Kaspersky Lab analyzed seven popular Android apps that accompany connected cars from various manufacturers. None of the tested apps used code obfuscation to make it harder for attackers to reverse engineer them and none of them used code integrity checks to prevent malicious manipulation. Two applications didn’t encrypt the login credentials stored locally and four encrypted only the password. Most such apps, or the credentials they store, can be used to remotely unlock the vehicle and disable its alarm system. The risks should not be limited to mere car theft, the researchers said in a blog post.”]
Source: https://www.csoonline.com/article/3171671/insecure-android-apps-put-connected-cars-at-risk.html