IoT Firmware OTA Update via Mobile App

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
IoT Firmware OTA Update via Mobile App
Medium
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

OTA Firmware Updates for IoT Devices via Mobile Applications

OTA (Over-The-Air) firmware update is a critical function for any IoT product. Firmware bugs, new protocols, security patches — all must be delivered to devices without physical access. The mobile application either initiates the update or serves as the transport for transmitting firmware directly via BLE.

Two OTA Scenarios

Cloud OTA: The device downloads firmware from the server when it connects to Wi-Fi. The mobile app only notifies the user of available updates and shows progress. Update logic is device-side (ESP-IDF OTA, Mender, Hawkbit).

BLE OTA: Firmware is downloaded to the phone, then transmitted to the device via BLE. Used when the device has no direct internet access or when strict control over the update process is needed.

BLE OTA: DFU for Nordic nRF

For nRF51/nRF52 devices — Nordic DFU (Device Firmware Update). Official library from Nordic Semiconductor:

// build.gradle
implementation 'no.nordicsemi.android:dfu:2.3.0'

// Start DFU
val starter = DfuServiceInitiator(deviceAddress)
    .setDeviceName(deviceName)
    .setKeepBond(true)
    .setForceDfu(false)
    .setPacketsReceiptNotificationsEnabled(true)
    .setNumberOfPackets(12) // PRN - balance speed and reliability
    .setZip(firmwareUri) // .zip with firmware and init packet

val controller = starter.start(context, DfuService::class.java)

setPacketsReceiptNotificationsEnabled(true) + setNumberOfPackets(12) — device acknowledges every 12 packets. Without PRN, losing one packet means restarting everything. With PRN — resume from the last confirmed position.

The DFU library starts DfuService as a foreground service — user can minimize the app, update continues. Track progress via DfuProgressListenerHelper:

DfuProgressListenerHelper.registerProgressListener(this, object : DfuProgressListener {
    override fun onDfuProgressChanged(deviceAddress: String, percent: Int,
                                      speed: Float, avgSpeed: Float,
                                      currentPart: Int, partsTotal: Int) {
        updateProgress(percent)
    }
    override fun onDfuCompleted(deviceAddress: String) { onUpdateSuccess() }
    override fun onError(deviceAddress: String, error: Int, errorType: Int, message: String) {
        onUpdateFailed(message)
    }
})

Typical DFU speed: 50–80 KB/s for nRF52840. 200 KB firmware — about 3 minutes.

ESP32 OTA via BLE

For ESP32 — esp_ota_ops on device side + custom BLE service for data reception. Espressif doesn't provide ready-made BLE DFU SDK (unlike Nordic), so the protocol must be implemented yourself or use esp-idf-ble-ota library.

Basic scheme: phone sends firmware in chunks by MTU-3 bytes. Device collects firmware in OTA buffer (esp_ota_begin, esp_ota_write, esp_ota_end), then reboots with new image. On error — rollback to previous version via esp_ota_mark_app_invalid_rollback_and_reboot().

// Split firmware into chunks and send
val chunkSize = mtu - 3
val chunks = firmware.toList().chunked(chunkSize)

chunks.forEachIndexed { index, chunk ->
    writeCharacteristic(firmwareDataCharacteristic, chunk.toByteArray())
    // Wait for ACK from device before next chunk
    awaitAck()
    updateProgress((index + 1) * 100 / chunks.size)
}

Important: never start OTA with phone battery below 20% or weak BLE signal. Interruption mid-firmware could brick the device if it lacks rollback mechanism.

Cloud OTA: Mobile App Role

With cloud OTA, the phone is UI only. User sees "Update 2.1.0 available", hits "Update", tracks progress.

Device sends update progress via MQTT or WebSocket. Statuses: idledownloading (with percent) → applyingrebootingupdated / failed.

Don't show endless spinner. Update can take 5–15 minutes (download + flash write). Show concrete progress with stages. After reboot, device appears online with new firmware version — reflect this in UI immediately.

OTA Security

Firmware must be signed — device verifies signature before applying. RSA-2048 or ECDSA-256. With cloud OTA — HTTPS with certificate pinning against MITM. For BLE OTA — Nordic DFU init packet already contains hash and signature.

Without signature verification, any attacker with BLE access can flash malicious firmware.

Implementing BLE OTA with Nordic DFU: 2–3 weeks. Cloud OTA UI with progress monitoring: 1–2 weeks. Custom ESP32 BLE OTA protocol: 3–5 weeks.