c2dm newbie

[dashman]

just looking into this tech.

i understand i need a server app - but does this server need
to be able to handle https requests.

i'd rather not get a certificate at this time.

i can make https requests (to c2dm server)

and my android app can send me plain http requests -

so am i still required to handle https requests.

any link to a simple sample would also be appreciated.

[roger schildmeijer]

You dont need to use https communication between your mobile device and your application server. To push a message to a mobile device you must do a https request against https://android.apis.google.com/c2dm/send (notice the https).

// Roger Schildmeijer

[Costin Manolache]

On Wed, Oct 6, 2010 at 5:56 AM, dashman <erjd...@gmail.com> wrote:

just looking into this tech.

i understand i need a server app - but does this server need
to be able to handle https requests.

i'd rather not get a certificate at this time.

i can make https requests (to c2dm server)

and my android app can send me plain http requests -

so am i still required to handle https requests.

Nothing can force you to use https between your app and your server.

In fact, even c2dm servers accept http.

The 'requirement' is to protect your users data and your credentials, 

http can be trivially intercepted. 

You don't need to get a signed cert either - you can use a self-signed cert, 

but verify the signature on the client. 

You control the client - unlike a browser, where you can't easily change the 

cert validation. You'll need to  override the HostnameVerifier to accept

 self-signed and to do the verification.

I guess you could also have a public key included in your app, and just 

encrypt the payload before sending it over HTTP - if you use a hosting 

service that doesn't allow https.

Costin