Hi all, Which group should I put the messages about *cupcake* bluetooth into? Any idea?
thanks, husheng Qwavel wrote: > Is there any update on this? > > Specifically, have decisions been made about whether to limit > bluetooth comm to paired devices - as discussed below? > > Thanks, > Tom. > > On Dec 22 2008, 1:01 am, Qwavel <[email protected]> wrote: > >> Nick, >> >> Thanks for participating in this open conversation about thebluetooth >> API - this is the first time that I'm aware of that outside developers >> have had the opportunity to express themselves at this stage in the >> development of a phone OS/API. >> >> As I'm sure you are aware,Bluetoothdata connection between apps are >> supported by JSR82. To the best of my knowledge, the only platform on >> which pairing is required for these connections is the Blackberry. As >> far as I can tell, this was done for the pretense of security since >> the platform was originally only targeted at the enterprise market. >> On the Blackberry dev forums I regularly see confusion and surprise >> about this restriction. >> >> The only other platform (beside the Blackberry) which really >> limitsbluetoothis the iPhone, but this is expected of Apple. >> >> I am being dismissive about the security advantages of the blackberry >> approach for these reasons: >> >> - The majority of phones available now (in Europe but not in the US) >> allow full access to JSR82, without requiring pairing, and without >> even requiring that the midlet be signed. >> >> - More importantly, I've not encountered any regret about this, or any >> sense that it is a mistake. Instead, easy access to JSR82 is >> spreading: now, even LG and Samsung are starting to provide this. >> >> - Security concerns like this should not be addressed by limiting the >> functionality of the system, when they can be addressed at the >> application security level. I can't comment on the difficulty of >> implementing this, but certainly it would be better to produce an OS >> that is not limited in the way that the BB and iPhone are. >> >> If you really believe thatbluetoothcommunication without pairing is >> a security hole - and I believe that Nokia and SE have shown that it >> isn't - then I think it would be better handled by the application >> level security mechanisms. >> >> Thanks, >> Tom. >> >> On Dec 3, 12:22 pm, Nick Pelly <[email protected]> wrote: >> >> >>> We are likely to preventBluetoothdata connections (RFCOMM) from apps >>> unless the two phones have been paired. It's really hard to make >>> security work any other way. >>> >>> Nick >>> Android Systems Engineer >>> >>> On Wed, Dec 3, 2008 at 1:37 AM, whitemice <[email protected]> wrote: >>> >>>> Hi Nick >>>> While we are on the subject, I am looking for Android *Ad-hoc* >>>> Bluetoothsupport. >>>> >>>> Example: Alice and Bob both have my client running on their phones, >>>> and walk withinBluetoothrange of each other in a social setting. I >>>> want the application to: >>>> (a) Be able to detect the otherBluetoothphone in the room >>>> (b) Detect that the same application is running on the other phone >>>> (c) Create a data connection between the two phones without asking for >>>> the user's permission (permission is granted beforehand). >>>> >>>> Is this considered a security problem, or will this kind of thing be >>>> allowed in the new API? >>>> >>>> Some more info on what I am doing…. >>>> http://blog.zedray.com/snowball/ >>>> >>>> Regards >>>> Mark >>>> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
