i think nobody right now likes the way we have of removing devices, having to remove the device from every smartapp before removing it, it think this could be improved by having an option in smartapps to tell if the device is required for the smartapp to work properly or not, if the device isnt essential to any smartapp, it should be removed from every app automatically.

Not a bad idea, but I prefer a more comprehensive solution which has a side-effect of also making the migration process easier.

(a) There should be zero requirement to remove a Device from SmartApps prior to removing the Device from your Account.

(b) When a Device is removed from your Account, it would remain with a temporary flag (i.e., “[Removed] Old Name”) and icon flag.

© Any SmartApps referencing the Removed Device would be suspended and could be listed on a page of the mobile App and/or API/IDE web.

(d) When installing adding a new Device, if the Type matches any Removed Device, the user could declare the added Device as it’s “replacement”, thus completing the replacement process (and all related suspended SmartApps would reactivate).

This. This. A million times, this.

[quote=“tgauchat, post:2, topic:26564, full:true”]

(d) When installing adding a new Device, if the Type matches any Removed Device, the user could declare the added Device as it’s “replacement”, thus completing the replacement process (and all related suspended SmartApps would reactivate).
[/quotE]

Violates basic tenent of home automation security, that you must prove you have physical access to a device in order to remove it or join it from the network.

Otherwise I could have a hacker in Chicago with a virtual device hack a cloud account, replace the device with the virtual device, and get total control of my network.

Right now, for example, you can’t replace my contact sensor with a software hack from another city. You can get at the notifications if you can get to the account, but you can’t prevent the sensor itself from being activated. So if, for example, I’ve bound it to a local siren, you can’t turn it off.

Think of it as a form of two factor authentication. I know it’s a pain to have to physically touch every device when you’re migrating them, but this is why.

The alternative approach is a controller Pass over where a controller that you have physical access to grants its network to a new controller that you also have physical access to. So there’s still a physical access step, but it’s limited to two devices, not hundreds.

I didn’t mean to imply that this was going to be eliminated.

Let’s just add a constraint that the replacement device must be a non-virtual device and/or some other methods to increase security at the end of “replacement” such as requiring the user to activate a specific randomly chosen real lightswitch that’s connected to the same hub.

No need to throw out the whole process due to this slight incremental security vulnerability.