That's a bit disappointing. I was hoping to get one of these bands, but to hear them say that all data is stored on Microsoft's cloud is a bit disconcerting.<p>I wanted to track my heart rate while I run. I didn't want to let a large company have direct access to my health information.
It seems to use a standard odata format over ssl with oauth token security. I wonder if it's possible to simply attach an Excel worksheet to the data feed (<a href="https://support.office.com/en-us/article/Connect-to-an-OData-feed-4441a94d-9392-488a-a6a9-739b6d2ad500" rel="nofollow">https://support.office.com/en-us/article/Connect-to-an-OData...</a>)
I'd notice those URL parameters anywhere.<p>There is a very strong chance that it fully conforms to the OData spec: <a href="http://www.odata.org/documentation/odata-version-3-0/url-conventions/" rel="nofollow">http://www.odata.org/documentation/odata-version-3-0/url-con...</a> - although I'm not sure which version (most recent MSFT stuff has been 3.0).<p>So what you could do is hit a URL such as:<p><pre><code> https://prodphseus.dns-cargo.com//v1/Events?$filter=AverageHeartRate gt 90
</code></pre>
To get the events where you pushed yourself above 90.
Where's the money here? It's not a subscription based service, so what financial sense does it make to dump this data straight to a server?<p>I can't imagine there's complex data processing being done that a smartphone can't handle, so I assume the data is being sent back because it's somehow useful or valuable to Microsoft.. but how?
As he already decompiled the app, wouldn't a more promising route be to figure out the Bluetooth communication between the app and the band? Using this knowledge, you could eventually write your own (private) app and bypass Microsofts's servers completely. (Provided they don't use some crazy authentification and/or encryption schemes in the Bluetooth protocol.)
I started poking around w/ mitmproxy the other day as well, since I had started to get a little tired of waiting (Microsoft has promised an open API/SDK of some sort, but there haven't been any updates to any of the software since release) w/ similar results. (I did this against the iOS app).<p>So I'll just post a couple notes:<p>* auth appears to be using OAuth WRAP (deprecated as a spec, but Microsoft appears to use it for Live logins), so I'm sure could be pretty easily extracted for an API library<p>* As mentioned the API mostly talks to an endpoint on and the returns are gzipped JSON <i>except</i> for a PUT to prodwus0sts.blob.core.windows.net for the binary log of your actual data (there's a subsequent PUT that then sends the UploadId and some other metadata to the API server)<p>People have mentioned wanting to avoid sending your data to the cloud completely, and that should be completely possible. The easy way atm is that you could just mitm the endpoints and sync as normal w/ the app.<p>However, there are at least a couple of people that have successfully reverse-engineered the BTLE protocol, although I haven't seen anything fully published yet. This appears to mostly/primarly be based on digging through the Windows client's DLL.<p>Pic of source w/ some of the BT protocol:
<a href="https://twitter.com/JustinAngel/status/527955001436418048" rel="nofollow">https://twitter.com/JustinAngel/status/527955001436418048</a><p>Some BT functions:
<a href="https://twitter.com/JustinAngel/status/528383467742957571" rel="nofollow">https://twitter.com/JustinAngel/status/528383467742957571</a><p>Methods extracted from the dll:
<a href="https://twitter.com/JustinAngel/status/529876592479047682" rel="nofollow">https://twitter.com/JustinAngel/status/529876592479047682</a><p>(On OSX, strings gives you significantly less useful information, although apparently it was built by 'ianhowle' and there's a native Objective-C "CargoKit" library)<p>Note, there's one open source project that has theming and plans on building live sensor output: <a href="http://unband.nachmore.com/" rel="nofollow">http://unband.nachmore.com/</a><p>And there's a closed source phone already that <i>does</i> access all the sensor data in realtime: <a href="http://www.windowsphone.com/en-us/store/app/band-sensor-monitor/68f97b41-de2f-4579-a473-5d476a5c5196" rel="nofollow">http://www.windowsphone.com/en-us/store/app/band-sensor-moni...</a><p>I'm not too familiar with Windows Phone, but I believe you can access and decompile an unencrypted XAP if you have a rooted Windows Phone to see what it's doing.<p>I don't really have much experience/use/access to Windows stuff in general, but for someone w/ that kind of experience, I can't imagine it being very hard to deconstruct.
The most amusing part for me is the domain name dns-cargo.com
Seems like a random choice. Wonder if this was just some spare throwaway domain they had laying around.
So far despite the decent specs the Microsoft Band is disappointing to pretty much everyone I've spoken to who bought one. Now that I know how the data storage functions additional disappointment abounds. This is clearly no exception to equating the MS Band as the windows 8 of smartwatches. I am fanatically thrilled I couldnt find one when I wanted to buy one.