Adding support for Estimote Secure UUID

[smartmobile]

We are using your plugin and are very pleased by it, but we would like to use more security for our App. When do you plan on supporting the new Secure UUID mode and the latest SDK ?? https://community.estimote.com/hc/en-us/articles/204233603-What-is-Secure-UUID-and-how-does-it-work-

Based on what we see, implementing Secure UUID should be rather straightforward: update the SDK, add support for setting App ID and Tokens, and finally, a "secure" flag on beacon regions.

Any thoughts ? Also, we would be more than happy to help testing it !

Thank you

[ghost]

Yes secure mode should be added! Thanks for pointing this out. I cannot say when this will happen, but the plugin is actively developed.

[jameslegue]

+1 for this

Is EvoThings interested in the community helping with development?

[ghost]

@jameslegue Yes sure, help is welcome! Thanks for asking, been planning to work on secure mode the coming week, you are most welcome to help if you want. I can be reached at mikael (a t) evothings.com.

Been working on adding support for Estimote Stickers lately, just submitted a pull request for that.

Support for using an iPhone as a virtual beacon is also asked for.

[ghost]

@smartmobile @jameslegue Implemented support for secure beacons. It is ready for testing. Code is here: https://github.com/divineprog/phonegap-estimotebeacons

How it works is that you add the "secure" field to the region object. Here is from the doc comment:

* region format:
*   {
*     uuid: string,
*     identifier: string,
*     major: number,
*     minor: number,
*     secure: boolean
*   }
*
* The region field "secure" is supported on iOS for enabling
* secure beacon regions. Leaving it out defaults to false.
* See this article for further info:
* https://community.estimote.com/hc/en-us/articles/204233603-How-security-feature-works

The above is form file: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/plugin/src/js/EstimoteBeacons.js

[jameslegue]

Thanks, Mikael! Working on integrating it into my app now.

PS is there a way to package in newer version of the Cordova plugin into Evothings Workbench?

Maybe I’m doing something wrong, but if I use Workbench+Client I think it’s only loading the phonegape-estimotebeacons plugin that was built at compile time in the Workbench app vs the one I am calling in my custom app I imported to Workbench.

James

On Mon, Feb 2, 2015 at 8:34 AM, Mikael Kindborg notifications@github.com wrote:

@smartmobile https://github.com/smartmobile @jameslegue https://github.com/jameslegue Implemented support for secure beacons. It is ready for testing. Code is here: https://github.com/divineprog/phonegap-estimotebeacons

How it works is that you add the "secure" field to the region object. Here is from the doc comment:

• region format:
• {
• uuid: string,
• identifier: string,
• major: number,
• minor: number,
• secure: boolean
• } *
• The region field "secure" is supported on iOS for enabling
• secure beacon regions. Leaving it out defaults to false.
• See this article for further info:
• https://community.estimote.com/hc/en-us/articles/204233603-How-security-feature-works

The above is form file: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/plugin/src/js/EstimoteBeacons.js

— Reply to this email directly or view it on GitHub https://github.com/evothings/phonegap-estimotebeacons/issues/52#issuecomment-72458331 .

James

[smartmobile]

Thank you Mikael and Team at evothings.

From: Mikael Kindborg notifications@github.com<mailto:notifications@github.com> Reply-To: evothings/phonegap-estimotebeacons reply@reply.github.com<mailto:reply@reply.github.com> Date: Monday, February 2, 2015 at 6:34 AM To: evothings/phonegap-estimotebeacons phonegap-estimotebeacons@noreply.github.com<mailto:phonegap-estimotebeacons@noreply.github.com> Cc: Patrick Gilbert patrick@mobinnov.net<mailto:patrick@mobinnov.net> Subject: Re: [phonegap-estimotebeacons] Adding support for Estimote Secure UUID (#52)

@smartmobilehttps://github.com/smartmobile@jamesleguehttps://github.com/jameslegue Implemented support for secure beacons. It is ready for testing. Code is here: https://github.com/divineprog/phonegap-estimotebeacons

How it works is that you add the "secure" field to the region object. Here is from the doc comment:

• region format:
• {
• uuid: string,
• identifier: string,
• major: number,
• minor: number,
• secure: boolean
• } *
• The region field "secure" is supported on iOS for enabling
• secure beacon regions. Leaving it out defaults to false.
• See this article for further info:
• https://community.estimote.com/hc/en-us/articles/204233603-How-security-feature-works

The above is form file: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/plugin/src/js/EstimoteBeacons.js

— Reply to this email directly or view it on GitHubhttps://github.com/evothings/phonegap-estimotebeacons/issues/52#issuecomment-72458331.

