I’m probably one of the few people still using a Pebble smart watch (still alive and kicking with Rebble!), and I’ve just gone through the app store and found a few cool apps that still work. Given that you have to give the Pebble android app quite a few permissions to be able to do its thing I’m now wondering if all the third-party apps can also access all those permissions. They’re mostly little FOSS one-person projects so I can probably have a nose through the source myself to check for dodgy behaviour, but does anyone know what the risks are in general?
What about gadgetbridge? They have a wide compatibility with several smartwatches.
This is what I currently use with my pebbles. I’ve never used the pebble app, I just started with the FOSS option and stuck with it. Their wiki is really good https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki/Pebble
EDIT: To answer the actual question from this angle, gadgetbridge is surprisingly security focused even though that’s not really it’s main goal. The developers do not allow it to make outbound connections and do not allow the watches it supports to make connections either (except where this is impossible to prevent, say if they can make their own network connections) which is why it doesn’t support in-app weather.
If I just deny the Pebble/Rebble app network permissions will that achieve a similar result?
Probably? Though I have no experience with the rebble app. I don’t think any of it’s features like searching for apps, weather, etc will work properly and some android apps really misbehave when you take away permissions that they expect to have. Try it and let us know! =]
