Are Third-Party SmartApps (native and via web REST-API Endpoint Mappings) Secure?

( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #1

Continuing the discussion from Playing around with Amazon Echo (technical interface discussion):

(I started this Topic to avoid going on a tangent on the original discussion thread.)

So… @Ron … how is SmartTiles different than using IFTTT or The Ubi, for example?

(Ron) #2

I don’t let IFTT connect to my Smart Things either :smile:

I don’t have Ubi.

I prefer to have an app that runs on my network that controls things. I don’t know who is behind Smart Tiles so how do I give them the keys to my home ?

I am OK with Amazon Echo because it’s amazon and I feel I can trust them because of how well their systems seem to be built.

No Offense to the developer of Smart Tiles it’s not just who are they but also how secure are they. Hackers are getting too aggressive to just ignore the possibilities.

Same reason I don’t like web sites that consolidate your financial data by connecting to all your bank accounts. Many people use these but I like to keep such access private.

( co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #3

SmartTiles does not store the Authorization token it receives from the SmartThings Device Authorization page.

But, of course, you have no way to know that for certain.

SmartThings needs to figure out an audit / security certification process for external access applications like these. It still won’t be ideal for people like you, but there is a reasonable level of security that is appropriate for the mass consumer market.

(Ron) #4

people like me ? :smile:

I do tend to be cautious LOL

(Jovan) #5

hey, just because you’re paranoid doesn’t mean they’re not out to get you, right?!?

(Jody) #6

Please no. Unless this process could be wholly automated, I don’t want any more delays. The whole point of oAuth is to allow the consumer to choose to use a third party app. A reporting mechanism for flagging misbehaving integration would be fine, and that’s what facebook and many other platform providers rely on.