I've got a little confused about variety of peer/bonding/whitelist abstractions realized in NRF5 SDK. My goal is to maintain longterm connections (nrf52832 peripheral + smartphone central) only with bonded devices. I've successfully protected my BLE characteristics' data from reading with BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM initializatioin of all services and established static passkey bonding procedure. I also initialize peer manager with these parameters:
#define SEC_PARAM_BOND 1
#define SEC_PARAM_MITM 1
#define SEC_PARAM_LESC 0
#define SEC_PARAM_KEYPRESS 0
#define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_DISPLAY_ONLY
#define SEC_PARAM_OOB 0
With IOS devices it works well, pairing request pops up immediately on connect, and if the passkey not entered quick, timout performs disconnecting and restarts advertising. The problem is with android devices. Almost all of them (android v6 and v7) can connect for non limited period (and block this way other previously bonded smartphones to connect), and authorization request with passkey appears only when they try to read/write to some characteristic. How do i manage this? Is whitelist is only solution to reject alien central clients long connection?
P.S. Only one old smartphone with android v5 requests bonding on connect, but it has it's own bugs. After successfull bonding and disconnecting it cannot then connect again and discover services. It finally connects when i delete bond information via nrfConnect, but then it can't read anything and no pairing request appears until i clear peer list from nrf52 side.