Complete
over 4 years ago

Garmin Connect Mobile 4.22 for Android includes the changes to allow HTTP on 127.0.0.1.

Connect version 4.20 broke local http access?

Getting several reports of functionality no longer working, it looks like Android Garmin connect app version 4.20 may have broken web request to local host via urls like http://127.0.0.1:17580/sgv.json?count=3

Horsetooth
Parents
  • over 4 years ago

    So, the issue is that newer versions of Android have enabled https (encrypted) access by default but allow apps to override this to use http ("cleartext") access.

    App developers have lots of control over what they allow the override for.

    While it's reasonable to require https for public servers, it doesn't make sense for local (private) networks. No one really uses certificates for these and doing so creates other security problems.

    Every IoT app has to override https access. Garmin Connect Mobile is an IoT app that really has to do the same thing.

    Garmin should allow http (cleartext) access to local (private) networks for IQ apps. Given that it appears that Garmin allows cleartext access to their public sites (which makes no sense), they could allow it for private sites too.

    IQ developers writing apps that do home automation or IoT things either have broken apps or have the burden of writing extra Android apps.

    Cleartext access is allowed on iOS (for numeric IP addresses) but not on Android. That creates another problem where there's an inexplicable (to end users) difference in behavior.


    By blocking cleartext access to private networks, Garmin is doing a large disservice to the developers it wants to build IQ apps.

Comment
  • over 4 years ago

    So, the issue is that newer versions of Android have enabled https (encrypted) access by default but allow apps to override this to use http ("cleartext") access.

    App developers have lots of control over what they allow the override for.

    While it's reasonable to require https for public servers, it doesn't make sense for local (private) networks. No one really uses certificates for these and doing so creates other security problems.

    Every IoT app has to override https access. Garmin Connect Mobile is an IoT app that really has to do the same thing.

    Garmin should allow http (cleartext) access to local (private) networks for IQ apps. Given that it appears that Garmin allows cleartext access to their public sites (which makes no sense), they could allow it for private sites too.

    IQ developers writing apps that do home automation or IoT things either have broken apps or have the burden of writing extra Android apps.

    Cleartext access is allowed on iOS (for numeric IP addresses) but not on Android. That creates another problem where there's an inexplicable (to end users) difference in behavior.


    By blocking cleartext access to private networks, Garmin is doing a large disservice to the developers it wants to build IQ apps.

Children
No Data