• State Not Answered
  • Replies 4 replies
  • Subscribers 17 subscribers
  • Views 2788 views
  • Users 0 members are here
Options
Related

Sideloading watch face Prg file

Giannix
over 3 years ago

Hi, I found a Web site that allows you to crate your own watch face. It builds a PRG file, I understand that have to upload it onto my Fenix and wonder whether it is a risky stuff.. Finally I haven't anything private but having Garmin pay enabled I wouldn't like to be exposed

What do you think?

Thanks 

  • 0 over 3 years ago

    I don't think it's very risky, but you should consider:

    - Each CIQ basically runs in its own little sandbox. CIQ apps don't have access to the filesystem, data from other CIQ apps, or things like Garmin Pay.

    - Even outside of CIQ, there are several things that aren't accessible via the user-visible filesystem (like certain settings, WiFi passwords, probably Garmin Pay information, etc.)

    - However, to the extent that some CIQ apps require access to user information (like your weight, heart rate zones, etc.) or to access the internet, you're prompted to give permission when you download an app from the store. So in this case, when you sideload the app, you won't be prompted for these permissions like you would be normally.

    Having said all that, nobody can *guarantee* there isn't some security vulnerability in CIQ where apps could somehow gain access to information that they normally can't (like Garmin Pay for example.) In this case, you would be taking the same risk whether you sideload an app or download it from the store. (Although at least the app in the store was reviewed by Garmin.)

    TL;DR IMO if you sideload an app from an untrusted source, it's the equivalent of giving the app all possible permissions:

    - read health profile, access internet, etc.

    So if you're comfortable with the fact that the sideloaded app potentially has all possible permissions that any CIQ app of that type can have, without notifying you, then it should be okay to sideload the app.

    A counter-argument would be that you should only download apps from the CIQ app store, because:

    - they've gone through a review process by Garmin

    - you have explicitly to agree to any permissions the app wants to request (like accessing the internet)

  • 0 over 3 years ago in reply to FlowState

    Thanks for your very detailed and meaningful answer ! I'll see what to do...risks:benefits...

  • 0 over 3 years ago
    Giannix said:
    Hi, I found a Web site that allows you to crate your own watch face. It builds a PRG file, I understand that have to upload it onto my Fenix and wonder whether it is a risky stuff..

    From my POV the sideloading option is intended by Garmin for testing apps by developers, not for distributing apps to customers.

    Sideloading bypasses the Garmin Store and the App Review Guidlines and therefore it is possible that the apps contain prohibited content.

    In this sense it's a "risky stuff. This may damage Garmin's reputation and may result in legal consequences in some countries.

    developer.garmin.com/.../


    I don't think Garmin will agree with this and stop it.

  • 0 over 3 years ago in reply to subra

    Yes, it makes sense indeed. I'll refrain mainly because won't know what that app (a watchface..) will do in background with the internet conx nor with the Garmin Pay (that counts more)

    Thanks