https://devzone.nordicsemi.com/f/nordic-q-a/61528/connection-to-device-peripheral-after-smartphone-central-erased-its-bonding-dataHi, I am currently working on a product based on an nRF52832 (SDK 15.3, S112 6.1). The firmware uses the Nordic UART Service to receive and send data from and to a smartphone. I have added the Peer manager and set all characteristics access in ble_nus_initen-USTelligent Community 13Thu, 28 May 2020 14:16:33 GMThttps://devzone.nordicsemi.com/thread/252240?ContentTypeID=1Thu, 28 May 2020 14:16:33 GMT137ad170-7792-4731-bb38-c0d22fbe4515:17220f71-36dd-4606-b8ab-3f6225c3310aMarjeris Romero<p>Yes, it will always a trade-off between user-friendliness and security, it will depend on what you are more concerned about. Let me know if you have any more questions.</p> <p>BR,</p> <p>Marjeris</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/251758?ContentTypeID=1Tue, 26 May 2020 15:10:43 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6c53e2bd-bad4-4fcf-a2d4-f0304d646224Nathan O.<p>Hi Marjeris,</p> <p>I actually managed to get my hands on a Galaxy S9 and I can confirm I do not have any pop-up on this smartphone with my own project. So you are right, it&#39;s probably a specific issue of my smartphone (the pop-up actually changed content since the last time I checked with an OS update of the phone).</p> <p>Regarding the security of the repairing I see what you mean. For now, my customer does not want to implement any kind of factory reset on the device. I&#39;ll have to explaing this situation and raise the concern about the repairing. The device&#39;s input capability is also very limited so not sure how we could really handle a request to delete bonding information.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/251680?ContentTypeID=1Tue, 26 May 2020 10:43:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5beaa8d4-a771-4d3d-8acf-4d497ace6cc4Marjeris Romero<p>Hi Nathan,</p> <p>There is one catch with repairing. Repairing is not secure, I have now updated my original post to reflect that.</p> <p>If repairing is allowed anyone can just pretend it has the same MAC address and read all the data by bonding again.</p> <p>It&#39;s recommended to instead remove the pairing info on both sides. This can also be done &quot;remotely&quot;, like with a &quot;restore factory defaults&quot; setting in your device, or with a button for example...</p> <p>So as you see, it would be a trade-off between security and user-friendliness... If you choose to allow repairing anyways, the user data should at least be removed so no one can get access to them. <br /><br />Anyways, I just tested a modified version of the glucose example in the SDK, adding the event handling for PM_EVT_CONN_SEC_CONFIG_REQ in the PM handler so I can handle repairing, using my Samsung Galaxy S9 without seeing any pop-up window... so it may be a manufacturer dependent issue...</p> <p>To be sure, you can do the same&nbsp; test I did, open the Glucose example from the SDK v16.0.0, add the 3 lines for repairing from the above post inside the pm_evt_handler() and test bonding and repairing with your phone to see if the issue still persists. <br /><br />Best regards,</p> <p>Marjeris</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/250784?ContentTypeID=1Tue, 19 May 2020 14:49:54 GMT137ad170-7792-4731-bb38-c0d22fbe4515:db07fd85-ac0c-49db-b1d0-6668ef60b6e0Nathan O.<p>Thanks for your response.</p> <p>I actually already have this configuration for handling SEC_CONFIG_REQ events.</p> <p>Is it an expected behavior that the smartphone shows a popup asking for association request when this happens ?</p> <p>On the first bonding procedure, I do not have any popup (Just Works pairing is done). I would like to avoid having this smartphone popup if possible. It is especially an issue as on one of my smartphone, this popup show as &quot;association request with null&quot; but that&#39;s probably a smartphone side issue.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/250769?ContentTypeID=1Tue, 19 May 2020 14:11:00 GMT137ad170-7792-4731-bb38-c0d22fbe4515:88ee5387-99e6-4c69-bd9a-e37c28f9d69aMarjeris Romero<p>Hi,</p> <p>When you erase the bonding information from the smartphone it is also recommended to erase the bonding information on the nRF device too.</p> <p>The peer manager which handles pairing&nbsp;requests will for <strong>security reasons*</strong> reject new pairing requests from an already bonded peer device. It sounds like&nbsp;this may be the problem here.&nbsp;&nbsp;</p> <p>You may add the following event handling to the PM callback if you want to allow repairing:</p> <p><pre class="ui-code" data-mode="text"> case PM_EVT_CONN_SEC_CONFIG_REQ: { pm_conn_sec_config_t config = {.allow_repairing = true}; pm_conn_sec_config_reply(p_evt-&gt;conn_handle, &amp;config); }</pre></p> <p>The other alternative is to actually delete the bond from the nRF device. For the SDK examples, you can delete all bonds by pressing board button 2 while resetting the device.<br /><br />NB:</p> <div>* Note that this will enable a potential attacker to update an existing bond. So there is a trade-off between security and user-friendliness.</div> <p>Best regards,</p> <p>Marjeris</p><div style="clear:both;"></div>