I’m probably one of the few people still using a Pebble smart watch (still alive and kicking with Rebble!), and I’ve just gone through the app store and found a few cool apps that still work. Given that you have to give the Pebble android app quite a few permissions to be able to do its thing I’m now wondering if all the third-party apps can also access all those permissions. They’re mostly little FOSS one-person projects so I can probably have a nose through the source myself to check for dodgy behaviour, but does anyone know what the risks are in general?

  • PrincessOfChaos@feddit.de
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    Not helpful, I know, but take your upvote from a fellow Pebble user for a really interesting question 👍

  • DM294@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    What about gadgetbridge? They have a wide compatibility with several smartwatches.

    • mranderson17@infosec.pub
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      This is what I currently use with my pebbles. I’ve never used the pebble app, I just started with the FOSS option and stuck with it. Their wiki is really good https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki/Pebble

      EDIT: To answer the actual question from this angle, gadgetbridge is surprisingly security focused even though that’s not really it’s main goal. The developers do not allow it to make outbound connections and do not allow the watches it supports to make connections either (except where this is impossible to prevent, say if they can make their own network connections) which is why it doesn’t support in-app weather.

      • bug@lemmy.oneOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If I just deny the Pebble/Rebble app network permissions will that achieve a similar result?

        • mranderson17@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Probably? Though I have no experience with the rebble app. I don’t think any of it’s features like searching for apps, weather, etc will work properly and some android apps really misbehave when you take away permissions that they expect to have. Try it and let us know! =]

          • bug@lemmy.oneOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            OK, so after a few days of denying the pebble app network privileges everything seems to be working fine! Obviously I can’t access the app store now but I can just temporarily reactivate network if I want to download something new. I don’t really use any apps that need network (in the pebble’s old age I’d rather it take it easy and save battery and let the much newer phone run the things I need to run!) so there’s no real loss for my use case.

            • mranderson17@infosec.pub
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Nice, honestly this sounds like the perfect use case for Gadgetbridge which is a much newer and actively developed tool in addition to not requiring network access. But your solution works fine and I’m sure it’s less work if it’s what you were already doing anyway rather than migrating to a new app. Glad it’s working for you.

              • bug@lemmy.oneOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I tried out gadgetbridge too, seemed largely functional though I did notice the Bluetooth drop. Also it apparently uses old Bluetooth rather then BTLE? I’ll stick with Rebble for now but it’s good to know there’s a decent replacement when it eventually packs in!

          • kugiyasan@lemmy.one
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I can confirm, I’m running Android 13, and whenever I remove notifications permissions to the pebble app, it somehow gets them back by itself and I have that annoyed “connecting” notification opened all the time 🤡

    • bug@lemmy.oneOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Never heard of this before, looks interesting. Have you used it with a Pebble before? What works, what doesn’t?

      • Showroom7561@lemmy.ca
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I’ve used gadgetbridge for years with my pebble time, which I retired last month.

        I mean, notifications, step counting, sleep tracking, all the basics worked.

        • bug@lemmy.oneOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Nice! I’ve been reading through the wiki and it seems a bit rough around the edges but I’m up for giving it a try.

          • Showroom7561@lemmy.ca
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Honestly, it maintains the simplicity/minimalism of the Pebble without much fuss, unless you need some third-party apps from long ago.

            I only had a few hiccups when Bluetooth would disconnect, but it’s been quite reliable and they are always improving the app.