Use an explicit mode of operation, as "AES" defaults to insecure ECB mode

[overheadhunter]

Currently you encrypt messages using Cipher cipher = Cipher.getInstance(MessageEncryptionFactory.ENCRYPTION_ALGORITHM); with MessageEncryptionFactory.ENCRYPTION_ALGORITHM = "AES";

AES however defaults to ECB mode, which is not secure when we're talking about messages longer than 128 bit. E.g. "hiWorld!hiWorld!" would result in a regular pattern.

If you don't want to send an IV inside message (due to 160 char restriction), use a hard coded one. This way attackers could see that two SMS are the same, but at least are unable to identify patterns.