I have a local Home Assistant server running and are using the Home Assistant Companion App on Android. Is there an option, so that the app only tries to connect to my server if I’m on my local network? Currently, the app even tries to connect when I’m on mobile data and/or connected to another WiFi.
I saw that I can set a internal & external URL in the App settings, but the external URL cannot be empty.
But then the app also tries to connect to this IP even if I’m connected to another WiFi. Can’t the login data or other data then be recorded?
Thanks for the link, but this is only regarding the notifications. My concern is that when I’m not on my local WiFi the app tries to connect to my server via its IP and because there e.g. is no SSL, one could sniff passwords or could act as it is “my” Home Assistant server.
Assuming the companion app ks implemented correctly (and I am confident it is) the companion app does not have your password - only a short lived access token and a refresh token. Which would be of no use, because your HA is not accessible from the internet. Besides it being a very unlikely scenario that anyone would care enough about your Home Assistant instance to take the effort to spoof your instance. That is assuming you youself would not try to log in when outside, and you don’t reuse passwords for anything.