Firebase Cloud Messaging: Difference between revisions
No edit summary Tags: Reverted Visual edit Mobile edit Mobile web edit |
No edit summary Tags: Reverted section blanking Visual edit Mobile edit Mobile web edit |
||
Line 52: | Line 52: | ||
Protection against security threats involves multiple steps and can lead to additional implications. Deactivating the Cloud Messaging service will prevent immediate transactions. However, this could potentially stop other applications installed on the blocked device which rely on the FCM service.<ref name=":0">{{Cite journal|last1=Esposito|first1=Christian|last2=Palmieri|first2=Francesco|last3=Choo|first3=Kim-Kwang Raymond|date=March 2018|title=Cloud Message Queueing and Notification: Challenges and Opportunities|url=http://dx.doi.org/10.1109/mcc.2018.022171662|journal=IEEE Cloud Computing|volume=5|issue=2|pages=11–16|doi=10.1109/mcc.2018.022171662|s2cid=19248242|issn=2325-6095}}</ref> A possible solution is to block a specific notification channel or unsubscribe from a topic. Other solutions involve setting up message traffic notification systems to detect malicious information being messaged through the FCM service platform.<ref>{{Cite book|last1=Li|first1=Na|last2=Du|first2=Yanhui|last3=Chen|first3=Guangxuan|title=2013 International Conference on Information Science and Cloud Computing Companion |chapter=Survey of Cloud Messaging Push Notification Service |date=December 2013|chapter-url=http://dx.doi.org/10.1109/iscc-c.2013.132|pages=273–279|publisher=IEEE|doi=10.1109/iscc-c.2013.132|isbn=978-1-4799-5245-8|s2cid=15771293}}</ref> To implement this solution additional steps are required. The user needs to identify at the start, the connection channel or topic potentially used by the malicious application. |
Protection against security threats involves multiple steps and can lead to additional implications. Deactivating the Cloud Messaging service will prevent immediate transactions. However, this could potentially stop other applications installed on the blocked device which rely on the FCM service.<ref name=":0">{{Cite journal|last1=Esposito|first1=Christian|last2=Palmieri|first2=Francesco|last3=Choo|first3=Kim-Kwang Raymond|date=March 2018|title=Cloud Message Queueing and Notification: Challenges and Opportunities|url=http://dx.doi.org/10.1109/mcc.2018.022171662|journal=IEEE Cloud Computing|volume=5|issue=2|pages=11–16|doi=10.1109/mcc.2018.022171662|s2cid=19248242|issn=2325-6095}}</ref> A possible solution is to block a specific notification channel or unsubscribe from a topic. Other solutions involve setting up message traffic notification systems to detect malicious information being messaged through the FCM service platform.<ref>{{Cite book|last1=Li|first1=Na|last2=Du|first2=Yanhui|last3=Chen|first3=Guangxuan|title=2013 International Conference on Information Science and Cloud Computing Companion |chapter=Survey of Cloud Messaging Push Notification Service |date=December 2013|chapter-url=http://dx.doi.org/10.1109/iscc-c.2013.132|pages=273–279|publisher=IEEE|doi=10.1109/iscc-c.2013.132|isbn=978-1-4799-5245-8|s2cid=15771293}}</ref> To implement this solution additional steps are required. The user needs to identify at the start, the connection channel or topic potentially used by the malicious application. |
||
=== Privacy Concerns === |
|||
Cloud-based messaging also poses privacy risks and issues. [[Black hat (computer security)|Black hat hackers]] may be able to breach the security of the Firebase Cloud Messaging platform and acquire the registration ID of the user’s application or other sensitive information. Security compromise examples include private messages on a user’s social media account being pushed to the hacker’s device.To ensure the privacy of the platform, the user can build end-to-end protection schemes around the open communication channels provided by the Cloud Messaging Services, which are unsecure. FCM provides users with payload encryption.<ref name=":0" /> |
|||
==References== |
==References== |
Revision as of 14:10, 15 January 2024
Developer(s) | Firebase |
---|---|
Programming language(s) | - |
Application(s) | Notification service |
Status | Offline[citation needed] |
License | Access |
Website | firebase |
Firebase Cloud Messaging (FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform cloud service for messages and notifications for Android, iOS, and web applications, which as of May 2023 can be used at no cost.[1] Firebase Cloud Messaging allows third-party application developers to send notifications or messages from servers hosted by FCM to users of the platform or end users.
