Mastodon IzzyOnDroid


Say thanks!
↓ Your product here? ↓
Gadgetbridge: Communicate with your Pebble/Miband privately without putting your data into the cloud!Gadgetbridge: Communicate with your Pebble/Miband privately without putting your data into the cloud!
 
Das inoffizielle Android-Handbuch: Einsteiger-Workshop, Apps, Datensicherung, Sicherheit, Privatsphare, Tuning, Root-Zugang und mehr: Mit Android Tuning, Sicherheit, Office, Musik, Video & CoDas inoffizielle Android-Handbuch: Einsteiger-Workshop, Apps, Datensicherung, Sicherheit, Privatsphare, Tuning, Root-Zugang und mehr: Mit Android Tuning, Sicherheit, Office, Musik, Video & Co
Buy at Amazon for EUR 30,00
Pebble 401SLR Brushed Edelstahl Smart Watch (3,2 cm (1,26 Zoll) E-paper Display inkl. LED Backlight)Pebble 401SLR Brushed Edelstahl Smart Watch (3,2 cm (1,26 Zoll) E-paper Display inkl. LED Backlight)
Buy at Amazon for EUR 129,95
Pebble 401SLR Steel Smart Watch (3,2 cm (1,26 Zoll) E-paper Display inkl. LED Backlight) matte schwarzPebble 401SLR Steel Smart Watch (3,2 cm (1,26 Zoll) E-paper Display inkl. LED Backlight) matte schwarz
 
Pebble Smartwatch für iPhone and Android (schwarz)Pebble Smartwatch für iPhone and Android (schwarz)
 
pebble Time Steel Kickstarter Edition Smart-Watch Goldpebble Time Steel Kickstarter Edition Smart-Watch Gold
Buy at Amazon for EUR 528,41
pebble Time Smart Watch rotpebble Time Smart Watch rot
Buy at Amazon for EUR 299,95
Pebble 60100053 Time Round Smartwatch 14mm Silber/rotPebble 60100053 Time Round Smartwatch 14mm Silber/rot
Buy at Amazon for EUR 249,00
atFoliX Schutzfolie für Pebble Time Steel Folie - 3 x FX-Curved-Clear Flexible Displayschutzfolie für gewölbte Displays - vollflächiger Schutz bis zum RandatFoliX Schutzfolie für Pebble Time Steel Folie - 3 x FX-Curved-Clear Flexible Displayschutzfolie für gewölbte Displays - vollflächiger Schutz bis zum Rand
Buy at Amazon for EUR 5,79
As of 2018-12-14 16:24
prices & availability might be subject to change.
dehelp

Smartwatches and privacy – contradiction in terms?

Spywatches
Spywatches; © Karlis Dambrans / Izzy (CC-BY)
Source: Flickr

In my blog series Android without Google I´ve already talked about privacy concerns: one big company collecting that much data about what I read and do, where I am at what time, whom I connected with, whom I call how often, what my WiFi passwords are, and so on, can make people paranoid (though that´s called „informed“ nowadays) – or completely ignorant. I obviously belong to the former group, as one can easily tell not only by the articles on this site. So should someone like me even toy with the idea of using a smartwatch? Wouldn´t that just feed that paranoia?

For quite some time, I would have thought so. But there are always two sides of a medal. Besides „being cool“ (which to me doesn´t count as argument), a smartwatch has its real pros. So maybe we could „glue“ that medal with its cons down, picking the raisins while kicking the pits out? I couldnt resist, and wanted to find out. Not that I had the money or time for a thorough research on the topic, but Ive tested two devices and finally stuck with one. So there must be a way, obviously ;)

What choices are out there?

I don´t know them all, so I can only give some examples. Most smartwatches are based on one of the following systems:

Okay, there are also watches running Android. And there are the Apple watches. Plus there´s WatchOS, and most likely there are several more. I don´t know them all, and I can´t name them all. I definitely can´t test them all (and be it just for the prices). So lets leave it at that, and take a look at what I´ve checked.

