I intend to deploy some embedded software on Raspberry Pi devices. All will have WiFi capability, but not all will have internet access.
I want to occasionally be able to update the firmware in all, replacing a single executable (and, possibly, a single configuration file).
At the same time, I want those devices to report some information, probably daily.
For those with WiFi access, that seems straightforward enough, taking the obvious precautions of HTTPS, POST rather than GET, possibly even encrypting the data again, despite using HTTPS (any more?).
Now, for the devices which have no internet access, I could visit them with an Android device. My first thought was to code some Android app to mirror my server’s app, then I realized how silly that would be.
My next thought was simply to use the Android device as a hotspot, and just pass the traffic through from the embedded app to my server & back again – only for as long as the data transfer takes.
I don’t know enough about the security aspect of that. Does it sound like an acceptable solution? The data could be described as “commercial, in confidence”, so not life & death, but I would prefer to avoid man in the middle and reverse engineering of the data.