1. Home

Restrict Bluetooth to just Notifications for security

You are reading a single comment by @Gordon and its replies. Click here to read the full conversation.

  • I'm not entirely sure what you're asking here - whether an app on the watch can influence your Android device via Gadgetbridge?

    Not by default, no. What the app can do is very clearly defined. However if you enable Intents in Gadgetbridge's device options (it's off by default) then a malicious Bangle.js app could do a bunch of stuff on your phone.... But that's why it is off by default :)

    Maybe the functionality to install more apps onto the watch should only be possible from some apps or the browser with an extra programming PIN, and not from all apps from that (whitelisted) device.

    If you turn 'Programmable:off' on the device then nobody can install apps unless you turn that back on. I think that's good enough security-wise...

    I guess what I would love to see is some sort of threat model how the watch behaves and what is guaranteed to work and what isn't. What is the responsiblity of the user to secure and what isn't and what the guarantees in terms of isolation and security are.

    You mean in terms of documentation? If you're concerned about what can be done on your Android device over Bluetooth via the Gadgetbridge connection, check out http://www.espruino.com/Gadgetbridge - it's all documented there

About

Avatar for Gordon @Gordon started

© Espruino, powered by microcosm.

About Terms of Use Privacy Policy Cookie Policy Report a problem