[nurple]

> Even after the modem is removed, if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota. However, if you use a wired USB connection then it does not do that (see the discussion here and elsewhere), so I exclusively use CarPlay via USB.

The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.

They are both very cagey with how they talk about this (or don't).

[embedding-shape]

And once you've gotten rid of Google and Apple, your telecom company tracks you, your CC payments help track you and even cameras in public do.

It's hard to not want to throw your hands in the air screaming "whatever" when almost everything you use in public is somehow used to track you either as you move around, or in the future.

[dualvariable]

This is one of those things that can't ever be solved with individual solutions but needs to be solved through legislation and standards, and ideally a fundamental right to privacy (and a fundamental redefinition of what privacy means when it comes to corporate surveillance of individuals).

[frumplestlatz]

Your point is aptly demonstrated by the article — the car may still use tethering via Bluetooth to exfiltrate your data[1]. The workaround of always using a wired connection is both inconvenient and unreliable — the same facility could be added for wired connections at any time.

I would like to see some form of IP/property rights applied to user data, with treble damages for willful infringement.

The entire concept of collecting user data and calling it “telemetry” needs to be abandoned — including (especially) in the software industry. Collecting any user data ought to be something that makes corporate lawyers nervous.

Unfortunately, I expect that to happen roughly after hell freezes over.

[1] I couldn’t confirm that any car currently actually does this. Hypothetically, iPhone tethering is possible over both USB and Bluetooth if personal hotspot is enabled.

[GJim]

Needless to say, cars in the UK/EU have no such privacy invading features without an explicit opt-in thanks to sensible data protection legislation; including the GDPR.

The FUD spouted on here by the scummy adtech industry about legislation to protect YOUR privacy is mind boggling. These are the people doing the digital equivalent of sniffing your underwear to work out what you had for breakfast.

(And before somebody shouts FUD about the UK/EU vehicle eCall 112 system, that certainly doesn't track you or seek to invade your privacy on any level!)

[monegator]

>cars in the UK/EU have no such privacy invading features If you say so.

Maybe if you buy the car with cash, but if you finance it you are leasing from a company that has definetly accepted all the terms and conditions to capture and sell all the telemetry to various parties

>without an explicit opt-in

check out at a modern volvo/audi/whatever, they are making it so difficult to say no every single time the screen is powered on

[tpm]

In addition to the eCall system, note there is also the mandatory OBFCM (On-board Fuel and/or Energy Consumption Monitoring Device), that data is then downloaded from the vehicles using OBD during checks.

The data is anonymized and you can opt out, but many people probably don't know it's collected in the first place.

[SV_BubbleTime]

> Needless to say, cars in the UK/EU have no such privacy invading features without an explicit opt-in thanks to sensible data protection legislation; including the GDPR.

Automotive EE here... You are completely wrong and your rationale is based on misunderstandings of the laws.

I have absolutely no idea how the laws work either, we’re the same. But, I promise you every single car in the EU with GPS and cell is reporting telemetry. Every and all.

[GJim]

Replying to my own comment to inform the reader that the fluctuation in moderation points I'm seeing is frankly, extreme! It looks like my parent comment has really touched a nerve here on HN: Privacy supporters Vs Adtech supporters, or maybe those who believe in rule of law, and those who think they can do what they like with others private data.

[M95D]

> (And before somebody shouts FUD about the UK/EU vehicle eCall 112 system, that certainly doesn't track you or seek to invade your privacy on any level!)

How do you know?

BTW, the checking all the opt-ins is usually the first thing the sales person does when selling a new car.

[golem14]

I'm tempted to say "oh you sweet summer child", because it seems just unbelievable that the statement is true (in the sense that the small print in rental cars and sales contracts doesn't allow it, ot it's done by law enforcement agencies surrepticiously).

But maybe it IS true. I know it's legally mandated.

[GJim]

> it seems just unbelievable that the statement is true

So do you think UK/EU vehicle manufactures are deliberately in mass breach of data privacy law... fully knowing the cost of a consumer backlash, fines and vehicle recall costs to fix any law breach?

Really?

It's genuinely amazing how many Americans on here (a tech news site!) are unaware of data privacy law and expectations outside their homeland.

[jaapz]

> So do you think UK/EU vehicle manufactures are deliberately in mass breach of data privacy law... fully knowing the cost of a consumer backlash, fines and vehicle recall costs to fix any law breach?

