[9g3890fj2]

I connect my phone to my 2015 Nissan's bluetooth, but just for music. GrapheneOS lets me prevent its access to my contacts, call history, active calls, text messages - anything but music audio. To me (but not the less tech literate, I know), if you're connecting your car to your phone, it's obvious that it is able to gather things about you.

That said, because I don't know much about cars, I don't know if the car is even capable of phoning home or by what means. Is it a 4G signal? Just a radio transponder? How do I even investigate without tearing my dash apart?

[bzzzt]

All new EU cars since 5 years ago are obligated to have 'eCall' which contacts emergency services in case of a crash. Most manufacturers solve that problem by including a 4G module.

Older cars also collect information. Most dealers read out the nav computer drive at service intervals so they also know where you've been, who you called etc, only a bit later.

[giantg2]

Another reason to do my own service or find a trusted independent shop.

[Tangurena2]

The car companies won't let that information out to independent repair shops (except where mandated by laws). The "right to repair" movement is one attempt to make it possible.

The worst offender is John Deere and their newer farm tractors. Only authorized repair centers can get the software needed to troubleshoot the vehicles. Part of why Deere does not want details out there is that some tractor models have the exact same engine, but different power outputs based on how much the customer paid. One could "unlock" a more powerful engine without paying corporate. The really big "implements of husbandry" (as my state calls them) can cost $500k. At peak planting/harvesting time, you can wait weeks for a technician to come to your farm. Or spend a few thousand dollars having it driven to the dealership by truck.

[bdavbdav]

IMHO, the decent indies are all sat on copies of either the original dealer software (by whatever means…) or copies built by companies to emulate original dealer software (VCDS for VAG for example)

[vanilla_nut]

One more reason I'm glad I connect my phone with a headphone jack. Just an analog connection carrying audio. The car doesn't even know what it's playing, as far as I know. Though some cars do seem to extract track names and artist names over the aux jack, so I think there's a little more than just an analog signal?

[stinos]

An analog jack should just be an analog signal, the beauty of it for applications like this being that it just works and for a variety of devices including the very first Sony Walkman to name just something which did not include any extra information. While in theory it is possible to encode extra and inaudible information in there, it seems more likely that if a car then knows what is playing it is just using Shazam or similar.

[giantg2]

Possibly a side channel digital encoding of the track information, similar to how radio stations can display things like track name on your car radio. But I'm not really sure.

[pgeorgi]

I wonder if phones send out RDS (https://en.wikipedia.org/wiki/Radio_Data_System) information on the aux jack and your car happens to pick up on it.

[Forbo]

This sounds like the content recognition they do on TVs. If that's the case, this is creepy as fuck.

[extraduder_ire]

One downside I see to this is it being illegal to use a phone while driving, but interacting with your car stereo is fine.

Now I'm wondering if any car stereos have four-pin aux inputs to send headset button inputs or microphone audio back to the phone.

[flangola7]

Audio jack can be used for Square payment transactions so it can't be that isolated

[extraduder_ire]

Do you mean the thing for reading a magnetic stripe? It's no surprise that can be trivially sent over an audio interface. That's how recording audio onto tape works in the first place.

[Larrikin]

Don't Android and iOS by default prevent bluetooth from accessing your contacts and calls. I know on Android you have to click a permission popup when connecting to bluetooth to allow contact and call access

[TedDoesntTalk]

Same on iOS.

[hef19898]

But then you have Android Auto getting full access to the cars OBD. One more reason to use Bluetoth, but Googpe, and I assume Apple as well, aren't any better.

[pragma_x]

I dug into the article, specifically the Nissan section. It reads like the car itself _could_ be gathering information on its own. IMO, the Nissan phone app is the more likely culprit here.

Unless there's something wild going on with XM, or there's a WiFi backdoor, the only other way the car is getting data out is over OBD2. And that's all engine, tires, and performance stuff: https://www.amazon.com/Turbo3-Leaf-Spy-Pro/dp/B00PMLTPN0/?ta...

Edit: OH. Looks like there's Over-the-air updates on some models. https://www.nissanusa.com/connect/features-apps/over-the-air...

> The wireless features in your vehicle, including Over the Air Updates require use of your in-vehicle modem (if equipped). While Over the Air Updates are being made, some other wireless features may be unavailable or may require a wired connection. Please see FAQs for additional information.

[9g3890fj2]

Interesting. I've never connected my car to my wireless network and I've never used the Nissan app. I think I used a burner email when setting things up, but that was years ago so I don't remember the details. I'll see what happens if I try an OTA update later today and report back.

[Grazester]

The hell! You got a 2015 Nissan with Android Auto? I got a 2017 Infiniti that some trims did even come with Bluetooth, needless to say none had carplay or Android Auto. Damn you Nissan.

But I bought that car because its something for me to tinker with and I plan to replace that proprietary head until with an after one. And also use an Arduino 4 inch LCD to tap into the Can bus to show Hvac settings.

[LegitShady]

doesn't say android auto, just the nissan bluetooth. it has voice commands and can access your contacts if you let it, so you hit the talk button on the steering wheel and say "Call Bob D" and it will call, etc. It's kind of jank. same thing with reading out received text messages while driving.

No android auto required.

[DrThunder]

I don't think android auto even works on graphene anyway.

[9g3890fj2]

Just regular Bluetooth, Android Auto and CarPlay are no-gos for me. I want less connectivity, not more.

[catlover76]

When you connect a phone to most cars via Bluetooth, the call and general audio permissions are separate from text message and contact info. So for example, in my mom's new car, I connect my phone so that when I drive it, I can take phone calls and listen to music. But for example it can't even display the contact name of contacts who call me, because it doesn't have access to that, so it just displays the phone number.

[giantg2]

Yeah, it's usually a cell module (older ones were 3G). Many times it's on its own daughter board and you can disconnect the bridge to the main board, or otherwise unplug it so it can't communicate with the car or towers. I did that to my car that has OnStar and the Bluetooth etc worked fine, but it couldn't transmit/connect to any network.

[birch]

I always wonder to what extent those opt outs actually do something. I remember reading about the “unsubscribe” button for emails that never really did anything.