Like to confirm if we can set android:exported="false" for instance id service and messaging service.
I tested by keeping android:exported="false" and notifications are working fine.
<service
android:name=".MyFirebaseMessagingService"
android:exported="false">
<intent-filter>
<action android:name="com.google.firebase.MESSAGING_EVENT"/>
</intent-filter>
</service>
<service
android:name=".MyFirebaseInstanceIDService"
android:exported="false">
<intent-filter>
<action android:name="com.google.firebase.INSTANCE_ID_EVENT"/>
</intent-filter>
</service>
The firebase-messaging library exports an unspecialized FirebaseMessagingService of its own with low priority (-500). You can see it in your merged AndroidManifest.xml. This service can handle the push messages that carry notifications, like the ones you can send through the Firebase console.
If your specialized service class isn't exported, then the system will route messages from the Google services package to this unspecialized service, and notifications will work fine.
But that means you wouldn't be able to, for example, perform other actions when receiving a message or process custom data payloads.
You should export the service to be sure it is handled by your class as specified by #guest
<service
android:name=".services.MyFirebaseMessagingService"
android:exported="true">
<intent-filter>
<action android:name="com.google.firebase.MESSAGING_EVENT" />
</intent-filter>
</service>
Related
I just enabled Notification Access permission to my app. But the Notification Listener starts Only I restart the device.How can I enable the service once my app gets installed?
You have to register a receiver in your AndroidManifest.xml.
Like below (This is an example of the GCM listener for Google Cloud Messaging)
<receiver
android:name="com.google.android.gms.gcm.GcmReceiver"
android:exported="true"
android:permission="com.google.android.c2dm.permission.SEND">
<intent-filter>
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
<action android:name="com.google.android.c2dm.intent.REGISTRATION" />
</intent-filter>
</receiver>
Let me know if you need more info. But I assume you know how this works since you seem to have implemented the
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED" />
</intent-filter>
Can you share you AndroidManifest.xml?
I had set up Firebase Cloud Messaging (FCM) in standard manner.
It works good when mobile connected to internet via WiFi
But after I switch to Mobile (Cellular) data internet, close app, close mobile then the FCM stop to work, since other similar Apps ( facebook messanger, etc. ) continue to receiving data.
Manifest:
<service
android:name=".MyFirebaseMessagingService">
<intent-filter>
<action android:name="com.google.firebase.MESSAGING_EVENT"/>
</intent-filter>
</service>
<service android:name=".MyFirebaseInstanceIDService">
<intent-filter>
<action android:name="com.google.firebase.INSTANCE_ID_EVENT" />
</intent-filter>
</service>
<meta-data
android:name="com.google.firebase.messaging.default_notification_icon"
android:resource="#drawable/ic_menu_camera" />
<meta-data
android:name="com.google.firebase.messaging.default_notification_color"
android:resource="#color/colorAccent" />
<receiver
android:name=".NetworkChangeReceiver"
android:label="NetworkChangeReceiver">
<intent-filter>
<action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
<action android:name="android.net.wifi.WIFI_STATE_CHANGED" />
</intent-filter>
</receiver>
<receiver
android:name=".NotificationDismissedReceiver"
android:exported="false" />
Other classes:
public class MyFirebaseInstanceIDService extends FirebaseInstanceIdService
public class MyFirebaseMessagingService extends FirebaseMessagingService
Same way as described in google Firebase Cloud Messaging documentations.
What happens ? what should I do ?
Thanks
I recently did a code scan on my Android source code using HPFortify service. They reported security vulnerability regarding google analytics receiver. They suggested to use the broadcaster permission to reduce the attack vector. This way you are restricting broadcaster, otherwise any malicious application can send the intent and broadcast receiver will process it.
Here is my AndroidManifest file.
<receiver
android:name="com.google.android.gms.analytics.AnalyticsReceiver"
android:enabled="true">
<intent-filter>
<action android:name="com.google.android.gms.analytics.ANALYTICS_DISPATCH"/>
</intent-filter>
</receiver>
<service
android:name="com.google.android.gms.analytics.AnalyticsService"
android:enabled="true"
android:exported="false"/>
I am trying to figure out the broadcaster permission for AnalyticsReceiver. According to HpFortify the broadcast receiver should look like similar to this:
<receiver
android:name="com.google.android.gms.analytics.AnalyticsReceiver"
android:permission="SOME-GOOGLE-ANALYTICS-PERMISSION"
android:enabled="true">
<intent-filter>
<action android:name="com.google.android.gms.analytics.ANALYTICS_DISPATCH"/>
</intent-filter>
</receiver>
Edit 1:
I am also looking for the source code to figure out the right permission. But I couldn't find the google analytics source code.
I have a broadcastReceiver registered in manifest that receives broadcasts sent from one of my services with a custom action. I have it already working but for security reasons i want to prevent other apps from sending fake broadcast to my receiver. How can i do that?
Manifest
<receiver android:name=".MyReceiver">
<intent-filter>
<action android:name="MyAction"/>
</intent-filter>
</receiver>
Every reciever with exported tag set to false will only receive broadcasts sent from its own application process.
so it will be:
<receiver android:name=".MyReceiver"
android:exported="false">
<intent-filter>
<action android:name="MyAction"/>
</intent-filter>
</receiver>
As another solution i found that i can use permissions.
more on here
I'm trying to implement two 3rd party libraries (Parse & Localytics) which uses GCM push notifications but I can't seem to get both to work together. It's either one or the other that will work.
<receiver android:name="com.parse.GcmBroadcastReceiver"
android:permission="com.google.android.c2dm.permission.SEND">
<intent-filter>
<action android:name="com.google.android.c2dm.intent.REGISTRATION" />
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
</intent-filter>
</receiver>
<receiver android:name="com.localytics.android.PushReceiver"
android:permission="com.google.android.c2dm.permission.SEND" >
<intent-filter>
<action android:name="com.google.android.c2dm.intent.REGISTRATION" />
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
</intent-filter>
</receiver>
GCM only is aware of your app, not the content of the GCM payload.
You need a common receiver that can parse the intent received for the particular data that identifies it as Localytics or Parse, then forward that intent to the appropriate receiver for either service.
GCM is based on "app registration" not on "app feature registration" - it will deliver to your app, not a particular receiver within your app.