Works with Nest changes - What does this mean for us?

Posted on
Sat May 11, 2019 7:35 pm
Korey offline
User avatar
Posts: 545
Joined: Jun 04, 2008
Location: Henderson, NV

Re: Works with Nest changes - What does this mean for us?

The "Big Boys" showing me ONCE AGAIN, that I was correct! NEVER buy any device to integrates with Indigo that relies on the "Cloud"

Like @roussell , I still have 3 x T1800 Thermostats, I was tempted by the sexy nests, but didn't like the "cloud" aspect. and when it came to irrigation.. Rain Machine.

The internet can completely vanish in one big EMP and my home will keep on working as it has for years and years. (assuming the EMP doesn't get me too) :D

3 cheers for Matt and Jay!

Oh, and FTC! :lol:

--
Korey

Posted on
Sat May 11, 2019 8:41 pm
jay (support) offline
Site Admin
User avatar
Posts: 15298
Joined: Mar 19, 2008
Location: Austin, Texas

Re: Works with Nest changes - What does this mean for us?

You're assuming that the security is done at the network/OS level. My theory is that the encryption will be done at the application level. So TLS and the rest of the transport stack is irrelevant because the message carried over whatever is encrypted. At least, that's what I'd do given that Android can't be controlled as tightly as iOS/macOS.

Jay (Indigo Support)
Twitter | Facebook | LinkedIn

Posted on
Sat May 11, 2019 8:56 pm
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

But they have to support old versions of Android as well and those probably cannot do that. Most apps still support Android 4 and higher or 4.4 and higher. When Google also lets the manufacturers change parameters, it means that Google has to allow a wide margin of support. Like I previously stated, TLS 1.1 and TLS 1.2 were supported in older releases, but Google left it up to the manufacturers to enable.

Nest still supports TLS 1.0; so they are still supporting older versions of Android.

Posted on
Sat May 11, 2019 9:05 pm
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

Also, what keeps the app from being torn apart to see how it works?

https://stackoverflow.com/questions/43752446/how-to-decompile-an-android-app-from-the-google-play-store

https://infosecguide.wordpress.com/2013/12/17/step-by-step-guide-to-decompiling-android-apps/

How easy is it to decompile an Android app? If you have an Android tablet and a Windows laptop with the right tools installed, it takes all of 10 minutes (if that).


https://medium.com/@thomas_shone/reverse-engineering-apis-from-android-apps-part-1-ea3d07b2a6c

Posted on
Sat May 11, 2019 9:21 pm
RogueProeliator offline
User avatar
Posts: 2183
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Works with Nest changes - What does this mean for us?

That is a vast over simplification as most Android apps that are attempting to prevent reverse engineering (i.e. Google apps) would be obsfucated -- Android Studio, in fact, has support built in, though I can't remember if it is enabled by default or not. If the application encrypts the payload as Jay was referencing (nothing to do with TLS versions) then you would need to determine the encryption functions and method they are using to access the key & IV from an obsfucated decompilation. THAT can be very difficult.

You could, though, get around the need for a direct API -- Google has some officially supported APIs/builds for rPi's that enable the assistant on them. A little coding and Indigo could talk to the Pi which accesses the Assistant and acts as the interface. Now, having said that I don't think it would be the fastest interface layer... but it would suffice compared to, well, no control. :-)

Adam

Posted on
Sat May 11, 2019 9:27 pm
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

But does Kitkat support said encryption? The Nest app is compatible with phones running Kitkat. Unless they plan on seriously upping the API level required, they are stuck with what the older platforms support.

Posted on
Sat May 11, 2019 9:29 pm
gt3mike offline
Posts: 129
Joined: Dec 31, 2017
Location: Colorado

Re: Works with Nest changes - What does this mean for us?

You are talking about transport encryption. They can embed whatever payload encryption they want in their app itself.
Last edited by gt3mike on Sun May 12, 2019 8:02 am, edited 1 time in total.

Posted on
Sat May 11, 2019 9:50 pm
RogueProeliator offline
User avatar
Posts: 2183
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Works with Nest changes - What does this mean for us?

Incidentally, Google has TLS 1.2 available back to 4.1 Jelly Bean... with one caveat, only for those devices running the Google Play Services. The security provider can be updated via Google Play Services independently of the OS.

Posted on
Sun May 12, 2019 8:40 am
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

gt3mike wrote:
You are talking about transport encryption. They can embed whatever payload encryption they want in their app itself.


Of which is visible to what they are doing within the app itself. A few changes of code in the app and you can have the app print what is going on. How they encrypt traffic is also clearly available in the app.

RogueProeliator wrote:
Incidentally, Google has TLS 1.2 available back to 4.1 Jelly Bean... with one caveat, only for those devices running the Google Play Services. The security provider can be updated via Google Play Services independently of the OS.


https://developer.android.com/reference/javax/net/ssl/SSLSocket

Protocols
Client socket:

Protocol Supported (API Levels) Enabled by default (API Levels)
SSLv3 1–25 1–22
TLSv1 1+ 1+
TLSv1.1 16+ 20+
TLSv1.2 16+ 20+
TLSv1.3 29+ 29+
Server socket:

Protocol Supported (API Levels) Enabled by default (API Levels)
SSLv3 1–25 1–22
TLSv1 1+ 1+
TLSv1.1 16+ 16+
TLSv1.2 16+ 16+
TLSv1.3 29+ 29+

Posted on
Sun May 12, 2019 11:18 am
RogueProeliator offline
User avatar
Posts: 2183
Joined: Nov 13, 2012
Location: Baton Rouge, LA

Re: Works with Nest changes - What does this mean for us?