They were also in mass breach of vehicle emission laws. The fact that there was some backlash (although people didn't really stop buying VAG cars), people got prosecuted, the company got fined, didn't really change their decisions while they were pumping out fraudulent cars.

Yes, we should have privacy laws like this in the EU, this is a good thing! But thinking that, when these laws are in place, all companies magically will follow them is naive. To them it's still a cost/benefit analysis, and history has shown short term benefit trumps many other things for these companies.

[golem14]

I really do think there is a good chance that say MI5 or the BND or the DGSE flagrantly ignore the law to catch non-national evildoers, just as much as in the US. The temptation to do this 'in the name of security' is very high.

Of course, I can't or won't prove it.

And yes, I am _intimately_ familiar with the GDPR and other laws and regulations. The US also had (has) wiretapping laws that would have prevented snooping on Americans.

I'm not claiming the EU is no better than the US, it clearly has better intentions. But fundamentally, I think the EU will end up in the same place as the US sooner or later, simply because the same forces are at play: desire for security >> desire for privacy for most people if the rubber hits the road.

Here's some fun read for those who seek more info:

https://www.politico.eu/article/germany-privacy-watchdog-sid... https://www.bnd.bund.de/EN/Service/PrivacyPolicy/privacypoli... https://www.lexxion.eu/?newsletters_method=newsletter&id=477

[sailfast]

Yes.

Or, more succinctly - they are likely following the law but have figured out a way to avoid it as written using consumer opt-in and dark patterns.

You call it FUD, but this is hacker news and with overwhelming incentives it is not unreasonable to ask for verification that data isn’t being exfiltrated.

[idiotsecant]

Its quite easily solved. Stop buying them. There's lots of cars out there that don't have these fun features. Buy them.

[simplyluke]

> your CC payments help track

Not only that. Them and the point-of-sale vendors (aptly shortened PoS), sell that data. They tend to attempt to do this anonymized. How successful they are in anonymizing that is very much so up for debate.

The websites (and even their retail locations) you buy from send your purchase data to meta and other advertisers directly via APIs so they can better track their marketing conversion rates. You can browse their APIs [1][2] to see what kind of data they like to get, but it tends to be every piece of identification they have on you. Rewards programs make this a much richer data set. You don't need to be a user of Google/Meta for them to build a marketing profile based on this. Google links your physical conversion from ads based on your maps data. Facebook does the same if you give them your location data. Many retailers attempt to use the bluetooth/wifi signals from your phone to track the same data even if you pay in cash [3].

There's no legal framework preventing this outside of the EU and California.

1: https://developers.facebook.com/documentation/ads-commerce/c... 2: https://developers.google.com/google-ads/api/docs/conversion... 3: https://www.nytimes.com/interactive/2019/06/14/opinion/bluet...

[lesuorac]

> They tend to attempt to do this anonymized. How successful they are in anonymizing that is very much so up for debate.

Yeah I think the big thing to push or talk about is that there is no such thing as "anonymized".

There's only such as a thing as "can only be identified as X many people". Like for a given dataset you can make any data point correlated to 1 of say 50 people. If somebody is anonymizing data and they don't provide a k-anonmizity [1] you should just assume it's 1:1 and effectively not anonmized.

[1]: https://en.wikipedia.org/wiki/K-anonymity

[BobaFloutist]

I know it wouldn't fix everything, but I think it wouldn't be a bad start to just make it generally illegal to deanonymize data that was collected with the promise of anonymity.

[bamnet]

K-Anonymity isn't the only technique. Differential Privacy is arguably more robust.

[orthecreedence]

> They tend to attempt to do this anonymized. How successful they are in anonymizing that is very much so up for debate.

    let anon_id = md5(SSN);

[like_any_other]

In the good old days, if you were found to be informing on your neighbors to hostile powers, you were liable to find yourself in a mass grave when the political winds shifted, or even sooner.

But now it's so convenient and discreet and common, we think nothing of it. Plus, Google and Apple and Facebook and their partners and everyone they sell data to are our friends, not enemies :)

[brikym]

A friend used to work in ad tech years ago. The telecoms sell real time location data to digital billboard companies which are targeted at whoever is nearby. It's basically minority report. I can definitely imagine they're now using visual processing and face recognition on the billboards.

[everdrive]

Nonetheless I'll still try to maintain what privacy I can.

[B1FF_PSUVM]

You do you, John C. Calhoun of Minerva Road, Springfield, CO.

