Firebase Cloud Messaging

Firebase Cloud Messaging (FCM), formerly known as Google Cloud Messaging (GCM), is a cross-platform cloud service for messages and notifications for Android, iOS, and web applications, which as of May 2023 can be used at no cost. Firebase Cloud Messaging allows third-party application developers to send notifications or messages from servers hosted by FCM to users of the platform or end users.

The service is provided by Firebase, a subsidiary of Google. On October 21, 2014, Firebase announced it had been acquired by Google for an undisclosed amount. The official Google Cloud Messaging website points to Firebase Cloud Messaging (FCM) as the new version of GCM. Firebase is a mobile platform which supports users in developing mobile and web applications. Firebase Cloud Messaging is one of many products which are part of the Firebase platform. On the platform users can integrate and combine different Firebase features in both web and mobile applications.

History
Firebase Cloud Messaging (FCM) is part of the Firebase platform, which is a cloud service model that automates backend development or a Backend-as-a-service (BaaS). After the Firebase company was acquired by Google in 2014, some Firebase platform products or technologies were integrated with Google’s existing services. Google’s mobile notification service Google Cloud Messaging (GCM) was replaced by FCM in 2016. On April 10, 2018, GCM was removed by Google and on May 29, 2019, the GCM server and client API were deprecated. FCM has become the replacement for GCM. However, FCM is compatible with existing Google Software Development Kits (SDK).

Firebase Cloud Messaging is a cross-platform messaging service on which the user can deliver messages without cost. FCM is compatible with various platforms including Android and iOS. Google launched support for web applications on October 17, 2016 including mobile web application. On FCM, third party application developers can send push notifications and messages via an application programming interface (API) to end users. After users enable consent to receive push notifications, users are able to receive real time information or data for syncing.

Development
FCM inherits the core infrastructure of GCM, however, it simplifies the development of the client side. GCM and FCM offer encryption, push notification and messaging, native Android and iOS SDK support. Both require a third-party entity between the client application and the trusted environment which may create delays in the communication path between the mobile terminal and application server. FCM supports server protocols HTTP and XMPP which are identical to GCM protocols.

Developers are not required to write individual registrations or subscripting retrying login in the client application. FCM and GCM handle messages through the same instructions, however, instead of GCM connection servers, messages are passed through FCM servers. The FCM Software Development Kit (SDK) excludes writing individual registration or subscription retry logic for a shortened client development process. The FCM SDK provides a new notification solution allowing developers to use the serverless Firebase Notifications on a web console, based on Firebase Analytics insights. FCM enables unlimited upstream and downstream messages to be sent.

Key Capabilities
Firebase Cloud Messaging has three main capabilities. The first capability is that FCM allows the user to receive notification messages or data messages which can be deciphered by the application code. The second capability is message targeting. Messages are able to be sent to the client application through different methods; from the FCM platform to individual devices, specified device groups or devices which are subscribed to particular topic domains. The third key capability is the connection channel from client applications to the server. FCM allows messages of various types to be sent from selected devices or client apps via the FCM channel.

Technical Details
Firebase Cloud Messaging sends notifications and messages to devices which have installed specific Firebase-enabled apps. Adding support for FCM to an application requires multiple steps: add support to the Android Studio project, obtain registration tokens and implement handlers to identify message notifications. The message notifications can be sent via the Firebase console with a select user segmentation option.

FCM Architecture
The FCM Architecture includes three components: FCM connection server, a Trusted environment with an application server based on HTTP or XMPP and cloud functionality, and a Client application. Sending and receiving messages require a secured environment or server to build, direct and send messages, and an iOS, Android or web client application to receive messages. There are two types of messages developers can send with FCM; notification messages and data messages. Notification messages are messages displayed on the device by FCM and are automatically managed by the FCM SDK. Data messages are processed by the client application. Therefore, Notification messages are used when the developer requires FCM to handle the notification display for the client applications. Data messages will be used when the developer requires the messages to be processed on the client application.

FCM can deliver target messages to applications via three methods: to a single device, to a device group or to devices which are subscribed to topics. Developers build and send targeted messages to a select group of users on the ‘Notification composer.’ Messages sent with FCM are integrated with Google Analytics to track user conversion and engagement.

Implementation
The implementation process has two key components. First, a secure environment to send and receive messages is required for FCM or other application servers to facilitate message transaction. Second, a client application of possible types, iOS, Android or web (javaScript), which is also compatible with the selected platform service is needed.

The implementation path for FCM is initiated with the FCM SDK setup following the instructions prescribed for the decided platform. Following setup, the client application must be developed. On the client app, add message handling, topic subscription logic and other required features. During this step, test messages can also be sent from the Notifications composer. The application server is developed next to build the sending logic. The base server environment is created without code.

