For info, when trying to connect from nRF Connect Android App, I get the same connect/disconnect behaviour.

And here's my bluetooth traffic logs:

< HCI Command: LE Create Connection (0x08|0x000d) plen 25              0.106359
        Scan interval: 60.000 msec (0x0060)
        Scan window: 30.000 msec (0x0030)
        Filter policy: White list is not used (0x00)
        Peer address type: Random (0x01)
        Peer address: FC:E9:FE:31:4E:5A (Static)
        Own address type: Random (0x01)
        Min connection interval: 30.00 msec (0x0018)
        Max connection interval: 50.00 msec (0x0028)
        Connection latency: 0x0000
        Supervision timeout: 20000 msec (0x07d0)
        Min connection length: 0.000 msec (0x0000)
        Max connection length: 0.000 msec (0x0000)
> HCI Event: Command Status (0x0f) plen 4                              0.115423
      LE Create Connection (0x08|0x000d) ncmd 1
        Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 31                              0.132631
      LE Enhanced Connection Complete (0x0a)
        Status: Success (0x00)
        Handle: 12
        Role: Master (0x00)
        Peer address type: Random (0x01)
        Peer address: FC:E9:FE:31:4E:5A (Static)
        Local resolvable private address: 00:00:00:00:00:00 (Non-Resolvable)
        Peer resolvable private address: 00:00:00:00:00:00 (Non-Resolvable)
        Connection interval: 45.00 msec (0x0024)
        Connection latency: 0.00 msec (0x0000)
        Supervision timeout: 20000 msec (0x07d0)
        Master clock accuracy: 0x00
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2       0.133838
        Handle: 12
> HCI Event: Command Status (0x0f) plen 4                              0.135468
      LE Read Remote Used Features (0x08|0x0016) ncmd 1
        Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12                              0.440686
      LE Read Remote Used Features (0x04)
        Status: Connection Failed to be Established (0x3e)
        Handle: 12
        Features: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
> HCI Event: Disconnect Complete (0x05) plen 4                         0.440937
        Status: Success (0x00)
        Handle: 12
        Reason: Connection Failed to be Established (0x3e)

Could it be the same as http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=06be53208f7dcf78bc74bdb88614001f067c4b49?

FWIW, it works great when connecting this device as a Bluetooth Classic device from Android Bluetooth settings.

We can try using the Android connectGatt 'transport' parameter to force an LE connection.

I'm not able to reproduce the connection failure. The MX Master connects quickly when using this sample: https://googlechrome.github.io/samples/web-bluetooth/gap-characteristics.html

Android 7.1.1, NMF26F; Nexus 5X, Chrome Canary (probably same) 
Android 7.1.1, NMF26F; Nexus 6P, Chrome Canary 57.0.2937.0
Android 7.1.1, NMR1; Nexus 6, Chrome tip of tree build

Can you reproduce the issue with https://beaufortfrancois.github.io/sandbox/web-bluetooth/pair-mouse/index.html?
Just to be sure, can you confirm the MX Master wasn't paired previously from Android Bluetooth Settings?

I was able to reproduce with Chrome Dev but not Canary. We haven't changed anything regarding Connection lately so not sure why this is happening...

I switched to using https://googlechrome.github.io/samples/web-bluetooth/gap-characteristics.html because it provided output that the connection happened that was easy to test for. I still can not repro (tested now with nexus 6) looking at logcat and using https://beaufortfrancois.github.io/sandbox/web-bluetooth/pair-mouse/index.html, the connection occurs and the promise resolves. I do not see the rejected promise NetworkError that you report above.

I did test with a Nexus 5 as well.

