https://devzone.nordicsemi.com/f/nordic-q-a/2763/how-to-establish-secure-connection-between-android-and-nrfHello Gentlemen, I&#39;m developing an Android App that needs to connect to nRF. The nRF sensor does not have keyboard, display or buttom. But we can have OOB which is a type of secret key generated during assembly. As long as I don&#39;t require pairingen-USTelligent Community 13Fri, 13 Jun 2014 15:01:28 GMThttps://devzone.nordicsemi.com/thread/10685?ContentTypeID=1Fri, 13 Jun 2014 15:01:28 GMT137ad170-7792-4731-bb38-c0d22fbe4515:11796b0a-62e3-425a-a93a-07bf15b36ad0FormerMember<p>The bonding process consits among others of the exchange of the encryption keys, and when the bonding process is finished the link is encrypted. You can see this if you use our sniffer to track what is being sent of the air. The sniffer can be downloaded here: <a href="https://www.nordicsemi.com/eng/nordic/Products/nRF51822/nRF-Sniffer/26386">www.nordicsemi.com/.../26386</a></p> <p>The keyboard in our reference design &quot;nRFready Desktop 2&quot; uses OOB, but I don&#39;t think it has been tested on Android.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/10684?ContentTypeID=1Fri, 13 Jun 2014 14:10:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3df8714c-35bc-4998-a127-1027c04dc2f7Gilson<p>Kristin, Maybe I did not make myself clear. I want to enable security during the bonding, encryption of the message comes later I understand. &quot;just works&quot; is NOT as good, I need to come with a way to set the PIN programmatically or OOB.</p> <p>I really need an example of Android using OOB, I see people here asking for examples and I would like to suggest for Nordic to provide examples showing the 3 different methods. Let the business developers decide for themselves. Sometimes we have to talk to our marketing department before we make the decision, it is not always developers choice until there is road block.</p> <p>Is there an Android-nRF sample that demonstrates OOB use ?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/10683?ContentTypeID=1Fri, 13 Jun 2014 13:39:47 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8f4e8f91-cc81-42e4-af13-a9abfa7248acFormerMember<p>The only difference between the bonding methods (Just works, display-keyboard, OOB, etc) is the security during the bonding process; when using display-keyboard, OOB, or any other MITM &quot;process&quot; you can make sure that there is no man-in-the-middle (MITM) attacs. However, the security of the encryption will be the same both with and without MITM bonding. Therefore, if there is no security concern during bonding, &quot;just works&quot; will be as good any of the other bonding &quot;methods&quot;.</p> <p>If you don&#39;t want anybody else to be able to connect to your device, you can use whitelist. If using whitelisting, you can limit the number of phones/centrals that can bond to the device.</p><div style="clear:both;"></div>