The service is provided by Firebase, a subsidiary of Google. On October 21, 2014, Firebase announced it had been acquired by Google for an undisclosed amount.[2] The official Google Cloud Messaging website points to Firebase Cloud Messaging (FCM) as the new version of GCM.[3] Firebase is a mobile platform which supports users in developing mobile and web applications. Firebase Cloud Messaging is one of many products which are part of the Firebase platform. On the platform users can integrate and combine different Firebase features in both web and mobile applications.
Additional Features and Tools
Analytics
Firebase offers free and unrestricted analytics tools to assist the user gain insights into the 'ad click' & 'application usage' of end customers. In conjunction with other Firebase features, Firebase Analytics allows the user to explore and use on a range of functionalities such as click-through rates to app crashes.[4]
Firebase Remote Config
It is a simple key-value store that lives in the cloud and enables the user to implement modifications which can be read by the application. The Firebase Remote Config also includes an audience builder, in addition to the basic feature, which helps the user create custom audiences and perform A / B testing.[4]
Cross-Platform Support
APIs packaged into single SDKs for iOS, Android, JavaScript and C++ in conjunction with the cross-platform support provided by FCM allow the developer to expand across different platforms without infrastructure modification.[4]
Web Push Support
Developers can implement the standard IETF Web Push APIs and being to target web browsers. On Chrome, developers can send messages to Chrome on Android or Chrome pages in Mac, Windows and Linux. Added features for web push support include Topic Messaging and the ability to send messages to Topic Combinations.[4]
Topic Messaging
Developers can send a single message to multiple devices. It is a method of notification to users with common interest topics such as sports events, artists, music genres. Developers need to publish a message to FCM, which is automatically delivered to devices subscribed to the select topic. Subscriber count on a single topic or multiple topics are not limited on the application.[4]
Topic Combination Messaging
If users are subscribed to different topics, to prevent publishing the same message across different topics and users from receiving duplicate messages, developers can use the updated API. Developers can set specific conditions for FCM to deliver the message only to users who meet the condition criteria.[4]
Message Delivery Reports
Message Delivery Reports (MDR) are generated by FCM's reporting tool which allows developers to obtain analytical insights into the message delivery. In the MDR, developers can evaluate the reach of the sent messages to specific users by viewing the data for messages to different FCM SDKs (Android, iOS). [5]
Key Concerns
Security Concerns
FCM shortens the design and implementation process for mobile applications. Due to the available functionality of sending test messages through the Notifications Composer in the Firebase console, the testing process is also shortened. Cloud-based messaging solutions also have security and privacy risks which need to be mitigated and considered before implementation into a project. The development of cloud computing involves an open network structure and elastic pooling of shared resources which increases the need for cloud security measures to be established.[6]
A security concern is the potential exploitation of server keys which are stored in the FCM’s Android application package (APK) files. If exploited, this allows the distribution of push notification messages to any and all users on the Firebase platform. GCM has previously reported security vulnerabilities where phishing and malicious advertisement activities have occurred.
Protection against security threats involves multiple steps and can lead to additional implications. Deactivating the Cloud Messaging service will prevent immediate transactions. However, this could potentially stop other applications installed on the blocked device which rely on the FCM service.[6] A possible solution is to block a specific notification channel or unsubscribe from a topic. Other solutions involve setting up message traffic notification systems to detect malicious information being messaged through the FCM service platform.[7] To implement this solution additional steps are required. The user needs to identify at the start, the connection channel or topic potentially used by the malicious application.
References
- ^ "Firebase Cloud Messaging". Google Developers. Retrieved April 4, 2021.
- ^ Tamplin, James. "Firebase is Joining Google!". Firebase, Inc. Retrieved October 21, 2014.
- ^ "Google Cloud Messaging - official website". Retrieved July 20, 2016.
- ^ a b c d e f Sharma, R. (2020). What is GCM and FCM? (Differences and Limitations). Retrieved 2 October 2020, from https://www.izooto.com/blog/everything-that-you-need-to-know-about-firebase-cloud-messaging-platform
- ^ "Understanding message delivery". Firebase. Retrieved November 17, 2020.
- ^ a b Esposito, Christian; Palmieri, Francesco; Choo, Kim-Kwang Raymond (March 2018). "Cloud Message Queueing and Notification: Challenges and Opportunities". IEEE Cloud Computing. 5 (2): 11–16. doi:10.1109/mcc.2018.022171662. ISSN 2325-6095. S2CID 19248242.
- ^ Li, Na; Du, Yanhui; Chen, Guangxuan (December 2013). "Survey of Cloud Messaging Push Notification Service". 2013 International Conference on Information Science and Cloud Computing Companion. IEEE. pp. 273–279. doi:10.1109/iscc-c.2013.132. ISBN 978-1-4799-5245-8. S2CID 15771293.