12-06 10:54:22.980 I/cr_Bluetooth(16141): connectGatt
12-06 10:54:22.982 D/BluetoothGatt(16141): connect() - device: DA:D7:CC:A9:26:CF, auto: false
12-06 10:54:22.982 D/BluetoothGatt(16141): registerApp()
12-06 10:54:22.983 D/BluetoothGatt(16141): registerApp() - UUID=546fad4c-54b9-4e83-a273-af2fe65b8c73
12-06 10:54:22.985 D/BtGatt.GattService( 8518): registerClient() - UUID=546fad4c-54b9-4e83-a273-af2fe65b8c73
12-06 10:54:22.986 D/BtGatt.GattService( 8518): onClientRegistered() - UUID=546fad4c-54b9-4e83-a273-af2fe65b8c73, clientIf=6
12-06 10:54:22.987 D/BluetoothGatt(16141): onClientRegistered() - status=0 clientIf=6
12-06 10:54:23.005 D/BtGatt.GattService( 8518): clientConnect() - address=DA:D7:CC:A9:26:CF, isDirect=true
12-06 10:54:23.005 D/bt_btif_config( 8518): btif_get_address_type: Device [da:d7:cc:a9:26:cf] address type 1
12-06 10:54:23.005 D/bt_btif_config( 8518): btif_get_device_type: Device [da:d7:cc:a9:26:cf] type 2
12-06 10:54:23.369 W/bt_smp  ( 8518): smp_br_connect_callback is called on unexpected transport 2
12-06 10:54:23.369 W/bt_btif ( 8518): bta_dm_acl_change info: 0x0
12-06 10:54:23.370 D/bt_btif_dm( 8518): remote version info [da:d7:cc:a9:26:cf]: 0, 0, 0
12-06 10:54:23.371 E/BluetoothRemoteDevices( 8518): state12newState0
12-06 10:54:23.373 D/BtGatt.GattService( 8518): onConnected() - clientIf=6, connId=6, address=DA:D7:CC:A9:26:CF
12-06 10:54:23.374 D/BluetoothGatt(16141): onClientConnectionState() - status=0 clientIf=6 device=DA:D7:CC:A9:26:CF
12-06 10:54:23.374 I/cr_Bluetooth(16141): onConnectionStateChange status:0 newState:Connected
12-06 10:54:23.374 D/BluetoothGatt(16141): discoverServices() - device: DA:D7:CC:A9:26:CF
12-06 10:54:23.376 D/BtGatt.GattService( 8518): discoverServices() - address=DA:D7:CC:A9:26:CF, connId=6
12-06 10:54:23.378 D/BtGatt.GattService( 8518): onSearchCompleted() - connId=6, status=0
12-06 10:54:23.413 D/BtGatt.GattService( 8518): onGetGattDb() - address=DA:D7:CC:A9:26:CF
12-06 10:54:23.413 D/BtGatt.GattService( 8518): got service with UUID=00001800-0000-1000-8000-00805f9b34fb
12-06 10:54:23.413 D/BtGatt.GattService( 8518): got characteristic with UUID=00002a00-0000-1000-8000-00805f9b34fb
// ... [many similar lines] ...
12-06 10:54:23.417 D/BtGatt.GattService( 8518): got descriptor with UUID=00002902-0000-1000-8000-00805f9b34fb
12-06 10:54:23.420 D/BluetoothGatt(16141): onSearchComplete() = Device=DA:D7:CC:A9:26:CF Status=0
12-06 10:54:23.420 I/cr_Bluetooth(16141): onServicesDiscovered status:0==OK
// Notice the 15 second delay before disconnect.
12-06 10:54:38.521 W/bt_btif ( 8518): bta_gattc_conn_cback() - cif=3 connected=0 conn_id=3 reason=0x0013
12-06 10:54:38.522 W/bt_btif ( 8518): bta_gattc_conn_cback() - cif=4 connected=0 conn_id=4 reason=0x0013
12-06 10:54:38.522 W/bt_btif ( 8518): bta_gattc_conn_cback() - cif=5 connected=0 conn_id=5 reason=0x0013
12-06 10:54:38.522 W/bt_btif ( 8518): bta_gattc_conn_cback() - cif=6 connected=0 conn_id=6 reason=0x0013
12-06 10:54:38.525 D/BtGatt.GattService( 8518): onDisconnected() - clientIf=6, connId=6, address=DA:D7:CC:A9:26:CF
12-06 10:54:38.526 D/BluetoothGatt(16141): onClientConnectionState() - status=19 clientIf=6 device=DA:D7:CC:A9:26:CF
12-06 10:54:38.527 I/cr_Bluetooth(16141): onConnectionStateChange status:19 newState:Disconnected

I've tried again with Chrome Canary 57.0.2952.0 for Android and it works fine. I'm not sure what is happening.

Julien, can you give a try again and provide some ADB logs?
https://www.chromium.org/developers/how-tos/file-web-bluetooth-bugs

Thanks a lot guys for helping.

I didn't had a chance to try further unfortunately.
I'll do tests next week and will provide more info.

Cheers

Hi guys,

  thanks a lot for your help.

Attached are 2 logcat files taken with a Nexus 9 running Android 7.0.0.
First one uses Canary 57.0.2929.0 and second 7.0.2956.0

The device I try to pair (not just connect) is not yet paired to the system. This is an MX Anywhere 2 in my case. I successfully read characteristics data, but device is not paired to the system. No pointer on screen.

If I exit webpage, no device is listed in BT settings.

I see log says :
..
connect() - device: E2:96:C7:E3:BD:75, auto: false
..
clientConnect() - address=E2:96:C7:E3:BD:75, isDirect=true
..

So we're using direct connection. I'm not familiar with Android API, but just noticed we could aldo use auto-connection. No clue if issue is related or not though.



Cheers

Deleted: adb logcat 1.txt 30.1 KB

adb logcat 1.txt 30.1 KB View Download

Deleted: adb logcat 2.txt 43.5 KB

adb logcat 2.txt 43.5 KB View Download

I believe https://android-review.googlesource.com/#/c/249017/ may help in future versions of Android.

I just discovered by reading https://devzone.nordicsemi.com/blogs/1046/what-to-keep-in-mind-when-developing-your-ble-andr/ attachment that Android 5+ does not allow to read or write data to some HID characteristics such as HID Information, Report Map, HID Control Point, and Report.

> Only applications with BLUETOOTH_PRIVILEGED, that is, applications signed with the same certificate as the system,
are able to read and write data to those characteristics.

