@bobhaugen: I wrote about some reverse-engineering methods, using google cloud messaging (GCM) on #android as an example. Not really new or rocket science, though.

for the techinclined: The ancient version of the GApps for Android 4.4 still uses plain TLS without cert pinning, so a really basic self-signed cert and man-in-the-middle was enough to get into the transport layer. Inside I found ProtoBuf encoded messages and wrote a custom MITM tool to inspect those.

ps: The newer version for Androidv5++ do have cert pinning, though. Always push your friends to update or every starbucks and/or airport wifi can intercept your push messages.