Like Nest and Honeywell, ecobee makes smart thermostats that you can easily schedule and control remotely from your smartphone through an app. The ecobee Android app received an update at the start of the month that added support for the new cheaper ecobee3 lite, but it made one drastic change that broke the app for many users. Instead of the app launching like usual, it shows the error message "Security credentials error," and exits.

One Android Police reader alerted us to the issue, pointing out the number of reviews on the Play Store from users who are complaining about it. So we reached out to ecobee to inquire about the situation. Turns out, this isn't a bug but a "feature." The updated app uses the Android Keystore System to save your credentials, and if you root or install a custom ROM to your device, your phone will no longer be able to store credentials in the Keystore.

Here's the full official response from ecobee's Customer Support Team:

The newly released ecobee app for Android includes a security enhancement. Users credentials are now being stored in Android's Keystore System.

https://developer.android.com/training/articles/keystore.html

However there are cases where the operating system will not be able to store the credentials in the keystore. This is typically in the case of rooted/custom(non-offical versions) operating systems installed on the android device. In this case, the app will post a message “We're unable to secure the credentials on your device. To proceed, please contact ecobee customer support.” and exits the app. The app does not proceed unless it is able to secure the credentials. If it is determined that the users running a “rooted” or “custom” operating system then we do not support that OS. We recommend the user to install an official version of Android.

So there you have it: if you want the ecobee app on your Android phone to work, you have to play by the rules. I can't say I'm a fan of such practices because users already bought these $250 thermostats and were using them with their devices, regardless of their rooted and custom ROMed states, and all of a sudden, they can't anymore without changing the state of their device. It's easy to see why ecobee wants to take all measures to secure and keep user information private, but a little heads-up would have been nice in this case.

Thanks to a comment from Mike from the ecobee team on this post (featured comment below), we now have a clearer picture of the limitation: this problem was not created intentionally and root support was not really removed. The ecobee app will still function with most rooted devices and launch without any issue, but there's a small subset of these rooted devices where it will fail to load properly because the OS is not able to secure user credentials in the Keystore. The team is aware of that and working on fixing the issue.

  • Thanks:
  • Leo