It really isn't too hard to think of ways to do this that involve "iCloud" for key transfer, but keep the locus of control at the car/primary-drivers-phone nexus. Doing it differently would only introduce liability that Apple would rather not have.
iCloud is a service that Apple holds users' encryption keys with, and gives up control of to other organizations (which is what they did in China, for example). Given their focus on privacy is almost purely superficial, it wouldn't surprise me if they didn't.