My android app uses GCM to send or receive text messages. At first, when a user install my app, it uses the GCM api to get a GCM_id from Google. After getting this long GCM id, app sends this id to my web server to say that this client is registered with that id.
My question is that about this step. Since firstly app gets the GCM id and sends it to my web server, I think, someone can listen the requests of the app and sends dummy GCM_ids for this client (or any other clients if guess my client id format). How can I secure this step to prevent unwanted interrupts and attacks.
While creating gcm_id, if google would send this id to my server also before sending it to client, it would be a solution to my problem. But google sends it to client only directly.
ps: Using ssl is not a solution I think. Because it can also be opened by programs like fiddler .
Related
I have my own app server which communicate with FCM server. And I have Android/iOS mobile apps working well.
I want to set a third party program using Java which send a message to FCM server repeatedly so I can keep tracking my own app server is working fine.
I tried to find a solution but official website mention about upstream message only with Android/iOS app.
Is it possible to send a upstream message to FCM server using Java?
(Or any other good idea to monitor the server? I faced the server sometimes goes down for some reason without notice it :( )
There is currently no way to send upstream messaging other than what is shown in the docs -- currently available for Android and iOS.
Even if you are able to send an upstream message, it wouldn't make sense. The flow of upstream messaging is:
Client App > FCM Server > App Server
So the result/response that you would get when sending a message, should it succeed/fail, will point out the communication between the FCM server and the Client App, not with the App Server.
I'm writing an Android chat application right now using Openfire as the xmpp server. The problem is that if I use the Xmpp server for push notification, it is fine for when user is online but it has some issues when user is offline. So is there a way to configure Openfire to let GCM to host the push notification? Is the re such thing as a GCM plugin for Openfire?
We have build an application with almost similar conditions like yours. However, for sending push to offline users we send it through server side.
In your implementation while sending message you can check if the user is offline then you can hit your server api to send push. (Also you can implement the GCM on client side too only you have to know its deviceToken or the GCM id)
XMPP manages the offline messages. So you need to handle only the pushnotification part and need not worry about saving the message.
I have tried registering for GCM from Android and it works fine.
Is there any way I can register for GCM from server side using the gcm-server API?
The mechanic behind GCM message receiving is there is a process running in the background waiting for those messages sent from GCM server before passing to the specific app registered. In the other words, you need a platform to make GCM works or it has no way to receive a GCM message.
So the answer is no. You cannot register your server with GCM since there is no mechanic to send those message back to your server. So far there are only three platforms that support GCM: Android, iOS and Chrome.
I am developing an application in android (Twilio Android Client) using Twilio, which consumes the Rest API.
I can successfully send the SMS using the rest API. However, when someone replies to SMS/MMS, the server will get that message because Twilio will hit that URL.
But on the other hand, I don't understand how to update the client device when we receive an SMS/MMS using Twilio.
Is there any way to update or send the message (SMS/MMS) to the client device when a server receives an incoming message(SMS/MMS)?
You can configure a URL for SMS/MMS in your twilio number. Now, when the user replies to this number, this script in this URL will be executed. In this script, write code to forward SMS/MMS to your android device's phone number.
If you want to handle replies solely via your app, (ie, not by conventional SMS and MMS) then store reply SMS and MMS in server. Then write an API in server to get these messages. Now write code in android to periodically query this API and retrieve these messages.
I am looking for some guidelines as to how to secure requests from android client to server
How can i prevent un autenthic (users which initiate requests not from the android app) requests to be accepted and processed by the server?
Waybe generate token at user registration and use it somehow at each call?
My server is a lite instance and performance is top issue in the implementation of the server client communication.
Appreciate any help!
You could use Google Cloud Messaging as a via medium to make sure messages that reach your server are from the app, without getting too involved in details. Check the documentation here:
https://developer.android.com/google/gcm/index.html
Or else, as you said, create a unique id on registration and send it back to the client. Store it at both client and server. Now with each request from the client, add an extra field in the request and send the id also. Check this id serverside and make sure it is valid (this check could eventually become heavy on time).