My app uses gcm. Each time user logs in, new gcm token is registered and sent to my 3rd party server. Each time user logs out, gcm token is unregistered. This woks without any problems.
The problem is that when it comes to testing, tester can uninstall the app without loging out, and then install it back again and log into another account. Then he'll recieve two gcms from two different account. This means he'll recieve private gcms for account hes not currently loged into. This can even happen with live users sometimes.
GCM documentation states that gcm tokens can expire sometimes if the application is uninstalled. In practice, this never happens.
http://developer.android.com/google/gcm/gcm.html
GCM documentation also states that you can unregister GCM tokens by executing
Intent unregIntent = new Intent("com.google.android.c2dm.intent.UNREGISTER");
unregIntent.putExtra("app", PendingIntent.getBroadcast(this, 0, new Intent(), 0));
startService(unregIntent);
But this method doesn't seem to work if you try it after reinstall. I do recieve callback which tells me that token is unregistered, but gcm token still works ok.
My question is: can you ensure that there are no valid gcm tokens for your application? I'd really like to unregister all existing tokens during application first start, or at least reset them from the phone settings.
GCM tokens for your app are unique for each device, so if you ever get a different user telling you they are using the same GCM token as some other user, then you know that the situation you described has occurred. Basically, every time you receive a GCM token, you should delete all older records that have that same GCM token before assigning it ONLY to the new user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With