An agent will be shortly with you to assist in that endeavor.

[kQq9oHeAz6wLLS]

> An agent will be shortly with you to assist in that endeavor.

In some parts of the world that's a death sentence for the target. In other parts, it's one for the agent.

[B1FF_PSUVM]

Oh, please. We're not cavemen here. A little coaching on internet best practices, a dash of psychological assistance, perhaps a girl scout cookie or two ...

[drnick1]

> And once you've gotten rid of Google and Apple, your telecom company tracks you, your CC payments help track you and even cameras in public do.

Maybe, but what happens without the mod described is that Google and Apple track you in addition to the telecom company. That, of course, assumes that you carry a cell phone tied to your identity. Some people refuse to carry cell phones altogether because of the privacy implications, or use them mostly in airplane mode with an anonymous SIM for backup.

[abc123abc123]

True, but we must not let the perfect be the enemy of the good. I don't own a smartphone, so neither google nor apple track anything about me that way. I leave my dumbphone at home when I'm out and about, so it basically works like a traditional landline phone, again, no data there (except for phone calls and textmessages of course).

My car is old, so no gps/trackers there, but this is troubling of course. I think that if/when I buy a new one, it has to be either some vintage car, or I have to find a workshop who can rip out all the tracking.

CC payments can be mitigated by paying cash, when available. But yes, CC and bank are a concern and so is CCTV.

[HeyLaughingBoy]

Whenever these "privacy concerns" come up, I can't help but remember Elf Sternberg (whatever happened to him?) mentioning in 1998 that online privacy was a lost cause because everything you did was in a database somewhere. The only thing that's changed in the intervening 28 years is that we produce even more data.

[HeyLaughingBoy]

> (whatever happened to him?)

He's apparently now better known for other aspects than his insights into large databases!

[jazzyjackson]

I use a googleless flip phone and just don't do anything important on it, and leave it behind often. We didn't always carry tracking devices with us, you can choose not to.

You can also buy an older car that doesn't come with a SIM card installed.

[abc123abc123]

This is the way! But note that telcos are working hard to ban dumbphones from their networks. There is a clear push to force people to dump dumbphones and accept the digital surveillane device.

Should that happen, I will move to a VoIP provider. Not perfect, but better than a smartphone.

[port11]

It’s still worth minimising how many companies get your data, and minimising the data itself. I’m not sure what data Apple and Google get specifically out of their car thingies, but it’s very easy to avoid using their car thingie.

[zekyl314]

Exactly, and more and more places are removing cash as a payment option :(

[razakel]

Cash handling isn't free, and for smaller businesses might actually end up being more expensive than accepting electronic payments.

[bigfishrunning]

If your margins are so razor thin that the cost of handling cash is significant, you need to raise your prices. Cash is legal tender -- not accepting it for in-person transactions is really shitty (maybe shouldn't be allowed?)

[9x39]

> you need to raise your prices.

And if the competitor doesn't? Ouch.

I think there should be a "digital equivalency act" or something to hamper full digital capture, but my feelings aside, there's a few powers that dislike cash:

Free people like cash, but businesses with low-skill/low-trust workers dislike cash because despite the CC fees, there is less theft, less overhead with cash reconciliation, cameras to watch cash with, less safes to manage, less cash pickup services.

The IRS hates it because there is a cash industry (as there should be, imo, but I'm injecting too much opinion already) that doesn't report earnings. I personally know barbers, housecleaners, handymen that admit to reporting no or few earnings, and synthesize a living off cash and benefits. If you stop paying taxes, this actually works pretty well compared to a low-end tax-paying job. My housecleaner takes overseas vacations (like, thrifty ones in hostels) 2-3 times a year this way.

Banks (arguably the IRS again, deputizing them with KYC) squint at you when you deposit or withdraw significant cash - ask any weed industry participants. Untrackable currency is a natural catch-all for people they don't want to bank with, so it's just friction and headache naturally.

[leothecool]

You can't even get coins counted for free at retail banks anymore. Cash handling is too expensive even for the place that ostensibly provides cash handling services to the general public.

[speed_spread]

Just make all your prices round up to the nearest dollar bill after tax. Eliminate coins at the source.

[whamlastxmas]

It's not about "just raise prices", it's about some industries (e.g. upstart restaurants) that already have massive failure rates and have hyper competition. Even airlines don't make money on flights, and instead only on selling credits cards or other perks.

