I've implemented a simple GCM client and server. The client uses the current GCM client APIs (not the deprecated helper library). The server (C# & .NET) follows the corresponding server guidelines (using HTTP). My server runs on a machine within my company domain, so I'm connecting the client devices to a Wi-Fi access point inside the corporate network but with access to the Internet.
My problem in a nutshell is that notifications are received fine on 4.3+ handsets, but are never received on 4.1.2 handsets when connected to the corporate Wi-Fi network. If I connect a 4.1.2 device to our public guest Wi-Fi network the GCM messages are received as expected, but then the app can't connect to the corporate server.
I've seen some indications that GCM can fail when corporate networks have overly protective firewalls (e.g. here). But if it was just a firewall issue, surely the 4.3+ devices wouldn't receive any messages either?
My test handsets are as follows:
The server has received valid registration IDs from all five devices. On a 15-second timer it sends out a single message addressed to all five registration IDS. The response always shows that 5 messages were sent with no errors and no changed registration IDs. However, it is always received on the first three devices listed above, and never on the last two (running 4.1.2). When I debug them, the broadcast receiver isn't getting invoked at all.
I've also verified that all five devices:
I've finally figured out what the problem is. The corporate firewall is blocking traffic on the native GCM port of 5228. (5229 and 5230 are also mentioned with relation to GCM but we're not seeing any attempted traffic on those ports at all.) This much is well documented elsewhere (just Google GCM port 5228).
What I can't find clearly documented anywhere, but we've figured out from our server logs and from running Connection Tracker on the handsets, is that newer versions of Android fall back to using port 443 (the standard HTTPS port) which most firewalls allow traffic through by default. This is how our devices running newer Android versions are working even behind the firewall. I don't know precisely what Android version introduced this port 443 fallback, but it's somewhere between 4.1.2 (not working) and 4.3 (working).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With