Create a Firebase Theme for Each User

Question

Create a Firebase Theme for Each User

We have a design approach that creates a theme for every registered user.

Create a new user
Save it to our database using the generated token
Subscribe to /topics/{user-token} when a user logs on to Android or ios.

So, if a user has several devices, and if we want to send a notification to the user, we just send it to /topics/{user-token} so that it is received by all devices.

We have not yet encountered any problem with multiple users, but is this normal for Firebase limitations and is this a good approach?

+4

android ios firebase firebase-cloud-messaging

ocanal Feb 15 '17 at 7:54

source share

1 answer

Diego giorgini · Accepted Answer · 2017-02-17T06:44:27+0000

(I post my comments in response)

In most cases, creating an FCM TOPIC for each user is not a good idea.

Messages sent to FCM TOPICS are publicly available. Any user (even from another application) can subscribe to / themes / {username} and receive their messages.

Example:
Another developer may copy the google-services.json file from your apk.
Then he can subscribe to any topic.
In order to intercept your user messages, the attacker still needs to guess {username} or any other identifier that you use. But if you suspect that this might happen, the problem will be big because you will never know if anyone is getting a copy of your messages, and you usually never change {username}.

This is not an FCM security issue. This is part of the theme API design.
If you need secure messages, you can send them directly to the device token.

If you still want to make one topic for each user, be careful not to send sensitive data or data that should not be intercepted by third parties.

Create a Firebase Theme for Each User

More articles: