Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API.
As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe that bluetooth communication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly <npe...@google.com> wrote: > We are likely to prevent Bluetooth data connections (RFCOMM) from apps > unless the two phones have been paired. It's really hard to make > security work any other way. > > Nick > Android Systems Engineer > > On Wed, Dec 3, 2008 at 1:37 AM, whitemice <markbr...@zedray.co.uk> wrote: > > > Hi Nick > > While we are on the subject, I am looking for Android *Ad-hoc* > >Bluetoothsupport. > > > Example: Alice and Bob both have my client running on their phones, > > and walk withinBluetoothrange of each other in a social setting. I > > want the application to: > > (a) Be able to detect the otherBluetoothphone in the room > > (b) Detect that the same application is running on the other phone > > (c) Create a data connection between the two phones without asking for > > the user's permission (permission is granted beforehand). > > > Is this considered a security problem, or will this kind of thing be > > allowed in the new API? > > > Some more info on what I am doing…. > >http://blog.zedray.com/snowball/ > > > Regards > > Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
