The Android C2DM push app that I have developed has the reference of my sender is (example: "sender#gmail.com") in the application side code.
Case 1:
When I install this app on a Android device, the device has a gmail id as "personalid#gmail.com" in Accounts and Sync settings.
App is registered successfully with C2DM but it does not receive any of the pushed messages.
Case2:
When I use the same sender id ("sender#gmail.com") in the Android device's Accounts and Sync. I receive all the messages that I push.
Why case 1 is failing and case 2 (sender id all through) is successful?
Please make sure that you have signed out from built in gtalk application of your phone, if you are not signed out from gtalk app, then it will create ambiguity in between gtalk and ur personal app for messaged pushed from google server so it can not send message to any app and give exception.
For detailed information of push notification , please check https://developers.google.com/android/c2dm/
best c2dm tutorialis ,http://www.vogella.com/articles/AndroidCloudToDeviceMessaging/article.html
This is the way that C2DM works. It makes sense that it works in this way since it requires the email address for both the registration id and authentication token.
When sending a push message, your third party server uses the registration id built on (probably) "sender#gmail.com", and authentication token built on the same email. Google's server looks on your device and tries to find that specific email address account. You can have multiple accounts on the device, but at least one of them has to be the account used to register the device.
Why would Google ask for the email anyway if it wouldn't have mattered? It would have been much easier to use directly the device's unique id.
Related
We are developing apps both in IOS and Android. GCM push notification has been enabled for IOS and its working fine now. The package name for both the platforms are going to be the same.
I was given SERVER API KEY and SENDER ID by ios developer to set up gcm for android. While looking for the steps, I came across https://developers.google.com/cloud-messaging/android/client.
I kept to myself that the steps listed in the contents need to be done to set up GCM for android (please correct me if I am wrong).
Get Config file and add it to Android project
Set up Google play services (I added gcm in my project dependency)
Add entries to Manifest file
Check for google play services APK
Obtain registration token.
"An Android application needs to register with GCM connection servers before it can receive messages"
"The client app should store a boolean value indicating whether the registration token has been sent to the server." - My backend team told me I dont need to send them anything I have to just configure gcm in the app and the app will receive messages from backend.
So, My question is Do I need to have RegistrationIntentService and MyInstanceIDListenerService. Also, Do I have to define my InstanceIDListenerService in Manifest?
Our backend uses device id to send push notifications to devices so they dont need registration token to be sent to them as we send device id. So in this case, Should I register my app with GCM using RegistrationIntentService and InstanceIDListenerService? if so, should the app keep the registration token with itself. Is this registration needed?
GCM supports three types of downstream (server-to-client) messaging: send to a specific device (also called "simple" or "targeted"), send to a topic, or send to a device group. Your question says, "our backend uses device id to send push notifications to devices". It is not clear what "device ID" is and which type of messaging you intend to use. Your backend team has told you that you "don't need to send them anything". If that is true, I don't know where they are getting the "device ID".
Each of the three types of messaging provided by GCM require client devices to register with GCM and obtain a registration token. To send a message to a specific device, the registration token is effectively the "device ID". So yes, you need to implement something similar to the RegistrationIntentService and InstanceIDListenerService described in the documentation.
The description in the documentation about needing to send the registration token to the App Server is misleading. That is only required for targeted messaging. The documentation for receiving topic messages states: "Note that, for topic messaging it's not required to send the registration token to your app server; however, if you do send it, your server can verify the validity of the token and get more information about the app that created it."
All,
I'm probably asking a very basic question here, but how does one get your device ID for PushSharp in Android? My setup is VB.net, and we'll be sending to a large number of different Android devices.
Following the PushSharp example here is my code so far:
push.RegisterGcmService(new
GcmPushChannelSettings("YOUR Google API's Console API Access API KEY for Server Apps HERE"));
push.QueueNotification(new GcmNotification().ForDeviceRegistrationId(
"DEVICE REGISTRATION ID HERE")
.WithJson("{\"alert\":\"Hello World!\",
\"badge\":7,\"sound\":\"sound.caf\"}"));
I know the API key is from the GCM service, but where does the Device Registration ID come from? Is that setup by the GCM service? Or is that something the android device sends the server should save?
Thanks for the help.
The registration ID is assigned by the GCM service. When the application registers to GCM, it gets a registration ID and should send it to the server.
Registration ID An ID issued by the GCM servers to the Android application that allows it to receive messages. Once the Android application has the registration ID, it sends it to the 3rd-party application server, which uses it to identify each device that has registered to receive messages for a given Android application. In other words, a registration ID is tied to a particular Android application running on a particular device.
