Comment by microtonal

Yeah, in the case at hand it's quite silly anyway. We have a VW car and the primary things you can do with the app is check the charging state, stop charging, and turn on the heating/airco.

Unless I overlook something, the worst attack vector for a compromised phone is: you could drain the battery by repeatedly turning on the airco.

Though I guess they are rolling out phone-based car keys, which may be the incentive.