I have research in GCM based mobile botnet attacks which use push notification as command and control channel. The botnet approach is very stealthy and silent because of other legitimate applications also using GCM push notification.
How can one distinguish the applications which use push notification as command and control?