I am developing a device that needs to communicate securely to an Android app via Bluetooth. I need that only a predefined phone to be able to communicate with my device for security reason. And I also need to assure that this is not an intruder device that is trying to communicate falsified data to the app.
Looking at Bluetooth specs, I had the impression the only way to do that is with out of band (OOB) authentication with a pre-provisioning temporary key (TK). This looked very promising but after trying to find how to use OOB on an Android app, it seems like it is not supported.
Is it still possible to use OOB authentification on Android ?
If no, is there another alternative to solve my issue ?
This is doable but it depends on the BLE peripheral that you are developing and the features that it supports. Namely, your device needs to support Whitelisting and bonding. This is how it should work.
It is not straight-forward and requires an initial secure-less connection with the target phone, but if that is not an issue then this should work.
You can find more information about this in the links below:-