Yes, directed advertisement and whitelist might not be the right choice to restrict connections to a few mobile phonesespecially if you are using a 4.1 device with Security 1.1 because most phones use Resolvable Random Address,
As you might know, in a 4.2 device with Security 1.2, the address resolution takes place in the controller, so you can use a whitelist to restrict connection to a specific set of centrals.
Now, a workaround for 4.1 devices is to use the bdHandle once the device is connected. The bdHandle is a constant for a central with which the peripheral has bonded. For the 1st bonded device, the bdHandle will be 4, for the 2nd device, it will be 3 and so on for the other two bonded devices. So you can do the following in your application:
- Connect with the central/phone for the first time.
- Complete pairing and bonding.
- Now, during reconnection, check the bdHandle in the CYBLE_EVT_GATT_CONNECT_IND. If it matches the old bdHandle, then allow connection.
- If the bdHandle is new and does not correspond to the bonded device, then disconnect.