ZCG: An MTK watch

ZCG watch
ZCG smartwatch

My first watch was an unnamed ZCG watch. All it gave for identification was „Smartwatch“. I got it at Groupon with a „50% discount“ (just to figure later that was the regular price it gets sold at on many places). By the specs and design, it´s very likely a ZGPax S29 or a clone of it. For about EUR 50, it´s quite affordable. It features a built-in GSM phone (2G), camera (1.3 MP), speakers & mike, takes a standard SIM and microSD card (max 32GB), supports multiple languages (a.o. English and German). Its 450 mAh battery usually needed a recharge much earlier than any of my phones – and the 240 x 240px 1.54” TFT LCD Display is used as touch-screen input device (sometimes a bit tricky, but works). Starts out-of-the-box without any „companion device“ connected – but can work with iOS and Android alike (the latter being better supported).

BTNotification
BTNotification App

Speaking of support: that was rather non-existent. I had several issues with this device: notifications of some apps were never shown; if I wanted incoming calls to be signaled I had to use the watch to talk (!!) with the other side on the speakers (!!) – plus the companion app gave me some headaches. Apart from never auto-connecting, there was that popup each time it was opened: „Whether downloading fundo? Fundo of the animals is a motion data stewards, watch movement data synchronization“ (see screenshot). Sounded pretty shady: why does that companion app advertize some „funny game“ each time I start it? Not to speak of the bad translation. I never received any reply from ZCG, and I tried it multiple times. Groupon just told me to contact ZCG. Only on pressure, Groupon agreed to notify ZCG of the need for communication – but all I´ve got then was „If you dont like it, send it back“ – addressing my issues with no single word. Yuck. I´ll never buy anything from them again, and can only advice you to do the same.

Doing some research later (I´ve never confirmed that popup), it seems it was really nothing but a very, very bad translation – and probably pointed at the Fundo Companion app for health data and improved notifications, or the FunDo SmartDevice app. Wasn´t important to me anymore, as I gave the watch away already. Like the BTNotification app,1 this app wants access to all kind of personal data (including calendar, contacts, call logs, accounts, phone state & identity) and of course to the Internet. Guess I don´t need to say more: that´s exactly what I was afraid of to start with, all my sensitive data potentially going to the cloud. No, thanks.

Of course I´ve never tested the health functions with this watch (and I´ve even blocked its Internet permission straight away). It was a nice toy, could even remote-control my phone´s camera (when that worked – approximately on every 5th try). But as half of the features advertized did not (or only partly) work, and the battery gave up in the early evening already, it was of no use to me. I could have thought about using it as a „memory stick“ (with an SD card inserted, one just needs to connect an microUSB cable which is also used for charging, and it would provide the card as USB mass storage). But hey, an USB stick fits in my pocket as well.

Pebble

Pebble
Pebble Time Steel

My next thought was: a crowd-founded watch like the Pebble might consider the end-user more. I didn´t want a simple Pebble, but the Pebble Time Steel. But first I wanted to know about my concerns – and thus contacted Pebble support by mail. Immediately got an auto-response, and a personal response within 24 hours. I was impressed.

I was less impressed by the first part of the answer – which confirmed one cannot even activate the watch without using its companion app, which in turn requires a Pebble account on their website. And of course all your data is stored in their cloud. That was a show-stopper. But luckily it didn´t stop me from reading on: the Pebble employee further informed me there´s an open-source app available working completely offline, being compatible with all current Pebble watches and, in a limited way, could be used with the Pebble watch in daily life. So when the price for the Pebble Time Steel suddenly dropped by 20%, ending up below the EUR 200 margin, I could no longer resist – and ordered one. Which made me a big fan of Gadgetbridge and the crew behind it: they´re riding the same wave I do.2 Their app doesn´t request the Internet permission for privacy reasons, and it´s not intended to change that (though there are many issues filed at their Github presence asking for it, it´s always turned down: there might be an addon one day, but the main app will stay free of this permission.

