Specifying a Link Key in Android Without Pairing

Specifying a link key in android without pairing

there is no public api mechanism to associate a link key with a device without going through the pairing process.

After pairing this association is automatically created (aka bonding) once devices are bonded then further connection will re-use the link key that was generated previously.

even if device is non-discoverable you should still be able to connect bond / pair with it, if you know the device bluetooth address.

internal / private mechanism by changing the underlying android bluez code, and hooking up to feed a pre-generated link key etc is theoretically possible and it will be a difficult project and a custom solution.
that is assuming that you have the link keys to feed / associate. note - link key is a function of the device address of both devices in addition to device clock etc.
bluetooth

Bluetooth pairing without user confirmation

This need is exactly why createInsecureRfcommSocketToServiceRecord() was added to BluetoothDevice starting in Android 2.3.3 (API Level 10) (SDK Docs)...before that there was no SDK support for this. It was designed to allow Android to connect to devices without user interfaces for entering a PIN code (like an embedded device), but it just as usable for setting up a connection between two devices without user PIN entry.

The corollary method listenUsingInsecureRfcommWithServiceRecord() in BluetoothAdapter is used to accept these types of connections. It's not a security breach because the methods must be used as a pair. You cannot use this to simply attempt to pair with any old Bluetooth device.

You can also do short range communications over NFC, but that hardware is less prominent on Android devices. Definitely pick one, and don't try to create a solution that uses both.

Hope that Helps!

P.S. There are also ways to do this on many devices prior to 2.3 using reflection, because the code did exist...but I wouldn't necessarily recommend this for mass-distributed production applications. See this StackOverflow.

Is it possible to regenerate the link key of a Bluetooth connection?

Link Key gets regenerated,if you delete and pair again. Bluetooth Specification does describe APIs to change link keys in Host Controller Interface Layer. But, it is up to the operating system/ third party stack to expose it, because of security issues.

Some Bluetooth stack, may provide an option to regenerate link keys[automatically] after every bluetooth session.

Are GATT Event notifications possible without pairing?

As Mike Petrichenko commented, GATT communication is definitely possible without pairing. In fact most GATT servers/clients out there function without the need for pairing/bonding. The only exception is when some characteristics require authentication/authorisation in order to read some data (e.g. a medical device with a Heart rate characteristic).

If you want a specific reference to where this is mentioned in the Bluetooth spec, then I recommend looking at the Core Specification version 5.2, Vol 3, Part C, section 10.2 (LE Security Modes):-

The security requirements of a device, a service or a service request
are expressed in terms of a security mode and security level. Each
service or service request may have its own security requirement. The
device may also have a security requirement. A physical connection
between two devices shall operate in only one security mode.

It is then mentioned that LE security mode 1 has the level No security, and many GATT servers/clients work in this level.

You can test this yourself if you have two phones available. You can use the nRF Connect app to run a GATT server on one and a GATT client on the other. You will see that you can browse the GATT table and read data without having to pair.

Below are a few links that contain more information:-

Is pairing/encryption mandatory to allow a peer to write in GATT
Bluetooth Low Energy GATT security levels
How GAP and GATT work

how to make BLE autoconnect to Bluetooth of android phone without pairing

The pre-requisites and steps are (code snippets in Java):

HC-XX module or similar BLE-device on the Arduino-side set to security mode 1 and security level 1 (no security AND no pairing)
Android 4.3 (API level 18) with built-in platform support for Bluetooth Low Energy (BLE)

Check on the device (mobile) that BLE is enabled

// Ensures Bluetooth is available on the device and it is enabled. If not,
// displays a dialog requesting user permission to enable Bluetooth.
if (bluetoothAdapter == null || !bluetoothAdapter.isEnabled()) {
     Intent enableBtIntent = new Intent(BluetoothAdapter.ACTION_REQUEST_ENABLE);
    startActivityForResult(enableBtIntent, REQUEST_ENABLE_BT);
}

Find the BLE device(s). You use the startLeScan() method. This method takes a BluetoothAdapter.LeScanCallback as a parameter. You must implement this callback, because that is how scan results are returned. Because scanning is battery-intensive, you should observe the following guidelines:
- As soon as you find the desired device, stop scanning.
- Never scan on a loop, and set a time limit on your scan. A device that was previously available may have moved out of range, and continuing to scan drains the battery.
If you want to scan for only specific types of peripherals, you can instead call startLeScan(UUID[], BluetoothAdapter.LeScanCallback), providing an array of UUID objects that specify the GATT services your app supports.
The first step in interacting with a BLE device is connecting to it— more specifically, connecting to the GATT server on the device. To connect to a GATT server on a BLE device, you use the connectGatt() method. This method takes three parameters: a Context object, autoConnect (boolean indicating whether to automatically connect to the BLE device as soon as it becomes available), and a reference to a BluetoothGattCallback.
```
// Here we set autoconnect to true
bluetoothGatt = device.connectGatt(this, true, gattCallback); 
```

To sum up auto connect alone will not do the job as you want no pairing. So security mode 1 and security level 1 (no security at all) has to be set. So make sure by using software sided encryption/auto sign-in that no unauthorized persons use your device

Read more about BLE in Android in detail here

Read more about BLE security in detail here

Is there a way for automatic/programatic pairing of 2 bluetooth devices in android?

Reflecting the setPin method allowed me to send the pin automatically to the other device. I had to implement it in a broadcast receiver that is listening for pairing requests. Although I cant get rid of the dialog it just stucks there on the screen and I dont know how to close it (programatically) and continue the bonding procedure since this dialog is called from inside connect() which is a blocking method. I am not giving up on it yet though :)

Is it possible to set pin programmatically for bluetooth pairing?

Bluetooth autopairing is defined only for some devices. To change this you should rewrite Android framework. So, from the application, it seems to me, this is impossible to do.

Specifying a Link Key in Android Without Pairing