CoAP Protocol Integration for IoT Devices in Mobile App

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
CoAP Protocol Integration for IoT Devices in Mobile App
Complex
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    760
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    640
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1056
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    874
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    449
Show more works

CoAP Protocol Integration for IoT Devices in Mobile Applications

CoAP (Constrained Application Protocol, RFC 7252) is HTTP for microcontrollers. Semantics are the same: GET, POST, PUT, DELETE, HTTP-like response codes (2.05 Content = 200, 4.04 Not Found = 404), URL resources. But it works over UDP, not TCP, uses tens of bytes instead of hundreds, and is designed for devices with 10 KB RAM and CR2032 power.

Mobile application communicating with such devices directly or via CoAP proxy is a niche but growing scenario. Thread networks (Matter-standard smart home), industrial sensors, medical wearables — CoAP is there.

UDP and Packet Loss: How CoAP Solves Reliability

CoAP defines two message types:

  • CON (Confirmable) — sender waits for ACK. If missing — exponential backoff and retry (default: 2 attempts, interval 2–32 seconds). Like TCP guarantees.
  • NON (Non-confirmable) — fire and forget. For high-frequency telemetry.

Each CON message carries Message ID (2 bytes) for deduplication — receiver caches last processed IDs and ignores retries. Cache lifetime — EXCHANGE_LIFETIME (247 seconds per RFC). Working through NAT mobile → IoT-network: account for NAT binding timeout too (~30 seconds for UDP through many carrier NAT).

Observe: Subscribing to Resource Without Polling

RFC 7641 adds Observe option — WebSocket subscription analog for CoAP. Client sends GET /sensor/temperature with Observe: 0 (subscribe). Server sends current value and then notifications on each change. Observe: 1 — unsubscribe.

This is key feature for mobile IoT client: instead of polling every 5 seconds — one request, server push notifications. Limitation: per RFC, server maintains observer list. On client IP change (mobile internet, Wi-Fi → 4G), server doesn't know — need to re-register Observe from new address.

In practice: on each network change (detect via ConnectivityManager.NetworkCallback on Android, NWPathMonitor on iOS) — resend all active Observe requests.

DTLS: Security Over UDP

CoAP without encryption — insecure for production. DTLS (Datagram TLS, RFC 6347) — TLS analog for UDP. Handshake heavier than TCP TLS (4–6 RTT vs 1–2 for TLS 1.3), critical for devices with slow processors.

CoAP Security Profiles:

  • NoSec — no encryption. Only for isolated networks.
  • PreSharedKey (PSK) — symmetric key, hardcoded in device at factory. Most common in industrial scenarios.
  • RawPublicKey — without PKI infrastructure but with public keys.
  • Certificate — full PKI. Rare on constrained devices.

For mobile client connecting to PSK devices: store PSK keys securely (Keychain / EncryptedSharedPreferences) and implement DTLS handshake via library with PSK support.

Client Libraries for Mobile

CoAP libraries for mobile significantly fewer than MQTT. Real options:

Platform Library DTLS Observe
Android Californium (Eclipse) + (via Scandium) +
iOS libcoap (C, via FFI) + +
Flutter coap (pub.dev) partial +
React Native none ready

For React Native only viable path — native module (Californium on Android, libcoap on iOS via Objective-C bridge) or CoAP-to-HTTP proxy on backend.

Californium (org.eclipse.californium:californium-core) — most mature implementation. Observe via CoapClient.observe() with CoapHandler. DTLS via separate scandium artifact. Example PSK connection initialization:

DtlsConnectorConfig config = new DtlsConnectorConfig.Builder()
    .setPskStore(new StaticPskStore("device-id", pskBytes))
    .build();
DTLSConnector connector = new DTLSConnector(config);
CoapEndpoint endpoint = new CoapEndpoint.Builder()
    .setConnector(connector).build();
CoapClient client = new CoapClient("coaps://192.168.1.100/sensor/temperature");
client.setEndpoint(endpoint);

For iOS libcoap compiles via CocoaPods with custom podspec or SPM as binary target (needs rebuild for arm64/x86_64). Not a 15-minute task.

CoAP Via CoAP-HTTP Proxy

If devices in isolated IoT network and mobile client must communicate over internet — CoAP-to-HTTP proxy (or CoAP-to-MQTT proxy) removes complexity from mobile side. Eclipse Hono, AWS IoT Core with CoAP endpoint, or self-hosted Californium proxy.

Mobile client works via regular HTTPS/WebSocket, proxy translates to CoAP. Lose direct Observe (need its emulation via SSE or WebSocket at proxy level), gain client code simplicity and TCP reliability.

Assessment and Timeline

CoAP integration — non-standard task. Timeline depends on scenario: if via proxy — 2–3 weeks. Direct CoAP with DTLS on native platforms — 4–8 weeks including Californium/libcoap tuning, DTLS handshake and Observe. Must clarify device security profile and network infrastructure readiness before estimating.