Gadgetbridge
Gadgetbride configuration

You can install Gadgetbrigde via F-Droid. To initialize your Pebble, you will also need a firmware image, which can be downloaded from the Gadgetbridge Wiki. Copy that to your Android device, then pair your Pebble, and – from a file manager – chose to open the image file with the Gadgetbridge firmware installer. You will see your Pebble downloading the file, installing the firmware, reboot – and then you´re ready to play with your new Gadget.3 After adding the Pebble to Gadgetbridge, you can use the installer also to load Watchfaces. And of course Gadgetbridge itself to configure interactions with your Android device. Notifications simply work, including incoming calls. Gadgetbridge also takes care to sync the time. And auto-connects your Pebble whenever Bluetooth gets enabled, if you wish so. You even can control your favorite music player without taking your phone out of your pockets, and more.

Of course there are some limitations: functionalities requiring an Internet connection (such as watchfaces displaying weather information) will fail, as Gadgetbridge doesn´t offer Internet access. But that´s intentional. You can use Pebble apps that have an Android companion app (Gadgetbridge supports that) – and if those offer Internet functionality, you can use that. But be aware that there are security implications which neither the Pebble nor Gadgetbridge are to blame for:4 Neither Gadgetbridge nor the companion app can tell who´s using them, as they are just called by an intent. Quoting one of the devs:

Every Android app without any permission at all will be able read your Addressbook and send 1000 premium SMS for 5€ each without you even notice if you have "Dialer for Pebble" installed, even if you do not own a Pebble at all and have neither Gadgetbridge nor the official pebble app installed.

But nobody forces you to install such an app („Dialer for Pebble“ was just used as one example – it´s a cool app, and again not to be blamed for the underlying Android functionality). I´m quite happy with my Pebble Time Steel and Gadgetbridge, as it simply works – and look forward how Gadgetbridge develops. In its hidden settings I was even able to activate the Pebble´s health functionality – and now have details on how many steps I take per day, how well I slept, and how active I´ve been. Without having those data in the cloud.

Another plus: the display. It´s always on, and still the battery lasts a full week. The brighter the sun shines on it, the better you can read it (so just the other way round as it is with most other watches). And if it gets too dark, a flick of your wrist switches on the background light for a few seconds5 so you can easily read it in the dark as well. True, the eInk display isn´t made for „fast motion“ – but honestly, I don´t use my smartwatch to watch action movies  :D

Verdict: While they usually are contradictional when using them the „intended way“, the terms „smartwatch“ and „privacy“ can go well together – if you know how to achieve that. Expect to see another article here focusing on Gadgetbridge, as soon as I find time to write it ;)

privacy


  1. which you cannot download from Google Play: though there´s an app going by the same name and even same package ID, that´s not compatible with the watch. You have to scan a barcode displayed on the watch, download the .apk, and side-load it („unknown sources“ must be enabled for that). ↩︎

  2. And they support their app very well: each of my reports got answered the same day, little issues I had where solved quickly and ideas picked up. The team is very privacy aware (to them it´s always „privacy first“), the app is open source – so I feel in good hands with them. ↩︎

  3. If you´re more the visual type, you can find the procedure in a video at FreeYourGadget.Org↩︎

  4. It´s simply the way how the Pebble apps communicate with Android: not being installed on your Android device, they cannot use „API calls“ which can be protected by permissions, but rather have to use intents – which you could compare to an old land-line phone: you hear it ring but cannot tell who´s calling. So the targeted app doesn´t know who is requesting the information, and simply must assume it´s legit. ↩︎

  5. 3 seconds by default, but you can configure that; I´ve set it to 5 seconds for my Pebble, so I manage to read the screen in full when a notification comes in. ↩︎

2016-06-01 (2016-06-02)