You can read more about it here.
In case you ended up reading this post and could not get yourself sorted out with the selected answer, here is the ultimate link that helped me:
Getting a GCM registration ID
Company creates a project and receives a sender ID. Company creates an app, bakes in its sender ID and places the app in the store.
Attacker reverse engineers the app and extracts both the sender ID and the server interface used to receive GCM registration IDs.
Attacker creates his own app, bakes in Company's sender ID and server registration interface, puts app in the store. The attack app basically impersonates Company's real app as far as GCM goes: it registers to receive messages from Company's sender ID and then sends its GCM registration ID to Company's servers just like the "real" app does.
Now Company wants to broadcast some information to all instances of its app. Maybe it's a reminder than an update is available. Is there any way to differentiate the "attack app" (which registered just like the real one) from "real" versions of the Company's app?
I think from your scenario it's not possible for the attacker to send a message to the user even if he has the registration id. The company server which sends the messages they need to authenticate (OAuth2) there account first through Google. So only if the attacker knows the password of the sending party and the registration id than it can send the user. But the password of the sending party of course is never send to the client side.
well, this might even work in a debug version of the attackers app, but he can not put his app in the store. part of the GCM identification is the app id which needs to be unique in the store.
The same problem could also have existed with C2DM, which you can sniff the sender email address, instead of project ID for GCM.
C2DM or GCM, should never be used to send sensitive user information (i.e. account name, private information, etc), it's mainly useful for notification, which the real app can use it to perform further actions.
I can't see how useful a notification can be to a 'fake/hack' app, what are they going to do with 'You have new message' notification?
The GCM Registration ID is requested by Google, requested from the app and submitted to your server. When someone with a different app (but the same sender ID) creates a Regid, it still has to be committed to the server, and you first have to explicitly send a message to that specific regid.
An app installation, whether legitimate or not, can never receive messages it is not authorised for. (Provided you declare and use the C2D_MESSAGE permission)
Actually, google let's you register a Server Key for GCM, which lets you White-List Server IP's...
So you should add your server IP and you would be safe, since only your server is allowed to send messages with that key.
GCM is safe in this case.
You even can't use your Sender ID in your original app before you register the app in GoogleApiConsole. This means you point private key fingerprint in GoogleApiConsole. It's enough.
I would suggest having your own "interim server" which uses the API key (sender ID as you referred to it). Instead of embedding it in the app itself.
Looking entirely from the user account perspective, are the following pointers to be followed for the C2DM push system to work?
Manually sign up on https://developers.google.com/android/c2dm/signup and provide package name of my android app. consider emailId given is: foo#gmail.com
Programmatically Register from my android app using a email id, foo#gmail.com
From the third party application server send push notifications. Generate the authentication token using foo#gmail.com and pass****word.
My question is, is it mandatory to provide the same emailId in all the above places?
yes Please go though the links
https://developers.google.com/android/c2dm/
Sender ID An email account associated with the application's developer. The sender ID is used in the registration process to identify a Android application that is permitted to send messages to the device. This ID is typically role-based rather than being a personal account—- for example, my-app#gmail.com.
http://www.vogella.com/articles/AndroidCloudToDeviceMessaging/article.html
http://android-developers.blogspot.in/2010/05/android-cloud-to-device-messaging.html
http://www.abolkog.com/portal/java-programming/117-android-push-notifications
we are implementing c2dm to push notifications to users. we want the user to be able to "opt-out" at the beginning. if they opt-in, then we register the device and send the id to our server to store for later delivery and track that by some unique device id.
the problem is that there doesn't seem a reliable way in android to get a device id. everything i've read says, "just generate a guid at first startup of the app". well, this is fine, but if a user starts up the app, opts in, then uninstalls and re-installs the app, then opts out, i have no way of removing that old device (since the device id of the second install is new).
i've tested and an old c2dm registration id works even after an uninstall and re-install.
any suggestions? how do others allow users to opt-out of notifications. how do you track their devices?
Having a Device ID is nice, but you don't need it to handle opt-outs. When you send a C2DM message from your server, include the registration ID. Then, when the device receives a message, it can compare the delivered registration ID with what it thinks its registration ID is.
If it matches, show the notification. If it doesn't match, ping your server and tell it to opt-out that registration ID.
On first run of your app, you could ask the user whether or not they would like to receive C2DM messages, and send that answer to your server. Then it follows that you would only send C2DM messages to devices that want them.
Instead of a GUID, I would look into getting their associated Android Market account (i.e. email address). This way, reinstalls won't change anything assuming they're using the same Android Market account.