GCM Sender Project ID / Number
to send GCM we have SENDER ID from Google API Console, is it important to protect this SENDER ID? I mean, can someone do bad things if they know this ID? I made a mistake and I think the ID was in one of my projects ... can I change it somehow? I still couldn't change it by looking at the Google API Console !. Should I be worried about this? or is it ok?
server and browser API keys can be changed, but not SENDER ID, NUMBER PROJECT ...
source to share
Yes, you have to save project number
(which is Sender Id
as well for GCM); otherwise anyone can use it and they will count on you using the API. It is like an API key for any other service, for example. Google Maps.
I am not aware of any method to change it other than creating a new Google account, but there is an option to register / generate in the Google API console dashboard Project ID
, but I'm not sure if GCM will accept this as Sender Id
. You may try.
Edit:
It might not be that dangerous if yours is project number
open (in older APIs, the sender ID was your email address), because you still need API key
to send notifications via GCM
source to share
I would like to add that while project ID
it cannot be used on its own to send notifications via GCM, it can be used by another Android app to register with GCM and receive notifications from your server. Of course, in order to receive notifications from your server, this application would have to first contact your server in order to send it Registration Id
, so depending on the server implementation, you might block this.
source to share
As I understand:
1) SenderID == ProjectID (as iTech notes)
2) SenderID / ProjectID is built into your app at build time via "googleservices.json"
3) Your application uses and requires your SenderID (via R.string.gcm_defaultSenderId) to register with GCM using the following code:
String token = instanceID.getToken(getString(R.string.gcm_defaultSenderId), GoogleCloudMessaging.INSTANCE_ID_SCOPE, null);
4) So, as per my understanding, by design, SenderID should be included in your GCM application and not protected.
source to share