Architecture Flow
Registration of the device and setting it up to enable message reception from FCM is first required. The client application instance will be registered and assigned a registration token or FCM Token, which is issued by the FCM connection servers that will provide the application instance (app instance) a unique identifier. The app instance is then able to send and receive downstream messages. Downstream messaging refers to the sending of a push notification from the application server towards the client application. This process involves four steps. First, after a message is created on the Notifications composer or in another secure environment, a request for the message will be sent to the FCM backend. Second, the FCM backend will receive and accept the message request and prepare the messages for each specified topic, create message metadata such as a message ID and send it to a transport layer, specific to the platform. Third, the message will be sent through the platform-specific transport layer to an online device. The platform-level transport layer is responsible for routing the message to a specific device, handling the delivery of the message and applying specific configurations to the platform. Fourth, the client application will receive the notification or message via their device.

Analytics
Firebase offers free and unrestricted analytics tools to assist the user gain insights into the 'ad click' & 'application usage' of end customers. In conjunction with other Firebase features, Firebase Analytics allows the user to explore and use on a range of functionalities such as click-through rates to app crashes.

Firebase Remote Config
It is a simple key-value store that lives in the cloud and enables the user to implement modifications which can be read by the application. The Firebase Remote Config also includes an audience builder, in addition to the basic feature, which helps the user create custom audiences and perform A / B testing.

Cross-Platform Support
APIs packaged into single SDKs for iOS, Android, JavaScript and C++ in conjunction with the cross-platform support provided by FCM allow the developer to expand across different platforms without infrastructure modification.

Web Push Support
Developers can implement the standard IETF Web Push APIs and being to target web browsers. On Chrome, developers can send messages to Chrome on Android or Chrome pages in Mac, Windows and Linux. Added features for web push support include Topic Messaging and the ability to send messages to Topic Combinations.

Topic Messaging
Developers can send a single message to multiple devices. It is a method of notification to users with common interest topics such as sports events, artists, music genres. Developers need to publish a message to FCM, which is automatically delivered to devices subscribed to the select topic. Subscriber count on a single topic or multiple topics are not limited on the application.

Topic Combination Messaging
If users are subscribed to different topics, to prevent publishing the same message across different topics and users from receiving duplicate messages, developers can use the updated API. Developers can set specific conditions for FCM to deliver the message only to users who meet the condition criteria.

Message Delivery Reports
Message Delivery Reports (MDR) are generated by FCM's reporting tool which allows developers to obtain analytical insights into the message delivery. In the MDR, developers can evaluate the reach of the sent messages to specific users by viewing the data for messages to different FCM SDKs (Android, iOS).

Notification Funnel Analysis
A Notification Funnel Analysis (NFA) is built into the FCM platform. By using this tool, developers can view user behaviour and trends from data around responses to particular notifications. The types of notification data which can be analysed are "Notifications Sent", "Notifications Opened" and number of unique users. An analysis report can be pulled from the NFA. Developers can also customise and build the notification funnels.

Security Concerns
FCM shortens the design and implementation process for mobile applications. Due to the available functionality of sending test messages through the Notifications Composer in the Firebase console, the testing process is also shortened. Cloud-based messaging solutions also have security and privacy risks which need to be mitigated and considered before implementation into a project. The development of cloud computing involves an open network structure and elastic pooling of shared resources which increases the need for cloud security measures to be established.

A security concern is the potential exploitation of server keys which are stored in the FCM’s Android application package (APK) files. If exploited, this allows the distribution of push notification messages to any and all users on the Firebase platform. GCM has previously reported security vulnerabilities where phishing and malicious advertisement activities have occurred.

Protection against security threats involves multiple steps and can lead to additional implications. Deactivating the Cloud Messaging service will prevent immediate transactions. However, this could potentially stop other applications installed on the blocked device which rely on the FCM service. A possible solution is to block a specific notification channel or unsubscribe from a topic. Other solutions involve setting up message traffic notification systems to detect malicious information being messaged through the FCM service platform. To implement this solution additional steps are required. The user needs to identify at the start, the connection channel or topic potentially used by the malicious application.

Privacy Concerns
Cloud-based messaging also poses privacy risks and issues. Black hat hackers may be able to breach the security of the Firebase Cloud Messaging platform and acquire the registration ID of the user’s application or other sensitive information. Security compromise examples include private messages on a user’s social media account being pushed to the hacker’s device.To ensure the privacy of the platform, the user can build end-to-end protection schemes around the open communication channels provided by the Cloud Messaging Services, which are unsecure. FCM provides users with payload encryption.