Skip to content

Custom Pairer Privacy Policy

Jump to bottom
Alberto Geniola edited this page Jun 22, 2022 · 2 revisions

User's Privacy regulation about Custom Meross Pairer app

The Custom Pairer app developers are committed to protecting the users' privacy. This document explains what data is collected, stored and how such data is used and stored within the Meross Pairer App.

Warranty disclaimer

Please beware the app is provided as is, without any warranty: any damage to things, people, reputation or any economical damage caused directly or indirectly by the usage of this app is not covered by any warranty; nor the developers are liable for those. Therefore, by using the app, the user clearly relieves the app creators from any responsibility regarding those matters. This includes, while not being limited to, any data breach due to app-hacking and exploiting bugs.

What data is collected?

Essentially, the Custom Meross Pairer app does need to handle very few information, and only for the sake of authentication with the Meross services or with the Local addon service. Specifically, this pairer collects the following:

  • UserId
  • Email/Username
  • MQTT User Key
  • HTTP API Token

As you can see, the user's Meross Account password is not persisted within the app storage. In fact, the password is only used to obtain the MQTT Key and HTTP Tokens, which are instead persisted for later use.

Optionally, the app allows the user to store WiFi SSIDs and Password information for simplified user experience when pairing Meross devices. Users can specify whether to "save" such information for later usage, or simply type SSIDs and Password information on every pairing attempt.

Where is that data stored and how?

All the user's data mentioned above is stored into the Android app's private storage area. When available (depending on the Android version running the app), the app uses the secure storage technology which relies on hardware-backed security system to keep the data safe and secret.

How is data transmitted and how?

Stored data is used only for the sake of pairing Meross devices with the MQTT and API services chosen (either the official Meross broker or third party ones). The security of the communication channel used depends on the broker endpoint: when using HTTPS endpoints, the data is transmitted over a SSL secured channel. When using HTTP endpoints, the data is transmitted over a clear-text HTTP channel and is, for this reason, subjected to MitM attacks or sniffing. The user should therefore make sure not to connect to HTTP endpoints when connecting on insecure or untrusted networks.

How can I delete my data?

The simplest way to delete all the app's data is to uninstall it via Android app manager.

Clone this wiki locally