It seems like they're refusing unconditionally and claiming security instead of actually requiring security.
It's a whole another system outside of Apple's control and some mutually agreed upon Bluetooth LE elliptic key does nothing to protect it in its entirety. It still leaves cryptographic mistakes, side-channels and all other vulnerabilities.
Like, what does https:// or transport encryption in general really say about the website's security to you? Not much besides transport, does it?
Now we want to expose more than notification contents over Bluetooth (LE)? Are we sure? It has to be carefully designed.
Really Apple allows HTTPS connections but the same implementation concerns apply there. The web server could publish it's private and session keys to a "status" page and leak enough to make decryption trivial
I think it'd be more honest if they say "we don't want to give users options" (for better or worse) instead of claiming it's security
I also worked on Android Wear's iOS app for working with iPhones.
The major problem I see now with these excuses, that I'd like to claim wasn't an issue when I was making them circa 2015-2017, is they're cargo cult (a la Apple likes making things that just work) or boogeymen (if they did anything different, a bluetooth connection would be used, unencrypted, sending all your data into the ether).
The watch has been out for 10 years.
Software is software. Where there's a will, there's a way.
It's very, very, very, hard to believe there's 0 way for Apple to ensure an encrypted connection.
Put another way, avoiding the global observations: If it's impossible, why allow watches to be paired at all?
(happy to detail more, like everyone, I love talking about myself :P but figured I'd start with the TL;DR, i.e. the App Store + subsequent boom happened at such a time that made it seems reasonable, years later, to dropout, and having 0 responsibility outside restaurant shifts gave me a fulcrum)
Well, I wouldn't say that the standards for (software) security were anywhere near as high as they are now. It makes sense that our requirements for things change.
> It's very, very, very, hard to believe there's 0 way for Apple to ensure an encrypted connection.
Sure there are ways, but without regulation I struggle to see why should/would Apple ever bother. Nor do I think that a forced way would be held to the same standards as the rest.
> Put another way, avoiding the global observations: If it's impossible, why allow watches to be paired at all?
Because they can't do much, if anything at all?
But the Apple Watch can, and a lot of the same arguments apply to it as much as any third party watch.
Apple can't (trivially) detect if there's a fatal flaw in the way the other side derives their secrets for example. They can't know if the device doesn't have a backdoor characteristic/API that gives access to the key material. They can't know if that proprietary stack can't be exploited in n+1 ways because it has been written by an underpaid intern.
But if Apple gave access to everything over BLE they would be expected to. At least by most Apple users. Be it a good or a bad thing. It's a rather enormous access vector, if they'd provide feature parity(-ish) with Watch.
Much more sensible would be to make such features available to apps (and by proxy, wearables) with entitlements. But even then it can be just as insecure, just by proxy.
If it rejects messages with improper encryption, the watch won't get programmed to send them.
