1

I'm a little bit confused here, i'm using the new GCM service and of course i have to declare the SENDER_ID in my MainActicity, i'm just curious about the security here, if someone de-compile my APK he would see my SENDER_ID, right ?

Shouldn't it be kept secret ? or it's enough to keep the API key secret ?

Fadi Obaji
  • 1,454
  • 4
  • 27
  • 57

1 Answers1

3

Shouldn't it be kept secret ?

No, it's not required to keep it secret. If anyone decompile your APK and find anyhow your sender ID then hacker cant do anything.

Because to push GCM notification it's required to have API key of Server which is available to owner only.

N Sharma
  • 33,489
  • 95
  • 256
  • 444
  • So he `the hacker` can register devices with it so he can receive my push notifications ? – Fadi Obaji Apr 08 '15 at 14:24
  • No, because hacker won't have API to send GCM registration ID to your server. – N Sharma Apr 08 '15 at 14:25
  • The `API Key` in not required to register, it's only required to send push notifications, registration require only the `SENDER_ID`, he can register and get a `registration_id for his device but it wont be in my database on my server, so i think it wont hurt, right ? – Fadi Obaji Apr 08 '15 at 14:28