Can GCM/Firebase push notifications be intercepted with proxy software like Charles?

Question

I have set up Charles proxy to intercept network traffic coming into an Android app running on the Android Emulator.

In Charles, Help > SSL Proxying > Install Root Certificate on a Mobile Device or Remote Browser

In Android emulator, ...

The regular network traffic of the app comes through Charles proxy but not the push notifications.

Is there a way to intercept the push notifications with Charles?

I've seen that the documentation says that they come through on ports 5228-5230 on HTTP. https://developers.google.com/cloud-messaging/http

I can imagine for security this might be made more difficult. I've seen this previous answer Intercept all GCM push messages(for any app) but it doesn't give any detail of why it can't be done.

Answer 1

I think GCM notifications does not come directly to your app as http traffic. I think they work with Google Play Services installed on your phone which then triggers your app with "something".

After searching for it I've found this which I will quote here for reference:

There is simply a TCP socket waiting in accept mode on a cloud Google server. The TCP connection had been initiated by the Google Play application. That's why Google Play must be installed on the device for making Google Cloud Messaging (GCM) (formerly Android Cloud to Device Messaging Service - C2DM) work.
When this TCP client socket receives some message, the message contains information such as the package name of the application it should be addressed to, and of course - the data itself. This data is parsed and packed into an intent that is broadcast and eventually received by the application.
The TCP socket stays open even when the device's radio state turns into "idle" mode. Applications don't have to be running to receive the intents.