In modern mobile platforms, message-based communication is afflicted by data leakage attacks, through which untrustworthy apps access the transferred message data. Existing defenses are overly restrictive, as they block all suspicious message exchanges, thus preventing any app from receiving messages. To better secure message-based communication, we present a model that strengthens security, while also allowing untrusted-but-not-malicious apps to execute their business logic. Our model, HTPD, introduces two novel mechanisms: hidden transmission and polymorphic delivery. Sensitive messages are transmitted hidden in an encrypted envelope. Their delivery is polymorphic: as determined by the destination’s trustworthiness, it can be delivered no data, raw data, or encrypted data. To allow an untrusted destination to operate on encrypted data deliveries, HTPD integrates homomorphic and convergent encryption. We concretely realize HTPD as PoliCC, a plug-in replacement of Android Inter-Component Communication (ICC) middleware. PoliCC mitigates three classic Android data leakage attacks, while allowing untrusted apps to perform useful operations on delivered messages. Our evaluation shows that PoliCC supports secure message-based communication within and across devices by trading off performance costs, programming effort overheads, and security11This article is a revised and extended version of our prior paper, published in the 17th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2021) (Liu et al., 2021).