FR version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
48% Positive
Analyzed from 5130 words in the discussion.
Trending Topics
#car#data#phone#bluetooth#more#android#auto#carplay#gps#connection
Discussion (169 Comments)Read Original on HackerNews
How is this the case? I thought bluetooth was just sharing my phone's audio. Why would it allow requests over the internet? Surely there's a way to tell the phone not to give its internet connection to any connected bluetooth device?
The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.
They are both very cagey with how they talk about this (or don't).
I know the laws are far from perfect, but isn't there some legislation compelling them to disclose what they collect?
What specifically would be the most relevant law/regulation? (If it varies by geography, pick any major market, eg. California, that is big enough to impact their engineering design and the content of published material). You mentioned they're cagey, and my aim is to examine if there's a gap between what they're supposed to disclose and what they do, which could be rectified by litigation. Eg. If they just say "vehicle telemetry" that doesn't tell you much, and I'd happily contribute to an EFF effort to get them to elaborate.
Alternatively someone who works close to this code could provide some examples of what a "typical" smartphone OS platform collects these days.
It's hard to not want to throw your hands in the air screaming "whatever" when almost everything you use in public is somehow used to track you either as you move around, or in the future.
The real solution is technology, and popularization of something similar to Freenet, and hardware with an OS that is powerful enough for most people use their phones today, and as easy to use as Android or iOS.
Cell providers will still track and permanently store and sell your location information, and any conversation over SMS or non-E2E platforms will also still permanently stored, but at minimum you can have private conversations when you really want and your online activity (outside of banking etc) can be private.
Things will both get harder and easier with AI. Harder because soon the government will have AI track every single person on the planet, and an LLM will be reading every text, email, and online post you make to make sure you're not a threat to national security or some excuse around CSAM (which I'm not advocating for, obv). On the flipside, as we move away from things like browsers, and can have local LLM models do most of our web browsing for us and present it however we want (free of ads, tracking, annoying styling, cookie banners), it will be easier to not have friction for changing browsers and operating systems etc to protect your privacy.
Source? Can bluetooth devices do that without the user's knowledge?
Allowing it to connect over Bluetooth requires granting AA plenty of additional permissions which I didn't want to do (but hey, on GOS at least you can muzzle that thing).
What's more concerning is that it's entirely unclear exactly what information is shared over the Android Auto link, in my case, over Bluetooth.
A lot of this has obvious use within the AA interface; for example, the parking brake position is used to prevent scrolling too far through lists, and the car's GPS is usually much more accurate than the phone's and better on the phone battery.
0: https://github.com/f1xpl/aasdk/tree/development/aasdk_proto (pretty old reverse-engineering effort)
How?
You can also "firewall" AA via something like TrackerControl, this would let you block connections to eg. Google Analytics servers without denying network access altogether (which would likely cause AA to stop working). I've only used AA with short-term rentals so I didn't spend too much time exploring these options.
I would be concerned that a passenger connecting their phone to it while I was driving.
In other cars I've been successful picking up the relevant modules for peanuts from surplus/scrap then just desoldering the RF-active components (like bt radios, etc) and swapping them in. YMMV but if it doesn't work you're just out the cost of a junk part.
Even if some radio feature is benign its existence means that its hard to be confident that there isn't some other telemetry feature you missed. With no connectivity at all you don't need to worry that you missed something because you can monitor the car with a spectrum analyzer and observe its never transmitting.
Unfortunately in some newer cars you can't swap any modules without a dealer tool to pair the module to the car, presumably in a bid to prevent third parties from fixing the car (presumably preventing people from lobotomizing their surveillance isn't on their radar yet).
I have reported this to Toyota multiple times with videos detailing the problem and they have denied the problem and ultimately when faced with the evidence simply refused to fix it.
I've been a big fan of Toyota's Production System and their management culture, but this experience has really diminished the brand for me. I realize these problems exist with all cars today. The pattern seems to be to foist low-quality hardware and software on their customers and take no responsibility for the results. Software bugs aren't what they consider a "typical car problem" so they simply don't fix them.
The only fix I've found is to disconnect the phone and use its map standalone, just sending audio over Bluetooth. Maybe it's possible to get Android Auto or Carplay to reject GPS data from the car? I don't know...
My experience is pretty small; I've owned the same Tesla Model 3 LR for the last 6.5 years, and the software has been pretty much solid the entire time. There was briefly a problem with echos when I called land lines using the bluetooth and my iPhone, but that problem eventually went away - not clear if it was because the iPhone changed, the software was updated, or perhaps the particular landline I was calling got an upgraded CO, but for a car that's a pretty good track record. There were some sensor glitches but they got fixed.
I've test driven other cars. Lucid Air - tons of weird glitches. Rivian - almost as good as the Tesla, but laggy UI on a brand new car. My Tesla is almost seven years old and still smooth as the day it was new! How do they do it?
Compass heading specifically does seem to be unusually challenging. Does anyone else recall the bizarre "Google Maps on iPhone is 90 deg off" problem? Totally strange.
https://www.mavericktruckclub.com/forum/threads/telematics-f...
I don’t think there’s convincing my dealer to get into the service menu and disabling it.
I would presume that other manufacturers might have this as well.
