Below are our responses regarding your questions about the Yeelight app.
1. Why would the Android application for Bluetooth LED lamp need to scan for Wi-Fi?
Aside from the Bedside Lamp, the Yeelight app supports many other devices, and is used across products that are Bluetooth-enabled, Wi-Fi enabled, and some that support both Bluetooth and Wi-Fi.
2. Regarding some of the permissions Yeelight app asks for:
● AUTHENTICATE_ACCOUNTS：This is to allow those using MIUI to automatically log in to their Xiaomi accounts on the Yeelight app.
● DOWNLOAD_WITHOUT_NOTIFICATION：This is used for downloading the Bluetooth device firmware, so users won’t see the download process in the notification bar. This implementation is common across products in the IoT space.
● ACCESS_COARSE_LOCATION：From Android 6.0 onwards, apps must have the ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION permissions to access the hardware identifiers of nearby external devices via Bluetooth and Wi-Fi scans (https://developer.android.com/about/versions/marshmallow/android-6.0-changes.html). This is therefore necessary for the Yeelight app to add devices.
● KILL_BACKGROUND_PROCESSES; GET_TASKS: The app consists of many processes, some running in the background. These permissions allow the Yeelight app to manage these processes, and avoid situations where the system stops a necessary process.
● RECORD_AUDIO: Some Wi-Fi products supported by the Yeelight app come with a feature that allows the product to respond to music. To use this feature, the app needs this permission to turn on the microphone. This is not used for the Bluetooth-only products.
3. Code showing SSID and MAC address
The code is part of MtaSDK, which is a Mobile App Analytics tool, used to improve software quality. This tool is part of a third-party library used in the Yeelight app to enable integration with WeChat. However, the data analytics interface is never used in the Yeelight app so no data will be collected.
4. Regarding code with the terms “newtorkId”, “ssid”, “bssid”, “password”
The Yeelight app supports various Wi-Fi-enabled products. When a user sets up such a device, the device goes into AP mode, which means it becomes an access point which the Yeelight app searches for, so it can connect to the device easily. This is not used to search for surrounding SSIDs from routers.
5. Regarding XMPushService：
This is part of the Android MiPush SDK, which is used to notify users about changes in the device.
6. Regarding LogCollectionService
As the user correctly observed, there was no log upload associated with the code seen here. This feature will not, under any circumstances, upload log files without the knowledge of the user. This feature is only used in debug mode, and is used for internal testing.
7. Regarding audio recording
As mentioned in the permissions explanation above, some Yeelight Wi-Fi products use the mic on the smartphone to respond to music. However, the Yeelight app DOES NOT record audio upon startup. The screenshot provided appears to be showing a Google service trying to record audio and failing to do so (ErrorProcessor: Caused by: com.google.android.apps.gsa.shared.exception.GsaIOException), and not the Yeelight app.
You can also get these response from https://medium.com/@yeelight/hi-peadar-thank-you-for-your-mail-to-us-87e7e279e129 .