Connect version 4.20 broke local http access?

To be clear, the IPv4 (and IPv6) standards already have clear notions of which IP addresses are local/private/non-routable and which are not (as alluded to above). e.g. If your IP address is 192.168.0.1, then no router will ever pass traffic between you and another network. My understanding is that Apple chose to allow HTTP for all IP addresses, but they could've easily just decided to apply that policy to the non-routable IP addresses.

Fair point about exactly where these changes are coming from. I haven't really looked into it, although I would be shocked if they were much more stringent than Apple. My impression is that it's an overly stringent catch-all policy from Garmin, but that's just my educated guess.

In addition to local addresses (127.0.0.*) and 192.168.* addresses, if it were up to me, I would personally allow HTTP for all of the non-routable addresses (for private networks), since by definition they are not accessible over the internet. If it's on a local/private network, I think it should be fair game for HTTP.

https://stackoverflow.com/questions/528538/non-routable-ip-address

'The private address segments (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255) are commonly referred to as "non-routable" addresses.'

It gets back to who figures out things other than local host are "local", and I'm thinking that's Android itself and not GCM.

Yes, it might make sense to allow HTTP for local host, and say 192.168 addresses.  The default net used by about every router shipped.

One question that has yet to be asked, is if this change to GCM is being driven by a change to Android itself, as was the case to ATS, which could complicate things.

And of course, I meant Apple's App Transport Security. >_>

Can we please get an edit button for this sub-forum?