits your phone — through Android's standard broadcast, no default-app takeover required.
Rules decide
Your rules (sender / keyword / SIM / schedule) match it and shape the text via template placeholders.
Synced everywhere
The message lands at every destination you picked — webhook, email, Telegram, another phone, dashboard.
Why Smshawk
Built honest, built reliable
Sync, don't replace
Smshawk runs alongside your normal Messages app — never the default SMS handler.
Rules you control
Match by sender, keyword, regex, SIM slot, or time-of-day. Fan out to multiple destinations.
Encrypted by default
SQLCipher on-device, hardware-backed secrets, HMAC-signed webhooks, TLS in transit.
Reliable delivery
Exponential backoff retries with dead-letter alerts so a critical OTP isn't silently lost.
Destinations
Five places your SMS can land
You control every destination. Nothing is sent anywhere you didn't configure.
Your own webhook
HTTPS POST as JSON to a URL you own — HMAC-signed with your secret so your server can verify it.
Delivered through Smshawk's relay so your phone never holds email provider keys.
Telegram
Pushed to your chat through Smshawk's Telegram relay — set it up once, hands-off after.
Another phone (SMS)
Forward as a normal SMS from your own SIM — keep a secondary number in sync with your main.
Web dashboard
Messages appear on your laptop in real time. View stats, search logs, send outbound SMS.
What's inside
Automation that actually fits how SMS work
Sender, keyword & regex filters
Pin down exactly which texts forward. Exact match, wildcard, or full regex — your call.
Dual-SIM aware
Match by SIM slot so a gateway SIM and your personal SIM can route to different destinations.
Time-of-day schedules
Quiet hours, business hours, or weekends-only — every rule has its own active window.
Templates with placeholders
Shape the outgoing text with {from}, {body}, {time}, {sim}, {rule}. Same SMS, perfect-fit format for each destination.
Outbound SMS from the dashboard
Trigger a send from your laptop — the dashboard pushes a command to the phone, which dispatches the SMS from your SIM.
Statistics that actually help
Forwards over time, top senders, per-SIM split, time-range filters. See what's actually flowing through.
Searchable activity logs
Every sync attempt with status, full-message expand, search, day-wise filter, and pagination.
Dead-letter alerts
If retries run out, you hear about it — no silent failures on a critical OTP or alert.
HMAC-signed webhooks
Every webhook payload is signed with your shared secret so your server can verify authenticity.
Built for builders
Signed JSON, straight to your endpoint
Pipe matching SMS into Zapier, n8n, or your own API. Every payload carries an HMAC-SHA256 signature so your server can verify it came from your device — not someone replaying a request.
X-Smshawk-Signature: t=1718450000,
v1=8f2c…d3a1
{
"from": "+8801XXXXXXXXX",
"body": "Your OTP is 481923",
"sim": 1,
"rule": "bank-otp",
"ts": "2026-06-14T09:13:20Z"
}Bodies don't sit on our servers.
Smshawk transmits the full message text and sender number off the device — to the destinations you configure. Message bodies are not retained on Smshawk servers after delivery. No ad SDKs, no analytics on message content, no selling data, ever. The in-app disclosure spells it out before you ever grant SMS access.
Encrypted at rest
SQLCipher database + Google Tink AEAD for device secrets, hardware-backed where available.
Per-device auth
Each phone authenticates to the backend with its own token — no shared secrets in the app.
E2E rule sync
Opt-in cloud rule sync uses XChaCha20-Poly1305 + Argon2id; backend only sees ciphertext.
Questions
The honest answers
No. Smshawk only syncs SMS that arrive on the device it's installed on, configured by the device owner. It is not stalkerware. Before reading any SMS, the app shows an in-app disclosure and asks for explicit consent. Declining means no SMS permission is requested at all.
No. You keep using your normal Messages app. Smshawk reads incoming SMS via Android's standard broadcast permission. There is an optional MMS-sync mode (off by default, user-initiated) that does require the default-handler role, because Android only delivers MMS to the default app — but you have to turn that on yourself.
No. Message bodies are not retained on Smshawk's servers after delivery. They transit through the relay only for the destinations that need it (your configured email/Telegram). For your own webhook or another phone, the body goes straight to the destination you chose. We do keep a short-lived source hash for de-duplication, and delivery status / metadata for about 30 days.
Yes — at multiple layers. The on-device database is encrypted with SQLCipher, device secrets use hardware-backed key storage (Google Tink AEAD), and webhook payloads are HMAC-signed. If you enable cloud rule sync, your forwarding rules are encrypted on-device with XChaCha20-Poly1305 + Argon2id before upload — the backend only sees ciphertext. All transport is TLS.
Yes. Smshawk restarts on boot and stays resilient against aggressive OEM battery managers — with an optional, user-granted battery-optimization exemption for setups where reliability matters most.
Android 8.0 (API 26) and above. Built for and tested against current Android up to API 36.
Android · v1.0.0 · By Shakvaro
Stop missing OTPs because your phone is across the room.
Smshawk launches soon on Google Play. Reach out and we'll let you know.