I’m new to HA but concerned about the security of the cloud service. As far as I understand, with the HA Cloud remote access enabled, the whole WebUI of my Server is exposed to the Internet. I don’t need public access to my WebUI. I only want my mobile Apps having access to my server. With that said, it’s an avoidable risk to have the normal WebUI public available (anybody can try their luck with brute force there).
The much better way would be to authenticate every mobile devices App when connected locally by handshaking an App Token. Only Apps with such a token get remote access to the server. With that, no username/password login for external app access is required.