Web Bluetooth

Web Bluetooth enables a browser to connect and control Bluetooth devices like smart home appliances, health accessories like heart rate, temperature sensors etc around you. It enable developers to build one solution which can work on all platforms (mobile and desktop) and that means lower development costs, more open source control interfaces for various physical products. You just need to integrate Web Bluetooth API to enable connection with the gadgets from the web. With Web Bluetooth, you can even manage operations remotely; open a web browser and pair with a nearby Bluetooth device and you are all set!

Web Bluetooth API Integrations

The Web Bluetooth API allows websites to communicate with nearby Bluetooth device and also provides access to various services and data available within the device. The Web Bluetooth API works on the HTTPS pages and doesn’t work in a background without the approval of the user. Bluetooth low energy (BLE) provides most of its functionality through key pairs provided by the GATT protocol which is a hierarchical data structure of Generic Attributes exposed to the connected BLE device. The Web Bluetooth API mostly depends on JavaScript promises!

navigator.bluetooth.requestDevice(serviceFilters)
                 Scans for the device in range supporting the requested services. Returns a Promise.
            device.gatt.connect()
                Returns a Promise resolved with the server object providing access to the services
available on the device.
                   server.getPrimaryService(name)
                Returns a Promise resolved with the particular Bluetooth service on the device.
                             service.getCharacteristic(name)
                Returns a Promise resolved with the GATT characteristic object.
                                   characteristic.readValue()
                Returns a Promise resolved with a raw value from the GATT characteristic.
                                            characteristic.writeValue(value)
               Writes a new value for the GATT characteristic.

Web Bluetooth Connection

You might be aware that BLE communication depends on Central device and Peripheral device. The central device can be connected to several peripherals at once depending on the hardware. While peripheral is passive which means they can’t initiate the connection and are usually connected to one central device. However, it is important to note that there are no central-to-central or peripheral-to-peripheral connections; it is always central-to-peripheral.

With Web Bluetooth, you can only connect to the peripherals as it supports only central role. It is not feasible to establish direct BLE connection between two web pages on a different device. However, you can make the connection between web Bluetooth (Central device) and a native app implementing peripheral service.

Like with any other API that’s built into browsers like Chrome, each website will have to request access. Your browser will give you a popup asking for permission to let that website access the device; just like the app does for notifications, location access or your webcam. If you don’t respond to the question, the request will be automatically denied. But, you will be able to change the permissions at any time.

Which browser does it support?

When it comes to Bluetooth, we think of a simple device-to-device connection for performing various tasks like playing music, offering notifications and many more. But, with the web Bluetooth API available in Chrome Browsers 56+ and Opera 44+ and other Android browsers (6.0+) and Mac, it would enable browsers to control nearby Bluetooth device bringing the world of a connected device a little closer. JavaScript code served to your browser can directly connect to your Bluetooth LE device.

Web Bluetooth Applications

  • Product manufacturer making a product like Fitbit, a heart rate monitor, barcode scanner, Bluetooth kitchen scale, Robotic car etc. can develop a website that users can navigate to and control their devices.
  • When a user comes near to the parking meter and wishes to make payment; they turn on the Bluetooth and look for the nearby device provided by the OS, browser or an app. Upon selecting the parking meter, the web browser is launched with the URL provided by the parking meter. The website is then able to communicate with the parking meter without requiring to further pair with the user interface.

Limitations

  • Data Breach

If a browser trusts server that is susceptible to cross-site scripting, anyone on the Internet can connect to your device. Let’s say, the user provides access to the Bluetooth device and later grants access to another website with the same Bluetooth device, the user could be susceptible to cross-site tracking via device identifiers or device names. Websites that can access a Bluetooth-enabled device can determine the real name of the owner

  • Behavioral Monitoring

Web Bluetooth can track all your information; enabling companies to get the profits at the expense of your privacy. You will have to give permission to the browser, if you are developing a website that pulls the data of the Bluetooth device. Bluetooth device possesses unique, persistent device ID which enables the browser to use this information to track all your sensitive details.

  • Motion Monitoring or Distance tracking

Due to API’s rssi or txPower property, websites will be able to monitor user’s movements and location changes in real-time from certain Bluetooth-enabled devices. This would allow a remote attacker to know when a user is at home, at work or is sleeping.

  • Profiling Potential

The website may detect the type and model of the Bluetooth device shared and based on that, it may know user’s financial situation, living standards and interests.

Solution

Browser must ensure that the user is aware of what devices they are pairing and what services are being exposed. Every system wanting to use Web Bluetooth API should undergo a rigorous web risk privacy assessment- privacy impact assessment. If you are worried about the security of Web Bluetooth, rest assured; the community is already working on it

You could also call us at +1-408-400-3737 if you have any questions about Bluetooth low energy technology.

Web Bluetooth is a significant technology and comes with huge potential. In the coming days we will see interesting browser implementations with the help of Web Bluetooth. Want to build interesting applications using your beacons? Get in touch with our experts for detailed app consultation.