Kristopher..actually i need to pentest a android application. Please suggest me any pointers to spoof the push data response..
On Monday, February 18, 2013 9:22:10 PM UTC+5:30, Kristopher Micinski wrote: > > I believe the answer is simple as: GCM uses HTTPS. > > But if anything, there are other ways to spoof GCM, and you shouldn't > actually do anything sensitive with it. > > Think of GCM as forcing evaluation of a thunk that does some > asynchronous user operation :-) > > Kris > > > On Mon, Feb 18, 2013 at 6:21 AM, dw4ll <[email protected] <javascript:>> > wrote: > > How does the device recognize that the pushed data is from GCM server > only? > > Are there any auth tokens that GCM server sends along with data? Can an > > attacker spoof GCM push data and send it to android client?? > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Android Security Discussions" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to > > [email protected]<javascript:>. > > > To post to this group, send email to > > [email protected] <javascript:>. > > Visit this group at > > http://groups.google.com/group/android-security-discuss?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
