I am checking into this one now with the developers.
1 of 1 people found this helpful
Standard application relies on the LE stack to manage characteristics, for example to check if peer has permissions to read/write, or to check sizes of the arrays. In this case the characteristics need to be in the GATT database. This is the shared are used both by application and the stack. Within these rules characteristics can be labeled with 128 bit vendor specific UUIDs so that nobody other than your specific client knows what the values mean. You can also provide your security method to allow only your client to read/write characteristics.
Contrarily application can register to process all the L2CAP messages received. In this case application does not need to have characteristics in the database. But application will be responsible for all verifications, and answering clients read/write requests.