Following is a description of how I managed to get GoSMS Pro working with the Avast Anti-Theft module without the password being exposed in standard user-readable SMS messages.
The problem is that GoSMS (and also HandCent SMS) install themselves with a very high priority and can therefore hinder other apps (mainly security apps) from getting to the messages first – this can work one of two wbhays: either the app blocks the SMS in which case Avast never receives the message OR the app forwards the message on, Avast receives the message but by then the user (potentially a thief or receiver of a stolen phone) also then sees the message, including the Avast PIN code which they can then use to disable Avast.
Priority and the reasoning for the above is described below; this content has been taken from Avast and AndroidLost forums – all credit goes to them:
From Avast:
Priority is a number with a pretty big range (around 2^31 = more than 2 billion). Apps are ordered by their priority (what happens when the priority is the same is not determined IMHO, some say the first one installed gets the message, but I tested it and couldn't confirm this) and the one with highest priority gets the message first. The app then has around 5s to handle the message (the time is given by the system). What an app can do is to pass the message to the next one with highest priority or to block the message. And that is exactly how AAT (Avast Anti-Theft) works: it looks at the message, identifies whether it is meant for AAT and if so, blocks it. If not, it passes the message to the app with the next-highest priority unchanged. Now what some messaging apps do is they receive a message and block it. In that case AAT doesn't receive the command at all. Some receive it and pass it further, in that case AAT receives the command, but the message is visible in the messaging application that got the message first.
From AndroidLost:
From androids point of view all applications are equal. But the apps themselves can set a priority and say how important they are. And by default the incoming messages are sent to all apps, but any app can stop the message from moving on to lower priority apps. The way I see it we can split the importance into three groups: 1. security apps (androidlost, virusscanner, etc) 2. apps that modifies the messages and passes them on to others 3. normal display apps Let me explain: 1. Security apps should obviously have the highest priority since they should read the messages first and have the option to stop the messages from arriving to other apps. 2. I have never seen such an app but assume that you want a timestamp written inside each SMS you can have an app do this. This app should have a medium priority since they should get the message before the display app. 3. The display apps should have a low priority. In this group we have the normal message display and custom display apps like Go SMS Pro. It is quite OK that Go SMS Pro stops the SMS from moving on to the normal display app. But they really should use a reasonable SMS priority. I have not found any recommendations but I would say a number between 0 and 10.000 would be reasonable. I have chosen 300.000 as priority since I think my app is rather important but there may be other there has a higher priority. Go SMS Pro has chosen a priority of 2.147.483.647 since they think they have the ultimate app in the universe. That is the highest number you can set. So basically what I am trying to say is that Go SMS Pro does not code nicely. The only thing I can do is to recommend you to write them and ask them to use a _reasonable_ SMS priority.
A user’s solution to the issue:
Hey guys I found the answer on the Where's My Droid's website : Go SMS - Open Go SMS, hit 'Menu' and click 'Settings', click on 'Receive Settings', then uncheck the 'Disable other message notifications. Then open the built in SMS app, hit 'Menu' then click settings, there is a setting called 'Notifications' uncheck that. Handcent SMS - Open Hancent, Hit 'Menu' and select Settings, Click Application settings, then Default Messaging Application, Set this to 'Disable'. Then open the built in SMS app, hit 'Menu' then click settings, there is a setting called 'Notifications' uncheck that.
My solution, with screenshots for GoSMS:
Make sure you have the following settings set in GoSMS Pro:
Them, on testing, you should see the following. You should never ever ever see your pin code displayed in an SMS:
Hope this helps someone!