Samsung Accessory Protocol (SAP) security questions

Hello everyone!

When using the Samsung Accessory Protocol (SAP) there is the opportunity to exchange data between watch and mobile app in a “secured” way. Meaning data is encrypted before sending the payload to the receiver over a Bluetooth channel.

I want more information on how the data is encrypted:

  • What encryption algorithm is used?
  • What keys are used?
  • Is it vulnerable against replay attacks?
  • Is there an official statement/documentation by Samsung?

Thanks,
Heinz

Hello heinz.burgstaller,
Well, so far I know, Samsung will not reveal their encryption method to the 3rd party developers as it’s their proprietary. They’re not even supposed to do that.
However, you can use the methods available within the SDK or Framework to encrypt your data and send that. For example, you may call SASocket.secureSend() instead of SASocket.send(). Indeed, you can authenticate Peer Agent for enhanced security by calling authenticatePeerAgent method.
Meanwhile, you may spend some time visiting the programming guide in this page.

Thank you.

Thank you @ssaha for your reply. I already use secureSend(), I’m just curious why it is secure…