How far do you live from Massachusetts, and how do your feel about driving vacations?
I would be very concerned that the flag just continues to submit your data but with a "telematics disabled" bit set on it. This is absolutely how location privacy is implemented in some devices. Moreover, even if it is effective it could be remotely reset including accidentally as part of an update.
Better than not setting it, I suppose! :)
- It has an internal battery and will keep running for quite a while after pulling the fuse. This is a safety feature in case you get in a crash that disconnects the 12V battery
- It will break your in-car microphone as discussed. Repairing that requires opening up the dash
- That won't do anything for disconnecting the GPS antenna
Jokes aside, I am seriously pissed at Nissan because it was one of reasons I bought it in the first place: to pre-heat or pre-cool the car remotely before going to work, while it is still plugged to the wall charger. And they just decided to take it down. Funny thing, they even mentioned in the email that "not to worry, I can still use my AC when I am in the car". Wow.
Sorry, rant. Anyway, my point being - buy Nissan Leaf, no connectivity guaranteed by the manufacturer, LOL.
As I own two Toyota's I have read through these carefully and consistently the theme is that the owner was opted into this program without knowing it (likely by the sales person clicking through setup steps to enable every feature). If you are not opted in, I have seen no evidence they share driving data.
When I set up my Toyotas, the app clearly walks through the programs they have and you must click either "yes/opt in" or "no/opt out" for each program. It is not opted in by default.
Guaranteed
What is the basis for this claim? I've never heard of this capability.
A random post on a forum is not evidence that Toyota has found a magic way to exfiltrate data over a bluetooth connection without turning on hotspot/etc.
But they could also do this over USB, so something doesn't add up.
yes. there ought to be a right to reasonable expectation of behavioral privacy where if it's not obvious and intrinsic to function that behavior is being recorded then it must be consented with functional opt-out.
gps tracking to the manufacturer of a car seems egregious. i wonder if it runs afoul of anti-stalking laws.
Peppers article with Amazon affiliate links
Perfect summation of 2026
Afaik phones do not share their internet blindly to Bluetooth devices.
I think they should try to make some areas where they remove roads so that there will not be cars there. I read a book that mentions many other reasons to do this, and it can also be done to avoid this, as well as other issues (e.g. many kind of pollution). Although there are disadvantages, they can be mitigated and have better advantages if handled properly (which involves more than only the roads and cars).
Even independently of that, is the issue of devices transmitting data when using other functions that should not need to use it; I think it should probably not be permitted, unless you are deliberately doing so. (Also, deliberately removing the power to any electrical devices should also be always possible.)
Modern Kias with the CCNC cockpit have a data connectivity unit that exclusively handles cellular. If you can get this unit unplugged, which only requires two Phillips head screws to remove, your set. It took me nearly 2 years to figure this out. Thanks OP
If you then charge only at home you’re even more private than gas cars, which must stop at gas stations with cameras.
But both types of vehicles are easily spotted with Flock cameras. And if you keep your phone on that tracks you, too.
I’m not that paranoid so I won’t do it, I just wanted to know.
When you get in a car, you have to spend 20 seconds disabling all those systems. Lane keep assist is downright dangerous as it keeps you in your lane if you do an emergency avoidance manoeuvre.
I don’t hate safety system like emergency brake assist or ABS but I don’t need a nanny keeping me in my lane. I also don’t need a coffee symbol for taking a break.
However, you now have a chance to buy one of the rare prototypes!
https://finance.yahoo.com/sectors/technology/articles/bollin...
https://rabbit-labs.com/product/cancommander/
Crazy commenter, tell us a little about this. Can I use it on any Can bus?
I'd like to think failure to apply an OTA safety update would trigger a mail-out notification requesting you bring the vehicle into the dealer. But that's probably optimistic...
(I dread the day my 2007 Civic is no longer usable.)
You can download and store Open Street Map for individual states. Map data doesn't have to come in over the air. That's not the problem. It's enhancing GPS with cell phone tower data that's the problem. That requires a cell connection.
You could get more accurate fix with RTK data, but I'm not sure if that's actually widely used. And in any case that doesn't require active communications either, you could get correction data from satellite broadcasts too.
If your device has zero GPS signal then you can get ~100m accuracy from the cellular signals alone. If your device doesn't have "enhanced GPS" then you can get ~1m accuracy from the GPS signals alone.
Note that this changed with 5G beamforming. The new towers have a much better idea of where you are. (My understanding (thanks to other HN commenters) is that technically it's possible to do beamforming without deriving precise 3D coordinates but that this isn't how it's done in practice.)
Technically it only requires an antenna that can listen on the LTE band (or even GSM). Trilaterating based on cell towers with a hackRF or other SDR is a fun exercise.
I hate how this is a trade off. It’s totally possible for cars to broadcast their location only if the SOS is pressed or the crash sensor is triggered, but it feels like there’s no way to have that without also having everything else.
Tuned it off and used our phones from there to the hotel. That was the last time we used a rental cars navigation.
So yeah, its already happening.
DCM Bypass kit. https://www.autoharnesshouse.com/store/AHH-DCM77
You have the full right to view and ask for deletion.
Can you skirt the GDPR by making it hard to discover who you need to ask?