Is there an authentication in the Bluetooth BLE standard? (reverse engineering trouble)

Question

In short

When I connect to a BLE device with an unofficial app/program, GATT commands are not executed by the device.

Does the app need to run some king of authentication with the device? (a Bulb)

My reverse engineering story

I am trying to reverse-engineer a Bluetooth LE bulb (the Holi Sleep Companion). I have successfully found the GATT messages I need:

1. by reading the HCI journals from Android (dev tools)
2. by disassembling the Java code of the Android app (Sleep360)

However, sending the exact same sequence of Bluetooth messages to the Bulb does not work.

While testing, I actually found that the following works for one GATT command if quickly run in the right order:

1. I connect the official Android app
2. I close the official Android app
3. I connect my own app/program and send one GATT command (from the same device or another)

My tests

I run my tests with two methods:

1. with the nF Connect Android app
2. with my own python script running on a Linux laptop with bluez

Thank you for you help!

Answer 1

No there is no such "authentication standard". You have the pairing and bonding however in the standard but that is usually taken care of by the system and not by an app in Android.

A manufacturer is free to use GATT as a transport layer and then build an authentication protocol on top of it.