Of which is visible to what they are doing within the app itself. A few changes of code in the app and you can have the app print what is going on. How they encrypt traffic is also clearly available in the app.

It isn't that simple... possible, yes, but not as simple as you make it out to be when developers don't want their code viewed. As with virtually any program, you CAN end up seeing what is going on, no different than going back to the old days of dumping the assembly in old DOS games to find/patch cheats. But it can take some time and dedication. Of course, if they don't care and leave everything "in plain sight" then this IS fairly easy. I just doubt Google is doing that...

https://developer.android.com/reference/javax/net/ssl/SSLSocket

You are showing links to dispute things that are not what I said... this references the built-in Java libraries provided; as I said, "The security provider can be updated via Google Play Services independently of the OS." You have to update the security provider and then enable TLS 1.2. This is made available through the Google Play Services library. If you are really interested, this is how it is done:

https://developer.android.com/training/articles/security-gms-provider

Then in Android 4.2 and below, you just have to override the SSLSocketFactory to provide the 1.2 enabled. 4.3 and above SHOULD have it enabled by default after the provider is updated.

Posted on
Sun May 12, 2019 1:36 pm
Nidocamen offline
Posts: 26
Joined: Oct 18, 2011

Re: Works with Nest changes - What does this mean for us?

Slightly O/T - and it won't matter once the APIs get turned off in Aug, but...

Due to a recent ISP switch / bandwidth upgrade, I've switched to a Google OnHub - a friend of mine gave it to me - better potential speeds compared to the 2009 Airport Extreme I had.

Anyways, I'm on fiber-to-the-home on CenturyLink. And perhaps it's CL and not the OnHub, but somehow the Nest only seems to "receive" about 1/3 to maybe 1/2 of the commands I send it via Nest Home in Indigo. I just don't get it. I may put the old Airport Extreme back in the mix to see if somehow that was the issue. Most all other Wi-FI devices are running fine on the OnHub but the Nest is really flaky now. I'm not a network expert, and I just don't get it.

Anyways, I felt I wanted to somehow chime in, somewhere, lol.

Have a great weekend everyone!

Posted on
Thu May 16, 2019 10:06 am
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

https://www.cnet.com/news/google-revers ... with-nest/

The most important change is that if you keep your Nest account, any recipes or automations you have set up with third-party gadgets will keep working after August 31, you just won't be able to add new ones.


So keep your Nest account and don't switch.

Posted on
Thu May 16, 2019 11:01 am
ottoppp offline
Posts: 12
Joined: Oct 21, 2013

Re: Works with Nest changes - What does this mean for us?

Google announcement (https://blog.google/products/google-nest/updates-works-with-nest/) that:

...we’re committed to supporting the integrations you value and minimizing disruptions during this transition, so here’s our updated plan for retiring WWN:

    Your existing devices and integrations will continue working with your Nest Account, however you won’t have access to new features that will be available with a Google Account. If we make changes to the existing WWN connections available to you with your Nest Account, we will make sure to keep you informed.
    We’ll stop accepting new WWN connections on August 31, 2019. Once your WWN functionality is available on the WWGA platform you can migrate with minimal disruption from a Nest Account to a Google Account.

So, if you have a WWN integration, it should continue to work as long as you don't migrate your account, and they will add functionality to WWGA that is not already available in WWN, and let you know it's there before turning off WWN functionality.

Posted on
Fri May 24, 2019 2:15 pm
dduff617 offline
Posts: 455
Joined: Jul 05, 2006

Re: Works with Nest changes - What does this mean for us?

I'm seeing some (maybe?) conflicting information.

Above in this thread, ottoppp's post seemed to indicate that there might be some lingering afterlife for integrations like Indigo Nest Home plugin beyond the 8/31 shutdown date. Also ianbrown's post says "your existing devices and integrations will continue working with your Nest account". So that sounds a bit hopeful that we might at least have some extra time to develop some workarounds while the plugin continues to function.

However, without much digging, I found front and center on the Google FAQ page, the following:
What happens to my existing Works with Nest connections if I don’t migrate my Nest Account to Google? When will my connections stop working?

If you choose not to migrate your Nest Account to a Google Account, your Works with Nest connections will continue to work until August 31, 2019, when the service is turned off.

We’ll keep the Works with Nest service running until then. During this time, your Works with Nest connections will continue to work on the Nest Account you use to sign in to your Nest app today. We will notify all Nest Account holders by email two weeks before the Works with Nest service is turned off.

Once we turn off the Works with Nest program completely, all of your integrations will stop working. Some of our Works with Nest partners may choose to turn off their Nest integrations earlier than August 31, so those integrations will stop working earlier.

Posted on
Fri May 24, 2019 2:23 pm
lanbrown online
Posts: 977
Joined: Sep 26, 2017

Re: Works with Nest changes - What does this mean for us?

The key is that you do not migrate your account otherwise you lose that. So, keep your nest account as is and do not migrate; that is what the articles are stating.

I'm sure as we get closer, we will have more information and if there will even be an API that could be used; either officially or unofficially.

How long they continue to support the current platform is not known. So who knows how long the stay is for.

Who is online

Users browsing this forum: No registered users and 1 guest