> Explanation: On Android 4.3 and 4.4.x applications are able to sniff to HID devices and read passwords and other
private information. U2F is used by security tokens.

https://android-review.googlesource.com/#/c/249017/ will make BLE mouse if/when bonding is made from Chrome in next version of Android.

This means Web Bluetooth should either:
- bond device by default with createBond (https://developer.android.com/reference/android/bluetooth/BluetoothDevice.html#createBond())
- provide an option in device.gatt.connect to bond device before connecting to it.

Note that I've filed an issue at https://github.com/WebBluetoothCG/web-bluetooth/issues/346 to track this.

Thanks a lot for your new findings François!

https://android-review.googlesource.com/#/c/249017/ is very interesting. I didn't recall having to explicitly create bond though. I thought it was like on iOS, where pairing is automatically triggered upon connection. I can do some more tests on my side with apps.

Concerning your comment #17, I'm not sure it relates with my issue. I'm not reading HID characteristics, but rather use a proprietary service.

Please also notice we might just have a permissions issue.

https://developer.android.com/reference/android/Manifest.permission.html#BLUETOOTH_ADMIN is required to pair bluetooth devices.

This permission is already requested in Chrome. See https://cs.chromium.org/chromium/src/device/bluetooth/android/java/src/org/chromium/device/bluetooth/Wrappers.java?q=BLUETOOTH_ADMIN&sq=package:chromium&l=76&dr=C

BLUETOOTH_ADMIN is required to allow applications to **discover** and pair bluetooth devices.

Oh ok indeed.. thanks

I don't understand the commit message in https://android-review.googlesource.com/#/c/249017/ really. It seems it only affects NFC pairing and not regular pairing?

Anyway, at least in earlier versions of Android, just because you create a bond doesn't mean it will automatically start using the HID service if available, as opposed to iOS. You must manually "connect" to the HID profile. That can either be done through the Bluetooth settings app (that app also automatically connects to HID if you bond through that app), or you can use some reflection code to do it, right after the bond has completed and service discovery is complete:

	void connectOrDisconnectHid(final Context appContext, final String bdAddr, final boolean connect) {
		BluetoothAdapter.getDefaultAdapter().getProfileProxy(appContext, new BluetoothProfile.ServiceListener() {
			@Override
			public void onServiceConnected(int profile, BluetoothProfile proxy) {
				int priority = connect ? 100 : 0;

				BluetoothDevice dev = BluetoothAdapter.getDefaultAdapter().getRemoteDevice(bdAddr);
				try {
					Method m = proxy.getClass().getMethod("setPriority", BluetoothDevice.class, int.class);
					Object result = m.invoke(proxy, dev, priority);
					Log.d(TAG, "setHidPriority result : " + result);
				} catch (InvocationTargetException e) {
					e.printStackTrace();
				} catch (NoSuchMethodException e) {
					e.printStackTrace();
				} catch (IllegalAccessException e) {
					e.printStackTrace();
				}

				try {
					Method m = proxy.getClass().getMethod(connect ? "connect" : "disconnect", BluetoothDevice.class);
					Object result = m.invoke(proxy, dev);
					Log.d(TAG, "hid result " + (connect ? "connect" : "disconnect") + ": " + result);
				} catch (InvocationTargetException e) {
					e.printStackTrace();
				} catch (NoSuchMethodException e) {
					e.printStackTrace();
				} catch (IllegalAccessException e) {
					e.printStackTrace();
				}
				// Here the proxy could be disconnected to release the resource
			}

			@Override
			public void onServiceDisconnected(int profile) {

			}
		}, 4); // 4 means HID
	}

But why would you connect a mouse through a web page anyway? It doesn't seem to meet the security goals of Web Bluetooth. Just imagine someone setting up an open WiFi someone connects to and you are automatically redirected to some web site serving a web bluetooth script. You also put up BLE devices in that room. Now if the user not really understands the connect dialogue on the screen and just clicks connect, an attacker now has keyboard input to your device. Imagine for example that the name of the BLE device is called the same as the WiFi, then the user might think he connects to the network. Note that Android does not show any pairing dialogs whatsoever when a "just works" pairing is made.

Thanks a lot for your hints!

Actually, as I spot in web-bluetooth  issue #346  (https://github.com/WebBluetoothCG/web-bluetooth/issues/346), pairing device from web-page is part of next-level of user experience Logitech's aiming to achieve.

As Jefferey said also, HID over GATT is black-listed, so no means to do a key-logger whatsoever.

With https://github.com/WebBluetoothCG/web-bluetooth/commit/ca0e3c9ed605140bbe0018eba6a4646900b3e1dc, I believe we should go ahead and call the createBond() function when connectGatt is successful on Android.

Hi François, thanks for your feedback again. I'm wondering though what happens if device does not support bonding.. that's the case of our devices when they are in DFU mode (they don't expose HID service btw). I don't see anything in Android API telling device can be bonded or not.

What we could also do is, at web-bluetooth level, connect HID service when user requests connecting to the device. This would trigger insufficient authentication error and bonding will occur.

This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot