Android Question Firebase? Any idea?

[Eme Fibonacci]

I would like users to send messages to other users
.
By SMS does not work. SMS has cost and is a small text.

Let's see:

It would be very good something like whatsapp. The user does not need a login and password. The user only uses numbers from other contacts.
But after the installation whatsapp sends an sms to verify if that user really holds the number informed. Of course, they have a sms gateway.

I thought of using firebase in my application for users to exchange message using the phone numbers.
However, it seems that my app could be easily broken and someone could enter a number that is not true and receive the notification.

Any idea? Any considerations?


Thank you very much.

 

[Erel]

You will need to implement an authentication solution and check the user identity.

You can start with FirebaseAuth and authenticate the users based on their Google / Facebook accounts.

 

[KMatle]

Additionally: You need a own server to handle the users and check permissions. The messages can be sent via FirebaseMessaging (max 4K) or at least the push to download the messages. WhatsApp does it the same.

The FCM messages are sent from the server. Your keys are kept secret and you can check if users are logged in and they are allowed to send a message or if they are blocked.

 

[Eme Fibonacci]

Additionally: You need a own server to handle the users and check permissions. The messages can be sent via FirebaseMessaging (max 4K) or at least the push to download the messages. WhatsApp does it the same.

The FCM messages are sent from the server. Your keys are kept secret and you can check if users are logged in and they are allowed to send a message or if they are blocked.

Please consider this:

1) A user installs my app.
2) It authenticates with gmail.
3) The app receives a token.
4) The app sends email and token to my server.

On the server the token is valid but how can I on the server side know if the received email was the same as that used in the authentication?

Thank you

 

[KMatle]

Seems to be complicated (and I don't know why). I did some research and I came to this: http://stackoverflow.com/questions/30867650/verifying-token-id-in-sign-in-with-google-on-my-website When I get it right, you can call a Google Curl API (see post). I did not try it. See this helper, too: https://developers.google.com/apis-explorer/#p/oauth2/v2/oauth2.tokeninfo?id_token=[tokengoeshere]

I do it on my own because

- Auth only says that the User has a Google/FB account and he/she is logged in - nothing more
- I want to have full control over my apps and code
- I only use some functions like FCM messages
- I see privacy problems with Google
- It's a big plus if your app isn't using Google functions
- You have to pay for it if you have more than x users (when I get it right)

 

[Eme Fibonacci]

And this:

1) A user installs my app.
2) It authenticates with gmail.
3) The app receives a token.
4) The app sends email and token to my server
5) My server sends a code to the informed email.
6) The user gets the code from email and informs on app.
7) My app sends the code to my server.
8) If the code is correct my server validates the email.

Does that make sense? Do you see any fail?