问题
Create a Google project id as SENDER_ID and generate a API_KEY
On the Android client side, generate a regId using this sender_id and registered a reg id with gcm, then send it to my server:
GoogleCloudMessaging gcm = GoogleCloudMessaging.getInstance(mContext);
regId = gcm.register(SENDER_ID);
On the server side, the server uses the API key to send message to the client,
Sender sender = new Sender(API_KEY);
sender.send(gcmMessage, regId, 3);
I also declared C2D_MESSAGE permission in my android manifest as below, according to android doc, this can prevent other Android applications from registering and receiving the Android application's messages.
<permission android:name="com.myapp.android.permission.C2D_MESSAGE" android:protectionLevel="signature"/>
<uses-permission android:name="com.myapp.android.permission.C2D_MESSAGE"/>
But I don't understand how it works, if other people decompiled my apk file and found the sender_id, then use the same way to send the reg id to my server, how can my server knows that it's not registered in my application like the case below? Will registration or sending message fail?
Fake Client:
GoogleCloudMessaging gcm = GoogleCloudMessaging.getInstance(mContext);
fakeRegId = gcm.register(STOLEN_SENDER_ID); //will this fail?
My Server:
Sender sender = new Sender(API_KEY);
sender.send(gcmMessage, fakeRegId, 3); //will this fail?
来源:https://stackoverflow.com/questions/26456234/how-does-android-permission-c2d-message-work-to-prevent-other-people-mimic-my-cl