Hisab Expert detects UPI payments without ever reading your SMS. Here is exactly how Android's NotificationListenerService works and why it is the right approach for privacy.
By the Hisab Expert Team
Older bookkeeping apps requested the READ_SMS permission to detect UPI payments. This grants complete access to every SMS on your phone - personal messages, OTPs, bank alerts, and anything else. It is an enormous privacy risk that most users do not realise they are accepting.
Google Play now restricts READ_SMS to a small list of approved use cases (such as default SMS apps). General-purpose apps cannot use it. This is the right call - no bookkeeping app should need access to your personal messages.
Every major UPI app sends a push notification to your device the moment a payment is received. These notifications contain the payment amount, the sender's name or UPI ID, and a transaction reference number (UTR).
Android has a system called NotificationListenerService that allows apps to read notifications from other apps, but only if the user explicitly grants permission through a dedicated settings screen. This is entirely separate from SMS access.
When you grant notification access to Hisab Expert, the app's background service receives notification data from all installed apps. Hisab Expert immediately filters this - it only processes notifications from known UPI app package names (using known UPI app package names). All other notifications are ignored entirely.
For matching UPI notifications, a regex pattern extracts the payment amount. The transaction is then created automatically in Hisab Expert. The raw notification text is never stored - only the extracted amount and the source app name.
To enable UPI auto-detection: open your phone's Settings → Notification Access and toggle on Hisab Expert. This is the only permission required for this feature.
This permission is entirely separate from your contacts, SMS, or call logs. It covers notification content only - and Hisab Expert only reads UPI payment notifications, nothing else. You can revoke it at any time from the same settings screen.
The notification-based approach works simultaneously across all UPI apps. If you switch from one UPI app to another, there is nothing to reconfigure. New UPI apps are added to the detection list with a simple app update.
It is also more reliable than SMS parsing. UPI payment notifications are structured and consistent. SMS messages vary widely between banks and telecom providers, leading to missed or incorrectly parsed transactions. Notification-based detection has a near-zero miss rate on supported apps.
Offline-first accounting with UPI auto-detection, voice entry, and customer credit - no SMS access required.
Continue Reading
Making the switch from paper to digital feels risky when your whole business depends on accuracy. Here is how to do it without a single day of confusion.
Read article →EngineeringInternet connectivity in India is improving but still unreliable in many areas. Here is why every byte of your business data lives on your device first, and what that means for you.
Read article →TutorialThe Ledger feature replaces your paper credit khata. This guide walks you through adding customers, recording deliveries, and tracking payments in under 10 minutes.
Read article →