If your operating costs are some percentage higher for accepting cash versus the coffee shop across the street that doesn't, you're more likely to fail.

[bigfishrunning]

If everyone has to accept cash, then everyone has the same costs and the point is moot. At any rate, courts are required to accept legal tender, and I think that requirement ought to extend to businesses as well.

[underlipton]

The real problem for those businesses is way upstream of payment processing costs, namely in the cost of business loans, the general poverty of the American consumer, and (for brick-and-mortars) zoning. The latter is a matter of getting municipalities to relax restrictions put in place mid-century literally to support segregation, and the former two are a matter of forcing the wealthy to eat the costs of their poor decisions from the last few decades, rather than continuing to allow them to socialize related losses through avenues like scandalously low labor pay vis a vis productivity and various investment/asset market scams (which, through housing and passive retirement investment, they've roped in Boomers and older Gen-Xers).

If you wish to make an apple pie shop from scratch, you must first invent an economy that isn't hamstrung by legacy obligations from ventures that people who are long-dead somehow were allowed to finance with your paycheck. (Somewhere, a middle-aged nepo-baby is clutching her pearls at the thought, and I just think we should cherish, rather than shy from, the opportunity to throw her and her siblings under the bus.)

[razakel]

"Legal tender" only means it must be accepted to settle a debt.

[rdiddly]

Walking out of the store with groceries generates a debt, no?

[fragmede]

You can't go into a store with a gun and demand the cash out of the register if there is no cash.

[skrtskrt]

The actual cost is shrinkage from general human accounting mistakes and all the extra time it takes to manage.

I worked at the gym in college and we sold like one item a day and it was still a whole bunch of work and pain to keep up on the cash counts correct.

I definitely believe that all businesses should take cash as much as is reasonable, but logistically it is understandable why some choose not to

[bigfishrunning]

You shouldn't do that anyway; also, you can't skim a credit card I'm not using/carrying. There are crime arguments on both sides.

[Dylan16807]

Handling cash isn't free, but $0.30 + 3% or whatever is also a significant distance from free.

[asdff]

At least you can shut your cellphone off and pay in cash.

[asdefghyk]

RE .... company tracks you ..... [ somewhat off topis ]

Did you know ... in many countries government tracks car number plates and the data is stored for many years.

[kyleblarson]

1987 4runner, no phone, use cash.

[King-Aaron]

I have heard whispers at times that people who operate 'off grid' like this end up being viewed heavily as persons of interest.

Anecdotally via friends in law enforcement.

[kyleblarson]

I live in Idaho so I don't think that's much of an issue.

[HeyLaughingBoy]

You live in ID and you still have an 87 4-Runner that hasn't fallen apart from rust? I'm doubly impressed.

[techdmn]

Increasingly headed in this direction. Already have the old Toyota and use cash. I've been saying for years that advertising ruined the internet, we're getting to the point where surveillance is ruining computing.

[Henchman21]

Perhaps it's time to give up some convenience for old ways, eh?

[rkagerer]

Is there any information about precisely what vehicle telemetry they capture and retain?

I know the laws are far from perfect, but isn't there some legislation compelling them to disclose what they collect?

What specifically would be the most relevant law/regulation? (If it varies by geography, pick any major market, eg. California, that is big enough to impact their engineering design and the content of published material). You mentioned they're cagey, and my aim is to examine if there's a gap between what they're supposed to disclose and what they do, which could be rectified by litigation. Eg. If they just say "vehicle telemetry" that doesn't tell you much, and I'd happily contribute to an EFF effort to get them to elaborate.

Alternatively someone who works close to this code could provide some examples of what a "typical" smartphone OS platform collects these days.

[pbhjpbhj]

GDPR should work to get a copy of the data, also it would only be allowed to be collected with explicit permission -- I'm assuming that data about your car is PII about you.

[KennyBlanken]

Generally speaking the author seems to wave a bunch of conspiracies around without the evidence to support it, or frankly, much technical knowledge.

The author seems unaware that in iOS you can uncheck nearly every single location usage the OS and Apple Apps themselves collect.

On iOS not only can you shut off things like traffic reporting while using Maps and cellular/WiFI/Bluetooth data collection...unlike Google, Apple will let you use those services without requiring you contribute to them.

[mmooss]

> the author seems to wave a bunch of conspiracies around without the evidence to support it

The author provides links at the top to credible reporting on relatively well-known privacy concerns.

[happyopossum]

> They are both very cagey with how they talk about this (or don't).

