GCM sender id / project number

2020-02-26 12:49发布

问题:

to send a GCM, we have a SENDER ID from Google API console, is that important to keep that SENDER ID protected? I mean, would someone be able to do bad things if they know that ID? I did a mistake and I think that ID was in one of my projects... am I able to somehow change it? I couldn't find anyway to change it by looking at the Google API console!. should I be worried about that? or is it ok?

the server and browser API keys can be changed but not the SENDER ID, PROJECT NUMBER...

回答1:

Yes you should keep the project number (which is the Sender Id as well for GCM) protected; otherwise anyone can use it and it will count toward your usage of the API. It is similar to the API key for any other service e.g. Google Maps.

I am not aware of any method to change it other than create a new Google account, but in the Dashboard of Google API console there is an option to register/generate a Project ID but I am not sure if GCM will accept this as Sender Id. You can give it a try.

Edit:

It might not be that dangerous if your project number is exposed (in the old APIs the sender id was your e-mail) , because still you will need API key to be able to send notification via GCM



回答2:

I'd like to add that while project ID alone can't be used to send notifications via GCM, it can be used by another Android application to register to GCM and recieve notifications from your server. Of course, in order to recieve notifications from your server, that application would have to first contact your server to send its Registration Id, so depending on the server implementation, you can block that from happening.



回答3:

As I understand it:

1) SenderID == ProjectID (as iTech notes)

2) The SenderID/ProjectID is embedded into your app, at build time, via "googleservices.json"

3) Your app uses & requires your SenderID (via R.string.gcm_defaultSenderId) to register with GCM, using the following code:

String token = instanceID.getToken(getString(R.string.gcm_defaultSenderId), GoogleCloudMessaging.INSTANCE_ID_SCOPE, null);

4) Thus, as per my understanding, it is by design that SenderID should be included in your GCM app, and is not protected.