BLE Paring without bonding on Android

0
votes

I have a couple of peripherals to which my android phone should be able to connect to. To secure the link I've implemented BLE-Secure Connections on the peripherals. Since the only thing I want is to encrypt the link and I don't want users to have all my peripherals in their list of bonded devices, I don't want to bond.

So is it possible to just pair with the device and forget about it after disconnecting (and don't have to fear about some Bonding-Request dialog)?

Some background informations:

The Bluetooth Specification (v4.2 and v5) tells me, that Bonding or just Paring (throwing the keys away after the connection) should be just as simple as a Flag that one can set and request Bonding or not. (And on my peripherals this is that simple).

I already know, that I can pair + bond my devices with BluetoothDevice.createBond(), which nicely bonds in the background without any nasty dialog.

1
androidbluetooth-lowenergyandroid-bluetooth

1 Answers

1
votes

If you set the bonding flag to 0 on your peripheral and io capability to no input no output, then Just Works pairing will be done (no dialog). I also guess Android will respect the bonding flag you set on your peripheral and don't store the device info in the bonding list, since otherwise it doesn't follow the specification. The createBond method is still the one you should call.

The security you get in this case is just a simple Diffie-Hellman exchange, i.e. secure against eavesdroppers but not to a man in the middle.