Menu
I have been playing around with the bluetooth options on android, and found an app that gave two connection options (secure and insecure). I tried to find some information about it on the internet, but everything I found was pretty vague. I have a general idea that Insecure isn't as safe as using Secure.
What are the advantages of using one over the other? Should I always stick to Secure or should I go for insecure?
Thank you for your time,
361
What are the advantages of using one over the other? Should I always stick to Secure or should I go for insecure?
The only advantage in using insecure, is that you don't prompt the user when creating a communication channel (this one would be an easy prey "Man in the middle" attacks), but that doesn't mean that it will always work. Here's a question where the user complains about some devices asks for pairing while others don't.
Also this phrase comes from android API:
For Bluetooth 2.1 devices, the link key will be encrypted, as encryption is mandatory. For legacy devices (pre Bluetooth 2.1 devices) the link key will be not be encrypted. Use createRfcommSocketToServiceRecord(UUID) if an encrypted and authenticated communication channel is desired. link
So, possibly in the future there would be no way to create an Insecure connection between two devices.
This answer your second question, you should stick with the Secure. When developing ('cause you can't know for sure if it's going to work) and for security reasons when using an app.
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
