I am looking for a way to push updates from my node.js API to my android app. I'd like to find the easiest acceptable way to do it.
The GCM Client Helper library looks easy but appears to be deprecated. Is it a really bad idea to use it?
The suggested replacement seems significantly more complicated. Is there a way around this complication?
Thanks for your help!
As with any deprecated solution, it could stop working at any time and you'd be forced to rewrite your application to move to the non-deprecated solution. In this case, THe GCM Client Helper library has been deprecated for almost 2 years and I would not consider it for any new projects at this point, particularly since it is tied to ClientLogin, which, per the deprecation policy, is no longer required to work at all after April 20, 2015.
Given that, I would strongly recommend using the Google Play Services GCM API. Note that the replacement training you linked is a very full featured, detailed form. You may find the documentation on GoogleCloudMessaging to be a more minimal example of what is needed (frankly, not any more than the old model).
Related
Background
I was recently tasked to work on an SDK that Android developers could use via simple dependency (got this working for Jitpack&Github, here).
One of the tasks I was given is to use Firebase for remote-config and Analytics (and maybe Crashlytics too), to be able to gather statistics and have some control of it using the cloud.
The problem
All tutorials, articles and documentations (example here) that I see of Firebase are for Android apps, and so the preparation itself requires a package-name of the app to be set.
This is impossible for an Android library that is supposed to be used as an SDK, as it's meant for many apps, each has its own package name.
What I've tried
I tried to ask Firebase support about this, but they told me they can only talk about Android apps, and gave me a Github link (here), probably hoping I could get something out of it.
I also tried to ask on reddit (here), but nobody knew the answer to this.
Looking at the list of available, official SDKs (here), I think such a thing might be possible if I register as if it's a website (or web-application), and then in code I would reach it as a website (using REST API on Retrofit), but not sure if there is a better way, whether it will work, and whether it's even according to the rules of using Firebase (I think should be ok).
There might be a way to use the C++ library that Firebase offers, too, but this would probably require a lot of adjustments.
Seeing that this might not be offered natively, I even made a request about it., here.
The questions
Is it possible to use Firebase inside Android libraries? As an SDK? Is it according to the rules of Firebase?
How do I do it? Is there perhaps a library for this? Maybe a general Java library ? I guess I should also be able to make it focus on my SDK's classes and functions, and ignore what's on the app itself.
If there is no library, where can I find the various functions that are available for the various services, so that I would implement them?
I want to use pubsub's pull subscription.
So far its been hard to figure out setting auth & fails in subscription or grpc.
Also its not recommended to package client-secret.json in apk.
Havent found any leads to setup on android
Has anyone done this on android
On the Setup client library its mentioned
Note: Cloud Java client libraries do not currently support Android.
Following this link for Pull Subscriber
Any help would be appreciated
Pub/sub to a mobile platform has some potential issues, depending on your use-case. For example, if a phone is off for a long time, pub/sub will queue a lot of messages which may be expensive. You also would need to create a topic for every user if you want to keep data for each user private.
You might find that Firebase Cloud Messaging is a better solution for pushing notifications to an android app.
Although the com.google.cloud.pubsub library doesn't support Android, the com.google.api.services.pubsub library does. com.google.api.services.pubsub is auto-generated, so is harder to use and worse documented, but it should work on Android.
See client libraries explained for the difference between the libraries.
I've an app in Google Play, today I received a mail from Google saying that:
Google Play warning: You are using an unsafe implementation of
X509TrustManager
It says something about the SSL certificate issues and a way to solve the issue.
I'm asking this question because of curiosity,
Actually what is this warning all about ?
I'm not using any network related activities in my app (it's a local database driven app), so why this warning occurred for my app?
More Details:
My app was built using Appcelerator Titanium and google says this implementation is in ti.modules.titanium.network.NonValidatingTrustManager;. I'm sure that I never used such a class in my code.
Actually what is this warning all about ?
You should have been linked to this page, which explains what it is all about. In a nutshell, Google is scanning apps for people who screw up SSL, such as blindly accepting all certificates as valid.
I'm not using any network related activities in my app (it's a local database driven app), so why this warning occurred for my app?
Because something else in your APK has done this. In the case of this developer, it was a library.
My app was built using Appcelerator Titanium and google says this implementation is in ti.modules.titanium.network.NonValidatingTrustManager;. I'm sure that I never used such a class in my code.
You may not have used it directly. However, something else is using it. Or, perhaps it is there because it is just part of the overall Titanium framework and remains in your APK.
Appcelerator is tracking this issue on JIRA here:
https://jira.appcelerator.org/browse/TIMOB-20431
We also put out a blog post with information here:
http://www.appcelerator.com/blog/2016/02/google-security-alert-unsafe-implementation-of-the-interface-x509trustmanager/
The email speaks about a May 17th deadline for newly submitted (!) apps and updates. We will have a fix and instructions ready in time.
