In this article, it is discussed how many of the Android apps that are used to locate and unlock their vehicles are missing many security features. Some of these features include: obfuscation, which is used to make it harder for hackers to reverse engineer the code, code integrity checks, encryption of credentials, and a check to see if the phone is running rooted. Another security flaw is a lack of check to see if there is an overlay on top of the app that displays a fake login, used to expose the login credentials.
The article states that while these types of apps might not enable theft, it could make the job easier. Some of the apps have the ability to unlock the car and disable the alarms. Also, per Kaspersky, “Accessing the car and deliberate tampering with its elements may lead to road accidents, injuries, or death.” As cars become more connected and transitioning to be an IoT, security will become paramount.
http://www.csoonline.com/article/3171671/security/insecure-android-apps-put-connected-cars-at-risk.html
I’m not sure if this is either more of a Google’s Android issue or a developer one. Regardless what is, all parties involved should play their part to resolve this issue. Like I always say, the key here will be to work together. Together is stronger, and in turn stronger is better against hacking. The Android team will need to reinforce the process of approving Apps. Force developers to follow proper security procedures to protect users. Developers can play their part by not only following strong security protocols, but also focus on adopting a security mindset when coding. Users can contribute to this by disciplined themselves to report anything suspicious.