No, not really - at least not apple. They are very clear on what CarPlay’s privacy stance is, and they’ve got privacy white papers on pretty much everything:

Eg. https://www.apple.com/privacy/docs/Location_Services_White_P...

Again, at least on the apple front this comes off as a ton of “stated without evidence “

[nurple]

Please provide a reference to the page that talks about the data that carplay collects. There are zero hits for "carplay" in that doc.

I have done extensive research into this, and Apple provide basically zero information about what information carplay collects about your vehicle.

Location data isn't the only kind of data that your car feeds to your device through the carplay connection.

[like_any_other]

What does a user see when enabling CarPlay on their iPhone, and not browsing apple.com for random .pdfs?

[drnick1]

You need GrapheneOS to sever the link to Google. You can also deny specify apps and services Internet access.

[MSFT_Edging]

Is android auto still available with Graphene? AA is genuinely one of the few life-changing features introduced in the last decade that I'd prefer not to go without.

[subscribed]

Yep and works flawlessly via USB for me. That was a deal breaker for me for the longest time too.

Allowing it to connect over Bluetooth requires granting AA plenty of additional permissions which I didn't want to do (but hey, on GOS at least you can muzzle that thing).

[throw_a_grenade]

Mostly works, some stuff doesn't. The worst thing that doesn't work is alternative maps (e.g. OsmAnd).

[Quentangle]

Organic Maps works. I have not tried any other alternative. You may have to enable developer mode in the Android Auto settings, then enable Unknown Sources in the developer settings.

[wing-_-nuts]

I like the idea of graphene, but I worry my banking / brokerage apps wouldn't work anymore and that'd be a deal breaker

[drnick1]

The Graphene community maintains a list of compatible banking apps.

Another possibility is to keep an old/cheap, stock Android phone at home with WiFi only for apps like this.

[monkpit]

Doesn’t that defeat the point of using an app at all? Use a computer at that point.

[drnick1]

No, because some apps are mobile only, and only work on phones "certified" by Google or Apple.

[RussianCow]

If you need mobile check deposit, you can only do that from a mobile device.

[nurple]

Yes! I run graphene, but still don't connect it to my android auto capable car.

The ability to control network connectivity for apps (and sensors) is really the killer feature for me. Maybe I'll give android auto a shot if I can figure out how to keep it from outside comms.

[Angostura]

Standard Carplay is essentially an additional screen for your phone - your existiing privacy settings carry across. What's your concern?

[vk6flab]

Unfortunately that's not quite true, since the "app screen" on the media display during Android Auto use has an additional "Toyota" icon that AFAIK isn't coming from my phone.

What's more concerning is that it's entirely unclear exactly what information is shared over the Android Auto link, in my case, over Bluetooth.

[tadfisher]

There's a protobuf-based API for two-way communication between the Android Auto app and the head unit [0]. It depends on what the headunit supports, but this includes data such as GPS location, steering wheel button activation, accelerometer data, parking brake activation, gear selection, touch screen input, dimmer switch position, odometer, and much more.

A lot of this has obvious use within the AA interface; for example, the parking brake position is used to prevent scrolling too far through lists, and the car's GPS is usually much more accurate than the phone's and better on the phone battery.

0: https://github.com/f1xpl/aasdk/tree/development/aasdk_proto (pretty old reverse-engineering effort)

[hamburglar]

One of the things I notice CarPlay has access to is the fan speed. In one of my vehicles, when I say “hey siri” it turns the HVAC fan down so it can hear me better. I’ve always wondered if the interface is the phone telling the car “hey make things quieter” or if it’s explicitly turning the fan down. It’s also interesting that this only happens in one of my cars. I assume it’s because the other car is a higher end vehicle and has a quieter fan.

[dmitrygr]

In GM cars (as observed in my last few), the logic is in the head unit: "mic on -> hvac lower", while "hotword detect" uses a different "mic on" method that does not

EDIT, previously "does not" above said "doe snot", which explains the reply below

[addaon]

I'm sure it's not great, but deer mucus is a bit of an extreme description.

[adestefan]

That icon is a "close Carplay/Auto" button. My Subaru has a Subaru button; my wife's Mazda has a Mazda button.

[gruez]

>if you connect your phone to the car via Bluetooth then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota

Source? Can bluetooth devices do that without the user's knowledge?

