WTH can't I have a sensor based on the public IP address from the Android App

It would be great for the Android App to provide a sensor to home assistant with the public IP address the phone is currently using.

The use case is, so i can allow that single IP address through my firewall to access services via Nginx into my home network. This will minimise my potential exposure of opening up my firewall. I use Nabu Casa for HA but I would use this feature for other services. I can dynamically update my firewall via API/SSH so i would create an automation that is triggered based on the public IP address changing.

I don’t have any use case for this, but I agree that it should be possible and would be a good idea!
The wifi sensor of the mobile app has IP Address as an attribute, but this could also be added for the cellular connection.

I’m not sure how it would work for multiple SIM cards, if each SIM on a data connection gives the phone a separate IP for each, but that could be added as an attribute per sim just like carrier information is I suppose.

The dual-sim phones I have worked with only use one of the data connections concurrently - so when that is switched, this would be refreshed.
I am uncertain whether this is the case for all dual-sim phones or just the ones I’ve seen. That should be investigated before such is built.

If your IP is and you connect to a wifi which changes your IP to then your router will still only accept connection from 11… Since it can’t get the message what your new IP is since 22 is not accepted.

the Android App uses a different method to push/pull information with home assistant. Possibly a webhook.

I currently do not allow anything inbound from the internet and I can still see info regarding my phone in HA.

If you look in the settings of the app, what does it say?
Isn’t there the IP/duckdns of you HA?
Are you saying this is blank?

You use nabu casa remote right? That is how the app communicates back at home :slight_smile:

This would be a good feature request to the android repo so someone can work on it.

Thanks @dshokouhi, i thought it was probably nabu casa enabling this but wasn’t 100%. I have now created a feature request as suggested.


Are you aware that a lot of mobile carriers use CGNAT? So your phone doesn’t know it’s real public IP anyway and this won’t work.

If it checks it’s IP with an external source (such as https://api.ipify.org?format=json) then it’s trivial to see what IP it will appear to be to everything it tries to connect with.

That would work, except you’re sharing that IP with other users who now also have access to your Home Assistant. Better to use a VPN or TLS client certificates instead rather than relying on the firewall.

Not really sure what you mean, at all, by “other users who now also have access to your Home Assistant”. How does my phones IP give “other users” access to my Home Assistant instance? (My HA instance isn’t hosted on my phone…).

What does that, VPN, or TLS, have to do, whatsoever, with having a sensor inside HA that exposes your phone’s cellular external IP?

Because that is exactly why the OP wants their IP address in a sensor:

Yes, I know that CGNat is used by most Telcos, but allowing a subset of potential devices at a firewall level is much better than everyone. A firewall policy of course wouldn’t be the only layer of protection in place, eg certificates, oauth/2fa.

I was thinking that since I use nabu casa, it will be aware of the public ip address of my device, and therefore could provide a sensor.

While I agree there could be a use case for knowing the IP of your phone, such as faster location tracking if you connect to a known network like wifi at work. The use case you are describing would be much better handled by the Wireguard VPN integration. You are asking to be able to access internal resources where your HA instance is located, in my opinion using ip rules for this even with additional layers is extremely insecure and setting up automations to make those ip exemptions based on the sensor updating also sounds unreliable and slow. With a VPN like wireguard you dont need to do any of that. You can just pop open the app on your phone and turn it on, or leave it on 100% of the time. I’ve done both and it is really quite efficient on your battery. Additionally with the VPN you could implement PiHole or another network level ad blocker and have it filter ads on your phone as well.

TLDR: IP sensor seems fine and could be useful. Your use case is better served by other methods already part of HA.

This feature will be in the next beta release for the android app.

1 Like