Security of Community edge drivers?

Has this been answered before. All of these phenomenal edge drivers that community members and creating and publishing, what’s to stop them from simply deleting it and/or updating one and perhaps screwing it up.

I’m not saying anyone would even do this and I’m forever grateful for them but was wondering what would actually happen? Would your devices just stop working? Can you install a driver and then stop things like this happening?

If they deleted the driver from their channel it would still be on your hub so things wouldn’t break.

On the other hand if they deliberately or accidentally ballsed up an update that would be copied to your hub, unless …

I believe that you can protect yourself by unenrolling from the channel containing the driver.

A similar problem exists with custom capabilities.

Ah I see. Is there any officially statement on that un enrolment safety net?


What is that?

It’s been discussed at length, including with staff, but I don’t know that there’s really been an answer. :thinking:

General security question about community provided edge drivers

To be diplomatic, the discussion was not pleasant. I gave up, there were some very excitable and rude contributions.

I will not use any community drivers/apps or websites where the code is not open source or certified in someway by Smartthings.

I have spent a lot of time coming up to speed so that I can support my own requirements, I am far from convinced whether it was worth the time and effort, I should probably just have left Smartthings…

BUT, I have to say the platform actually looks pretty good now…be interesting to see. Hopefully I will be proven wrong.

1 Like

There is nothing to stop you deleting or updating custom capabilities that you created.

Yeah but what is custom capabilities? You mean taking an edge driver and modifying it yourself?

You can unenroll from the driver channel if you don’t want updates. The driver will remain installed. If you don’t trust the developer to send clean updates, I’m not sure I’d trust the initial version either. These drivers are sandboxed from the internet and from each other, so I’m not sure there is much malicious activity that can occur, that couldn’t be solved by just uninstalling the driver.


Yeah I’m not saying the developer would purposely send an update to screw anyone but if the driver is working as you expect then I see no reason to allow updates until maybe one was really needed.

Look at the state of some of the ST app updates we get from android or Apple ios, some, if not most of the time the update screws something up lol.

You could just unenroll after install then, missing out on any new features or bug fixes. It would be nice if the ST app just had an auto update toggle in the driver menu.

1 Like

I would say that’s fair of them to do so and it’s the users own choice if they want to purchase it.
Similar to developers selling groovy apps isn’t it.


I don’t understand why Smartthings doesn’t simply provide an option to “lock” drivers in the installed state and disallow automatic updates. This could be done for individual drivers, for all drivers of a certain developer, or for all installed drivers. Anything would be better than no option at all, as it is now.
For me, this is not really a security question, but a question of keeping my smart home in a functional state. ANY automatic update can break functionality, on any platform.


Yeah that’s my whole point of this post. As a user and if I’m happy that things are running as I’d like, to have the option to ‘lock’ it, as you say, would be ideal.

1 Like

This is not the reason I have kept some of my Edge driver source code off GitHub and/or open sourcing. Some of my work is there, some of it is not. Reasons vary for both but none of them are about monetizing anything on Edge.


You forget that there may be more reasons not to publish all the code I have right now.

For example, I don’t want to monetize any of my work, apart from the fact that just like you did, some users have invited me to a beer and I appreciate it.
I just want to solve the problems with my devices and share them with whoever wants to receive them, but I also don’t want another user, who doesn’t share his code, legitimately, to monetize the code for me by copying and pasting.

I have it in my will that if I die suddenly they publish all my drivers that are not published :man_facepalming:

More than a year ago I commented in another post that it would be good if automatic updates were optional, although the only thing that achieves this is that we wait to see if someone breaks something or not before updating


Don’t worry, my dog drank it.

You don’t need to get angry or apologize, what you can’t expect is that we all agree with you if we don’t agree.
You have your very respectable reasons and others have ours, as respectable as yours.

Participating in a forum does not imply having to renounce your convictions, we simply debate and each one draws their own conclusions and acts accordingly.

It does not depend on what you or I think, the solution that they apply will be the one that decides who has that competence.

By the way, I don’t have a dog! :wink: