I understand how a router uses NAT/NAPT to enable a client on my home network to request a packet from an external server, and hence how the router knows to which client to send the packet that is returned by the external server.
But if I open the app on my phone (when away from home), how does it make a connection to the aircon controller on my home network (and what stops anything out there on the internet making connection with my aircon controller - or in fact any other device on my home network)?