Can't Figure Out Android App Access (WiFi vs. mobile data)

I have a Hubitat C-7.

Up to now, I never set up dashboards, opened any network ports, or did any port forwarding to the Hub on the router. I do not have any of the Hubitat subscriptions.

Somehow, the Android app is still able to turn lights on/off, when using mobile data.

How the heck is this happening, when Hubitat is supposed to be all local?
I would have expected to be required to SSH into my router before getting access.

How are you doing this? The "Lights/Switches" tab in the mobile app, if that's what you're using, communicates using an endpoint on your hub that is created when you "link" the mobile app to it. This works locally or via cloud, no additional setup required on your part and no additional configuration available as far as I know (e.g., allowing only one or the other like you can on a Dashboard).

A subscription has never been required for this, remote Dashboard access, or any cloud endpoint usage, by the way--just remote access to the admin UI (if you don't have another way).

Yes, it is using the "Lights/Switches" tab in the mobile app.

If the hub 'automatically' sets up some kind of cloud-based link, that is news to me. Is this advertised somewhere?

I prefer to minimize the attack surface; I don't mind about automated firmware checks, but I won't want the hub expose an interface online unless I explicitly allow for it.

I bought Hubitat because I want to avoid the cloud. Does some master list exist to show all cloud-based behaviours? And can I disable the cloud behaviours in some way?

One option is to disconnect your hub from the internet. All your local stuff will keep working.

That's the only one I can think of that maybe isn't clear (the rest normally are, e.g., creating a cloud endpoint in Rule Machine, Maker API, etc.). But using the mobile app in the first place requires a cloud account and hub registration. All are completely optional parts of the hub experience (e.g., you don't need to use the app).


They do make it clear in the documentation that the App is an optional feature that provides some cloud-based features, though I can appreciate those pages do not spell out the technical details.

Beyond this, and potential Community posts that outline the level of detail you are after...I'm expecting additional notes about the use of cloud-hosted services to deliver some aspects of the cloud-based features may be useful for some users wanting to understand the technical aspects of what they are setting up.

I would add that for the dashboards at least, you do have control over the local + cloud-based access in the configuration of the individual dashboard app.

Something that may have not been spelt out earlier... and I believe I am correct in saying... for the cloud-based offerings such as dashboards, Hubitat use Amazon servers to provide their cloud-based endpoints, whether they be dashboard-realated or for RM rules, etc.

Correct. When on mobile (or outside of your lan) it uses Hubitat's cloud servers to connect to your hub. In this case without a VPN or remote admin sub, you will only be able to control stuff on your dashboard or in the rooms portion of the app. No admin functions are available until you get back on your own lan.

It does a sort of reverse ssh into the hub...