[alkonaut]

The simple solution for safety I think is to just include the software checksum/signature in the approval documents for a car model.

At an interval check, the inspector does the usual sampling tests (brake effect, emissions, looks for rusty brake lines etc), and then validates that all critical computers (ECU's and other systems such as computers related to brakes etc) run software that match the signature of the manufacturer, and that it is the latest version of the sowftare. After a recall such as the VW case, the inspector could fail cars that haven't upgraded to the latest version (which would be required since the original one is known to be cheating on emissions).

This is a bit harsh compared to other modifications: an owner can put on a set of extra lights or cool wheels without necessarily failing an inspection, whereas even changing a single bit of the software would immediately fail it in this case.

I can't see any way around this though, apart from separating programs into critical (brakes, ECU) /non-critical (Media, nav,...) software, where only the critical software would be checked.