Read this:
http://docs.appcelerator.com/platform/latest/#!/guide/SSL_Certificate_Store_Support_for_HTTP_Clients
It all about the Google pushing everybody to use https. If you are using into your app the Titanium.Network.createHTTPClient object, then you will have to implement that with this:
var certificateStore = require('ti.certificatestore').
The module can be find here: https://github.com/appcelerator-modules/ti.certificatestore
The problem is not related to the js code. It is inside Titanium sdk and no matter do you use some fucntions or not.
I think the possible solution is to rewrite class
https://github.com/appcelerator/titanium_mobile/blob/bc85170157d3bebc5de1d61a9fe6e34bce84a8c9/android/modules/network/src/java/ti/modules/titanium/network/NonValidatingTrustManager.java
We should create safe implementation of X509TrustManager
I just got the same message on a my apps. Same module specified as the OP.
ti.modules.titanium.network.NonValidatingTrustManager;
A few points from my research so far:
http://docs.appcelerator.com/platform/latest/#!/guide/SSL_Certificate_Store_Support_for_HTTP_Clients does discuss the problem and provide examples for iOS and Android. However:
the examples are different for each OS and require creating or downloading modules (the Android one is a couple years old now)
the docs specifically say these methods are no longer supported and
You should instead use the HTTPClient's securityManager property to
implement support for SSL Certificate Stores.
the SecurityManagerProtocol docs, unfortunately, have no examples. The few references I could find (http://docs.appcelerator.com/platform/latest/#!/api/Modules.Https) require the use of modules.https which is a PAID module only.
I'm left with the question: If Google rejects all Appcelerator apps with this particular issue, and only developers with paid subscriptions get an officially-supported solution, does this mean Appcelerator 'community edition' is officially incompatible with Google Play? Is Appcelerator planning to support HTTPS officially for it's community members?
Anyone from Appcelerator care to comment, please?
Thank you,
David
I am pretty sure this question might seem silly but will throw it anyway.
I have started playing around with Bluemix and its fabulous Push, Data, Analiytics and more services. The main point is to develope an Android application leveraging these services. The problem is that I haven't found consistency in the official documentation.
For instance,
Here you'll see that it makes use of some "local" (the download link can be found on the top of that page so that you can copy them into you lib folder) libraries. The push IntentService is com.ibm.mobile.services.push.IBMPushIntentService.
On the other side, in this official sample code you will notice that the IntentService is com.ibm.mobilefirstplatform.clientsdk.android.push.api.MFPPushIntentService.
I hope I have explained my point on this issue.
Both pages seem to be up-to-date so, my dumb question is, what is the difference? and which SDK should I use?
The first link you referenced is for the sun-setting, deprecated 1st generation of Moblie Cloud services on Bluemix, AKA MBaaS. The getting started documentation for MBaaS will be removed shortly. You can see the recent deprecation announcement here.
The sample you link is the correct sample for the 2nd generation, and most recent, versions of IBM MobileFirst Services (IMF). You can find the appropriate documentation for Push Notifications here. You'll notice, all the docs are now hosted on the Bluemix docs page, instead of mbaas-gettingstarted...
Apologies for any confusion this has caused.
I cannot work this out to save my life!
So, I have a Codeigniter based REST api with an OAUTH 2.0 (draft 23 or something) server for my own auth system (not using Twitter or FB)
I want to be able to use this to allow users to "log in" to my Android app.
I can't find any information about this on the internet anywhere. There are a couple of unsupported OAUTH 2.0 client libraries out there, such as Leeloo (which moved to Apache Amber, which hasn't been updated for over a year, and there have been no releases under Amber).
My questions therefore are:
Is OAUTH 2.0 too new? It seems to be a couple of years old... is it still too new to work with. Should I be using OAUTH 1? (which seems to be unsupported anyway - all the codeigniter OAUTH 1 libs have moved to 2.0).
Should I be using a completely different technology? e.g. I have heard of "xauth". Again information on this seems to be pretty sketchy.
Is it something easy enough to do myself? It doesn't appear so, but do most people just create their own homebrew solutions? I can't find much info about this either.
Any help you can give me will be great. Any resources you can point me too as well will be pretty amazing.
Thanks for your time.
No, OAuth 2.0 is old enough to be supported by some good open source libraries. You could e.g. use scribe.
Sorry, I don't know enough about XAuth yet to help you with that.
Yeah, it's really easy using scribe. To support a custom Provider you simply have to extend org.scribe.builder.api.DefaultApi20. As your using the same Draft of OAuth 2.0 as Google does, you can use the implementation for the Google API in Thomas Bruyelle's fork of scribe as a blueprint. This article should get you started for using scribe with Android. You could further check out the Google example from the scribe fork here.