BLE (Bluetooth Low Energy) Pairing and Bonding


Staff member
We are designing a small hardware device (call it the "puck") that communicates over BLE, and an app for Android & iOS to talk to it. We have an app (written in C#/Xamarin) that is connecting to the puck and they are connecting and sending data back and forth.

According to <a href="" rel="nofollow noreferrer">this web site</a>, when the Bluetooth connection is first made, the two devices "pair" which just means they exchange security information.

Question 1: Am I correct in my understanding that the exchange of security information takes place automatically, there's nothing I have to do in my code to cause it to happen?

Question 2: Am I guaranteed that the communication (after the initial exchange of security information, including keys) will be encrypted?

Question 3a: On an Android device, how can I query the connection to find out what security features were agreed upon by the two BLE devices?

Question 3b: Same as 3a but on an iOS device

The puck has no display to speak of (a couple of LEDs and a button) so can't display a PIN for bonding. The plan is to have the user initiate bonding in the mobile app, sending some command over the BLE connection; in response the puck will flash its lights in some pattern and wait for the user to press the button. If the button is pressed within some timeout, bonding should take place.

Question 4: What are the "best practices" for bonding, in order to keep the BLE connection as secure as possible?