[MRPockets]

I assume that the original article statement is referring to connecting to CarPlay/Android Auto wirelessly, not simply connecting via Bluetooth for a speaker-type setup. But I do not know that this is the case. Certainly, I would assume all privacy bets are off if you connect CarPlay/Android Auto in any manner.

[jklinger410]

> then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota

How?

[colordrops]

They are probably confusing google auto with bluetooth.

[brg1007]

On Android there is an option called "Bluetooth tethering - Share phone's internet connection via Bluetooth" . If it is On and you are connected to the car's bluetooth it will have internet access via your phone.

[jklinger410]

I'm suspicious that the car's system can do this. I don't think we should be assuming your car can tether internet through bluetooth until we see someone snoop Toyota-bound traffic being routed through their phone.

[kccqzy]

That's Bluetooth PAN. I would be very surprised that a car will implement this profile.

[nullify88]

I have a 2025 Renault 4 etech and I frequently enable bluetooth thethering so I can access Spotify, HBO etc via the in car entertainment system (It runs a flavour of Android called OpenR Link) , not via android auto. Though I frequently need to enable the bluetooth tethering setting on the phone before the profile can be activated via the cars paired devices menu (where you can select other profiles such as Audio, calling, etc)

While the car has a sim card already, I can't use it for general purpose apps without a subscription. Only updates, remote control and I suppose telemetry.

I usually opt for choosing a bluetooth tether instead of wifi since I already establish a connection for calls, or music / audio books.

It isn't hard to imagine Android being able to transmit vehicle telemetry via the same means.

[mapkkk]

Volvos also have this. At least my 2021 xc60 did.

[phony-account]

> The problem with this is that both carplay and android auto capture their own vehicle telemetry. So even though the car is not able to use your phone as a general data pipe, Google and Apple still get access to this data when you're connected.

Do you have evidence or a citation for this? Or is it just the sort of statement that’s made in the pretty certain expectation of upvotes on HN?

[platevoltage]

I would have liked to have seen this citation too instead of seeing you get downvoted.

[arkadiyt]

In a perfect world they wouldn't collect it either, but I'd rather Apple have it than the car manufacturer (or rather, only Apple vs both Apple and the car manufacturer)

[Projectiboga]

A 12v bluetooth to FM transmitter can at least give you tunes and a speaker phone feature.

[zackify]

I use android auto through grapheneos thankfully! this is crazy!

[b00ty4breakfast]

this sounds like donning a TNT vest to diffuse a bomb

[andrepd]

Can you clarify? Does it feed it bullshit data? Because android auto expects car telemetry data which it streams to Google's servers. Which is a big no-no for me for obvious reasons.

[piaste]

It doesn't stop Android Auto from doing whatever with the car data, but it's sandboxed to have no more default privileges than a regular app, so it can be denied access to your phone's data by default (apps, contacts, etc.). Wireless AA will only work if you grant it extra privileges; wired AA does not need them.

You can also "firewall" AA via something like TrackerControl, this would let you block connections to eg. Google Analytics servers without denying network access altogether (which would likely cause AA to stop working). I've only used AA with short-term rentals so I didn't spend too much time exploring these options.

[andrepd]

Fair enough. Streaming my location and an OBD dump to Google whenever I'm driving is a non-starter for me, so I'll stick with the aux cord!

[downloadram]

tracker control will be itself blocked by android auto, with a stonewall error DISABLE VPN TO USE ANDROID AUTO

not sure if this was caused by an OS update or an AA update because im certain it used to work fine

(not graphene, but friends otherwise stock samsung android)

[everdrive]

What about if it's just paired as an audio device rather than through an app?

[embedding-shape]

Don't get CarPlay/Android Auto that way though, so no navigation/maps for example.

[everdrive]

Sure -- I'm not asking a general question, but thinking about my wife's phone, which is paired as an audio device. It sounds like we're probably in good shape.

[Jblx2]

Are there any cars that support CarPlay/Android Auto that don't have built-in navigation/maps?

[embedding-shape]

AFAIK, every single one of those "built-in navigation/maps" either require the car itself is internet connected (with its own modem), or that you every year get a SD card with map updates to stick into the car.

I guess it's fine in an emergency, but I wouldn't want to use it day-by-day, the live traffic/road closure information in my case ends up saving us tons of time over the year.

[Jblx2]

It is also OK if you only use GPS 3 times per year.

[grokx]

Mine is from 2013. There is no longer map updates for the built in nav system.

