Under Review

Allow HTTP Access on Android

Currently, access to HTTP servers (without encryption) is only possible when Garmin devices are paired with iOS devices. When paired with Android devices, HTTPS is enforced.

To my understanding, this is not an inherent limitation of Android itself, but rather a choice in the implementation of Garmin Connect Mobile on Android.

The apps I develop focus on home automation use cases, where the watch communicates with servers running inside the user's home network, either directly over the local network or through lightweight VPN solutions such as Tailscale. These servers often do not provide HTTPS with valid certificates. In some setups this can be solved using cloud-based reverse proxies, but in many cases users would need to configure their own reverse proxy and certificate management, which is often beyond their technical capabilities.

As a result, practical use of these apps is currently often limited to iOS users.

While I understand that this is a relatively niche use case, I believe it is still a valid one where requiring HTTPS does not necessarily provide additional security benefits, especially for local or VPN-only connections controlled entirely by the user.

Therefore, I would suggest reconsidering this limitation on Android and allowing HTTP access for Connect IQ applications, similar to the current behavior on iOS. From an Android perspective, this may be as simple as enabling cleartext traffic support (for example via the usesCleartextTraffic option or a network security configuration).

the-ninth
  • in reply to the-ninth

    I was doing development back when the https requirements first came about.  I mentioned the bug reports from that time but there were also posts in the general forum, as this impacted a number of apps.  For most of mine I could just switch to https, but for a few, it wasn't possible and I ended up just removing those apps.

    Your best bet is probably to see if your services will work with https.  Even if you find some other way, it's likely to be too complex or support intensive for many users,

  • So Every Proxy turned out to be a dead end, but I found two other Android apps that are more promising: TCP Relay and Android Proxy Server Pro. The latter is paid, but appears to have built-in support for automatically starting when Android boots. TCP Relay would instead require an additional automation tool such as Automate to launch it on startup.

    In both cases, Android battery optimization settings would also need to be adjusted so the relay app is not killed while running in the background. How reliable that is may vary significantly depending on the phone vendor.

    A user I am in contact with already tested TCP Relay successfully. Using it, he was able to connect to the HTTP server through his Android phone.

    However, with the additional complexity of reliably keeping the relay active in the background, I do not think this can realistically be considered a practical workaround for most users.

  • in reply to the-ninth

    Check in the bug reports about this change.  If I recall, it was due to changes in android security, though some links have been lost since the change in the forum SW,

    Here's one:

    Connect version 4.20 broke local http access? - Connect IQ Bug Reports - Connect IQ - Garmin Forums

    I was using http for my own home automation (and other things) back when this changed (2017-18?) and switched to https, or if that wasn't possible, removed the CIQ app.

  • in reply to jim_m_58

    You can still use http if the service is running on localhost or 127.0.0.1

    That is interesting. So basically running a proxy directly on the phone could potentially work around the issue. It seems there are some Android apps that can do this, for example Every Proxy.

    I will see if I can find a user who would be willing to test this setup together with me.

  • Initially, this came about in iOS but then was loosened in iOS and added to Android around GCM 4.20.  I recall it was due to a change in android.  You can still use http if the service is running on localhost or 127.0.0.1