[SahAssar]

> and might not be able to provide an internet connection

But this router has to have an internet connection for this flow to work, right? Otherwise how can the router get the password from the cloud service?

What is needed is the device-to-router connection to work securely but by sending the wifi credentials plaintext that is not secure, so not sure what is won here.

[abadpoli]

The router itself has an internet connection but that doesn’t necessarily mean that all of the other stuff required to actually route traffic or connect other devices is configured (like DHCP).

It’d be possible to have some sane defaults in there to make it work, but I wouldn’t count on them to be 100% out in the field of who-knows-what-crazy-settings-this-consumer-has.

> sending the wifi credentials plaintext that is not secure

If the connection between the app, router, and cloud server are all HTTPS, then it’s probably more secure to do it that way than it would be to send it over an unconfigured, insecure WiFi network (which typically uses HTTP or unsigned certificates for the management interface).

[xp84]

it occurs to me now that the whole recent stuff that Apple has been pushing, where apps are banned from making HTTP requests (HTTPS only) may have been the impetus for this. Their "setup app" can't connect to http:// 192.168.1.1/ (or if if can, does so only after popping up dire warnings in scare dialogs) -- but it can connect to the "cloud" server so just send it up to the cloud and back down the WAN port. I can see how they arrived here. Still this is why "apps" suck for this purpose, but I bet they moved to apps for because there are probably plenty of households without a working computer, who need wi-fi for their phones and Rokus, and this proved to be the friendliest way to do it.

[SahAssar]

Even if all that is true why would you not use a temporary password to then directly set the real password? It seems to me like they have not treated the password as an actual secret in this transaction.