So I bought an Android auto / Car play module that integrates with the car touch screen. Now I have up to date maps and navigation for ever. :)

[bigfishrunning]

My 2019 Subaru legacy supports auto and does not have built in navigation. The aftermarket dashboard display in my 2011 Ford ranger also supports android auto but has no built in GPS.

[vel0city]

Yes. I can't remember which cars (some base-model Hyundais I think) but I know I've rented a few that did have Android Auto but did not have any navigation included.

[hoistbypetard]

Mine (a US 2017 subaru impreza) supports both and doesn't have built-in navigation/maps.

[nullc]

> then the car will use your phone as an internet connection and send all the same telemetry data back to Toyota [...] so I exclusively use CarPlay via USB.

I would be concerned that a passenger connecting their phone to it while I was driving.

In other cars I've been successful picking up the relevant modules for peanuts from surplus/scrap then just desoldering the RF-active components (like bt radios, etc) and swapping them in. YMMV but if it doesn't work you're just out the cost of a junk part.

Even if some radio feature is benign its existence means that its hard to be confident that there isn't some other telemetry feature you missed. With no connectivity at all you don't need to worry that you missed something because you can monitor the car with a spectrum analyzer and observe its never transmitting.

Unfortunately in some newer cars you can't swap any modules without a dealer tool to pair the module to the car, presumably in a bid to prevent third parties from fixing the car (presumably preventing people from lobotomizing their surveillance isn't on their radar yet).

[internet2000]

I trust Apple more than I trust Toyota.

[sneak]

You shouldn’t. Apple preserves backdoors in iCloud encryption to enable warrantless government surveillance. They have no other option.

[willis936]

It's weird to hang up on this specific item because they do actually offer an E2EE icloud option. Lose your key: lose your data.

https://support.apple.com/en-us/108756

[sneak]

Nobody has it on, and unless BOTH sides are using it, your iMessage conversations are all readable by Apple, because they are backed up twice - one for each end.

This option is also disabled in the UK - an intentionally preserved backdoor for government access.

https://support.apple.com/en-gb/122234

[willis936]

Okay fine but I use it and so does everyone in my immediate family and we're not in the UK. So... you're wrong.

[dyauspitr]

Yeah, but at least for now they don’t have the power to remotely disable my car or jack up my insurance prices and I trust Apple 1000% more than any of the other random car companies do not sell my data.

[jonnycomputer]

How would they use my phone's internet? assuming no app is installed of course.

[downrightmike]

They are cagey because they get nearly $100k upfront with crazy interest rates, and then they make a ton of money through their spyware.

[pfortuny]

Honest question: what do you mean?

[downrightmike]

You pay inflated prices for the car and then they still steal and sell your data. This isn't hard to understand, same thing smart TV mfg do.

[Jblx2]

$100k is in Canadian dollars? I just added almost every accessory/package and option to the the 2026 GR Sport Plug-in Hybrid RAV4, and it came out to $55,821. If there were options that were nearly identical, I only added the most expensive one. So I only added one hammock ($340) and one of the Pelican Dayventure Backpack Cooler ($301). This includes the dog first-aid kit, and the human first-aid kit. Maybe all the options will come through this link:

https://www.toyota.com/configurator/build/step/summary/year/...

...maybe there is a lot of dealer markup in your area?

[slumberlust]

While I agree with your outrage at cars, at least smart TVs get cheaper as they supplement the revenue stream w/ the data brokering options. Non-smart TVs cost way more.

[epicide]

I think you mean "subsidized" instead of "inflated".

[Rooster61]

No, they meant inflated. Cars are quite expensive right now, and dealers are notorious for raking in cash through financing. If they were subsidized, prices would be lower to increase user base, as in the aforementioned dynamic present in the current smart TV market.

I think the inital point was that car manufacturers/dealers are double dipping through initial cost/interest AND data harvesting.

[alext5]

Both an high end tv or a car are expensive items where the manufacturer shouldn’t be making additional income on your personal data.

A free 55 inch tv supported by ads would be subsidized. A big ticket item price likely does not change even if it intrudes on your privacy and the manufacturer makes additional income on your data. In that sense it’s not subsidized it’s just greedy business practices.

[funimpoded]

I haven't had any insight into the industry lately, but did work for a company in that space several years ago.

Most (all?) ordinary TVs, plus things like Roku streaming devices, are sold essentially at-cost. The profit comes from ads and information-brokering stuff. This makes it basically impossible to break into the market without doing the same thing.