Is there any update on this? Specifically, have decisions been made about whether to limit bluetooth comm to paired devices - as discussed below?
Thanks, Tom. On Dec 22 2008, 1:01 am, Qwavel <[email protected]> wrote: > Nick, > > Thanks for participating in this open conversation about thebluetooth > API - this is the first time that I'm aware of that outside developers > have had the opportunity to express themselves at this stage in the > development of a phone OS/API. > > As I'm sure you are aware,Bluetoothdata connection between apps are > supported by JSR82. To the best of my knowledge, the only platform on > which pairing is required for these connections is the Blackberry. As > far as I can tell, this was done for the pretense of security since > the platform was originally only targeted at the enterprise market. > On the Blackberry dev forums I regularly see confusion and surprise > about this restriction. > > The only other platform (beside the Blackberry) which really > limitsbluetoothis the iPhone, but this is expected of Apple. > > I am being dismissive about the security advantages of the blackberry > approach for these reasons: > > - The majority of phones available now (in Europe but not in the US) > allow full access to JSR82, without requiring pairing, and without > even requiring that the midlet be signed. > > - More importantly, I've not encountered any regret about this, or any > sense that it is a mistake. Instead, easy access to JSR82 is > spreading: now, even LG and Samsung are starting to provide this. > > - Security concerns like this should not be addressed by limiting the > functionality of the system, when they can be addressed at the > application security level. I can't comment on the difficulty of > implementing this, but certainly it would be better to produce an OS > that is not limited in the way that the BB and iPhone are. > > If you really believe thatbluetoothcommunication without pairing is > a security hole - and I believe that Nokia and SE have shown that it > isn't - then I think it would be better handled by the application > level security mechanisms. > > Thanks, > Tom. > > On Dec 3, 12:22 pm, Nick Pelly <[email protected]> wrote: > > > We are likely to preventBluetoothdata connections (RFCOMM) from apps > > unless the two phones have been paired. It's really hard to make > > security work any other way. > > > Nick > > Android Systems Engineer > > > On Wed, Dec 3, 2008 at 1:37 AM, whitemice <[email protected]> wrote: > > > > Hi Nick > > > While we are on the subject, I am looking for Android *Ad-hoc* > > >Bluetoothsupport. > > > > Example: Alice and Bob both have my client running on their phones, > > > and walk withinBluetoothrange of each other in a social setting. I > > > want the application to: > > > (a) Be able to detect the otherBluetoothphone in the room > > > (b) Detect that the same application is running on the other phone > > > (c) Create a data connection between the two phones without asking for > > > the user's permission (permission is granted beforehand). > > > > Is this considered a security problem, or will this kind of thing be > > > allowed in the new API? > > > > Some more info on what I am doing…. > > >http://blog.zedray.com/snowball/ > > > > Regards > > > Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