[ghost]

@jameslegue I understand what you mean. You can use your own Cordova app with Evothings Workbench, you don't have to use Evothings Client. The way this works is described here: http://evothings.com/doc/build/cordova-guide.html#SetupCordovaForEvothings There is also some information in this guide: http://evothings.com/cordova-starter-kit/

I use the Beacon FInder app with Evothings Workbench. Added a connect button here: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/examples/beacon-finder/www/index.html#L38

What you do is this:

• Start the Workbench
• Replace the connect address in the code for the Connect button linked above with the address of your Workbench
• Save and rebuild Beacon Finder
• Launch Beacon Finder on a mobile device
• Tap connect (you should now get a screen saying "Connected")
• Drag index.html in examples/beacon-finder/www and drop it in the Workbench project list
• Click RUN

Now live-reload is enabled and you can edit the files in the Beacon Finder app. When a file is saved, the app reloads. You can do this with any Cordova app.

Let me know how it goes and please ask if anything is not clear.

Best, Mikael

[heypiotr]

Looks good! One thing that I think is still missing: Secure UUID requires you set your secret token in the app:

http://estimote.github.io/iOS-SDK/Classes/ESTConfig.html#//api/name/setupAppID:andAppToken:

Without that, the SDK can't contact the Cloud and ask to "decrypt" the UUID.

App ID and app token is also required to connect to beacon (SDK contacts the Cloud to verify the ownership) and to use the analytics (SDK sends the enter/exit events to the Cloud), so it'll come in handy later too.

[jameslegue]

Thanks, Piotr. That makes more sense to me - I thought it was interesting if this all happened magically in the back end.

@Mikael - I'll put my testing on hold as I wasn't getting anywhere with secure mode previously until we hear your thoughts on the matter.

James

On Fri, Feb 6, 2015 at 10:54 AM, Piotr Krawiec notifications@github.com wrote:

Looks good! One thing that I think is still missing: Secure UUID requires you set your secret token in the app:

http://estimote.github.io/iOS-SDK/Classes/ESTConfig.html#//api/name/setupAppID:andAppToken :

Without that, the SDK can't contact the Cloud and ask to "decrypt" the UUID.

App ID and app token is also required to connect to beacon (SDK contacts the Cloud to verify the ownership) and to use the analytics (SDK sends the enter/exit events to the Cloud), so it'll come in handy later too.

— Reply to this email directly or view it on GitHub https://github.com/evothings/phonegap-estimotebeacons/issues/52#issuecomment-73258267 .

James

[ghost]

@heypiotr @jameslegue Thanks for spotting this! Will add a JavaScript call to set the app token.

[ghost]

@heypiotr @jameslegue Hi again, added functions to access the ESTConfig methods from JavaScript. Available in this repo: https://github.com/divineprog/phonegap-estimotebeacons

For documentation see documentation comments in this file until documentation is written: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/plugin/src/js/EstimoteBeacons.js

Code example for setting App ID and App Token from JavaScript:

estimote.beacons.setupAppIDAndAppToken('MyAppID', 'MyAppToken')

Let me know how this works.

Best regards, Mikael

[ghost]

Added info about Secure Beacons to the documentation file: https://github.com/divineprog/phonegap-estimotebeacons/blob/master/documentation.md

Testing is welcome! :-)

[mlammert]

I have recently been researching Beacons and PhoneGap and Evothings.

The addition of the secure beacons is great. However, I noticed it is only avialable for iOS. Are there plans to port that over to Android as well?

I am also interested in Stickers and Indoor Location for Android too.

Thanks!

[ghost]

@mlammert From what I can tell the Estimote Android SDK does not support secure beacons yet. That is why the plugin does not have it. I believe that Estimote is working on extended Android support. I am not however updated on their plans. Best is if you can email and ask them directly.

[felix-ka]

hey guys, correct me if I am wrong but I think the SDK supports secure UUID for Android now as well. Do you plan on including that to the plugin?

Also, if I put the appId and the token plain into the Javascript code a possible competitor (who is a little more into web dev) could just figure it out and use it. Which makes the entire secure UUID unsecure again doesn't it? (I am hoping that this is not considered as basic knowledge for web development :D )