That is one approach, (using firebase) but I am wary of using google services. They discontinue or change products with little warning, and they probably save a copy of everything we send through them. There is a java library that allows you to do it directly from your own server where the message you send is encrypted and we have much more control and privacy. My application involves medical stuff that needs to be hippa compliant. Removing another source that needs another baa
I dont think that firebase cloud messaging, will take much changes. A lots of Android-Apps rely on it.
You could also manually encrypt the message, before sending it via firebase.
But sure, using google-services is in some cases not a deal.
Which java-library you are using for this? 
I am actually using firebase now with the https://pushjs.org/ framework and plug in… but want to eventually remove google… there are a few java libraries on git hub but I do not know Java - so have trouble integrating it into my lucee code.
JSON Queries in MSSQL/MariaDB
- How to query with JSON params / schema
- How to use CFQUERY to get json result in query object