Security notes on AppMessages

[iSoron]

I am new to Pebble development, but going through the docs, there doesn't seem to be any notes about the security of messages sent from Pebble watchapps to Android apps and vice versa. In particular, the docs fail to mention that:

1. Messages sent from the watchapp can be intercepted by any Android app, not only the app that they are "intended to". That is, if the watchapp transmits confidential data to the Android app, then the developer must take extra steps to obfuscate or encrypt such messages before sending them.
2. A malicious Android app can easily create and send bogus messages to any watchapp, since UUIDs don't seem to be considered secret information. This could be done, for example, to crash a particular watchapp, to corrupt the user's data, or to force the watchapp to broadcast some confidential information. The watchapp developer, therefore, must take extra steps to guarantee that the messages received are coming from a trusted source.