Changes to enable Firebase cloud messaging (FCM)

[alabiaga]

Add changes to integrate usage of FCM.

These initial changes demonstrate how to integrate FCM while following best practices. While Firebase provides its own quickstart-android app, this implementation focuses specifically on the interplay between FCM and the notification framework, best practices, vs basic message facilitation.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the foundational changes required to integrate Firebase Cloud Messaging (FCM) into the application. The primary goal is to enable the app to receive push notifications by setting up the necessary Firebase dependencies, configuring the Android manifest for FCM services, and implementing a custom service to process incoming messages and manage device registration tokens. This initial integration follows best practices for FCM setup, focusing on the interplay with the notification framework rather than just basic message delivery.

Highlights

• Firebase Cloud Messaging (FCM) Integration: The application now includes initial setup for Firebase Cloud Messaging, enabling the receipt and handling of push notifications. This involves adding necessary dependencies, configuring the Android Manifest, and implementing a custom messaging service.
• Messaging Service Implementation: A new MessagingService has been created to extend FirebaseMessagingService, providing custom logic for handling new FCM registration tokens and incoming remote messages, including both data and notification payloads.
• FCM Initialization in MainActivity: The MainActivity now initializes FCM upon creation, fetching and logging the device's FCM registration token. This ensures the application is ready to receive messages from Firebase.
• Dependency and Plugin Updates: The project's build.gradle.kts files have been updated to include the firebase-messaging dependency and apply the google.gms.google.services plugin. Firebase Bill of Materials (BoM) and Google GMS versions were also updated in libs.versions.toml.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• app/build.gradle.kts
  • Added firebase.messaging dependency to enable FCM functionalities.
• app/src/main/AndroidManifest.xml
  • Registered MessagingService to handle Firebase messaging events.
• app/src/main/java/com/google/android/samples/socialite/MainActivity.kt
  • Imported necessary classes for FCM integration.
  • Called initializeFcm() in onCreate() to set up FCM.
  • Added a private initializeFcm() method to fetch and log the FCM registration token.
• app/src/main/java/com/google/android/samples/socialite/fcm/MessagingService.kt
  • Created MessagingService extending FirebaseMessagingService.
  • Overrode onNewToken to log refreshed FCM tokens.
  • Overrode onMessageReceived to log incoming data and notification payloads.
• build.gradle.kts
  • Applied the google.gms.google.services plugin to the project.
• gradle/libs.versions.toml
  • Updated firebaseBoM version from 33.14.0 to 34.10.0.
  • Updated googleGmsGoogleServices version from 4.4.2 to 4.4.4.
  • Added firebase-analytics and firebase-messaging library definitions.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request integrates Firebase Cloud Messaging (FCM) into the application, including necessary dependencies, AndroidManifest configuration, and basic logic for token handling and message receiving. However, it introduces a security vulnerability by logging sensitive information such as FCM registration tokens, message data payloads, and notification bodies to the system log, which can expose device identifiers and user data. It is recommended to remove these logging statements or ensure they are only active in non-production environments. Additionally, there is a suggestion in MainActivity.kt to improve the idiomatic and readability of the token retrieval logic.

[gemini-code-assist]

This line logs the Firebase Cloud Messaging (FCM) registration token, which is a sensitive identifier. Logging FCM tokens can lead to unauthorized access if logs are intercepted. It is critical to remove this logging statement or ensure it only executes in debug builds. Additionally, the broader block (lines 68-78) could be simplified for more idiomatic Kotlin, making the OnCompleteListener explicit redundant and improving readability by restructuring success/failure handling.

[gemini-code-assist]

The application logs the refreshed FCM registration token in the onNewToken callback. This exposes the token in the system logs, which is a security risk. It is recommended to remove this logging statement or restrict it to non-production environments.

[gemini-code-assist]

The application logs the entire data payload of incoming FCM messages. This payload can contain sensitive application data or PII, which should not be exposed in system logs. It is recommended to avoid logging the entire data payload. If logging is necessary for debugging, log only non-sensitive fields or ensure logging is disabled in production.

[gemini-code-assist]

The application logs the body of incoming FCM notifications. Notification bodies often contain sensitive user content or PII. It is recommended to remove the logging of the notification body to protect user privacy.