Complete

Garmin Connect Mobile 4.22 for Android includes the changes to allow HTTP on 127.0.0.1.

Connect version 4.20 broke local http access?

Getting several reports of functionality no longer working, it looks like Android Garmin connect app version 4.20 may have broken web request to local host via urls like http://127.0.0.1:17580/sgv.json?count=3

  • GCM Android 4.25.3 was released today, which looks like it has broke 127.0.0.1 again!

    Anyone else experiencing this?

  • the reasoning is clear - Garmin doesn't give a darn about connect iq (outside of the connect iq team) - they just use it as a marketing checkbox. over the last year various things have been broken that shows they have no overall qa for connect iq. and they never fix it fully. they haven't even bothered to fix this forum to allow proper replies.

  • One more vote for reconsidering the fix. Unencrypted http connections should be allowed to IP addresses. I'm all for https on the big wild internet, but in some cases it just does not make any sense.

    In my specific case, an option to allow https connection without certificate validation would probably also work, but again, it should not be necessary. Https connections to numeric IP addresses just doesn't make much sense.

    I've been working on a Hue app for a few days using the simulator without any problems. Then, when testing it on the watch, I'm hit with a big fat hammer. It's not working, and it's not going to work because of some policy that's not even being explained. Not in the documentation (which is a bit incomplete, on a more general note), and not here in the discussion. No reasoning behind the decision to only allow http access to 127.0.0.1, despite lots of comments asking for a reconsideration, or at least an explanation.

    This really took away a lot of the joy of my brand new top tier Garmin watch.

  • So, the issue is that newer versions of Android have enabled https (encrypted) access by default but allow apps to override this to use http ("cleartext") access.

    App developers have lots of control over what they allow the override for.

    While it's reasonable to require https for public servers, it doesn't make sense for local (private) networks. No one really uses certificates for these and doing so creates other security problems.

    Every IoT app has to override https access. Garmin Connect Mobile is an IoT app that really has to do the same thing.

    Garmin should allow http (cleartext) access to local (private) networks for IQ apps. Given that it appears that Garmin allows cleartext access to their public sites (which makes no sense), they could allow it for private sites too.

    IQ developers writing apps that do home automation or IoT things either have broken apps or have the burden of writing extra Android apps.

    Cleartext access is allowed on iOS (for numeric IP addresses) but not on Android. That creates another problem where there's an inexplicable (to end users) difference in behavior.


    By blocking cleartext access to private networks, Garmin is doing a large disservice to the developers it wants to build IQ apps.