Why does FCM changes token some times

Question

What I learned about FCM is that its token never gets expired unless;

• The app deletes Instance ID
• The app is restored on a new device
• The user uninstalls/reinstall the app
• The user clears app data.

I have provided a option to user to enable/disable notification, user clicks on disable and i send null to server, and FirebaseInstanceId.getInstance().getToken() when user enable push notifications

Now some times it sends the same token when user re-enable the notifications, and few times it changes the FCM Token.

My Questions are:

1. Why does it change the Token, when nothing of the 4 conditions mentioned above are true, and if it's changing it randomly, then there is a chance that it changed the token at any point of time, and the server is sending the notification to the wrong Token.
2. I noticed that, if I clear data, and open the app, it hits for Token registration and gets the same token sometimes does it store udid of devices, or what mechanism, by which it knows that it's the same device.

Answer 1

For your Questions.

1) Security reason is behind changing of the token. If your app has a static token and if someone got that, they can have a control. Once the new Token generated you have to update it with your user data in the server. So you won't send it to the wrong token. this will happen only when your user went offline for a while.

2) Token generated by FCM is unique. The FCM token generated using your Device id and App id. So no other device will get the same token if your's changed. Complete mechanism of generating token can't be exposed for the same security purpose.