Comment by microtonal
3 hours ago
The reason they don't is the same reason Google closed my ticket asking them to include Graphene keys in Play Integrity checks: they don't care.
I think the reasons are very different. VW maybe doesn't care. Google does it because it would undermine their stronghold over the platform. If they would allow GrapheneOS, what would block Samsung or another OEM from also sandboxing Play Services and not preinstalling a bunch of Google apps and requesting the same?
This shows why attestation is in the wrong hands. Whether a particular device is attested should be purely based on the security of the device (which would also exclude a bunch of certified devices that Google will happily attest now), not on maintaining a smartphone duopoly.
Alternatively: don't add inherently-unsafe functionality which requires attestation in order to have a veneer of "safety".
As media piracy and game cheating has shown: no matter how hard you try, there will always be ways around it. You should assume that 3rd-party device you have zero control over is already compromised, so why not use the API as the boundary layer, stop pretending you can secure the app, and open it up to 3rd-party access like it already is in practice?
Yeah, in the case at hand it's quite silly anyway. We have a VW car and the primary things you can do with the app is check the charging state, stop charging, and turn on the heating/airco.
Unless I overlook something, the worst attack vector for a compromised phone is: you could drain the battery by repeatedly turning on the airco.
Though I guess they are rolling out phone-based car keys, which may be the incentive.