Posted by Giles Hogben, Privacy Engineer and Milinda Perera, Software Engineer
[Cross-posted from the Android Developers Blog]
Developers already use HTTPS to communicate with Firebase Cloud Messaging (FCM). The channel between FCM server endpoint and the device is encrypted with SSL over TCP. However, messages are not encrypted end-to-end (E2E) between the developer server and the user device unless developers take special measures.
To this end, we advise developers to use keys generated on the user device to encrypt push messages end-to-end. But implementing such E2E encryption has historically required significant technical knowledge and effort. That is why we are excited
This post first appeared on Google security. Read the original article.