back to article Porsche-gate: Android Auto isn't slurping tons of engine data, claims Google – but questions remain

Google has flatly denied that its Android Auto car dashboard software slurps too much information from vehicle engines. It was earlier claimed that Porsche snubbed the system because it was shocked by the alleged data gobble. Google convinced many automotive manufacturers to use Android Auto for their in-car entertainment and …

  1. edge_e
    Facepalm

    FTFY

    Users opt in to share information blindly click through the important bits so they can play with Android Auto

    1. SuccessCase

      Re: FTFY

      Someone really needs to teach The Register about the art and craft of non-denial denials. They have fallen for Google's response hook line and sinker. What Google's statement actually said was:

      "We take privacy very seriously and do not collect the data the Motor Trend article claims such as throttle position, oil temp, and coolant temp. Users opt in to share information with Android Auto that improves their experience, so the system can be hands-free when in drive and provide more accurate navigation through the car’s GPS."

      Years ago I worked in a corporate PR department and I can guarantee you every nuance and clause of that statement will have been considered by lawyers. From a company like Google, you can *always* analyse such statements as a careful exercise in deliberation.

      1st They have said "The" data, definite article. Which means anything that doesn't quite match the Motor Trends article, even if largely overlapping does not count. Secondly, saying "such as" makes it sound like they are talking about all general cases, when coming after the definite article, it isn't saying they don't collect each of those things in any combination, but only that they are examples of the kind of data in the definite set of which they are not collecting. A very, subtle but important distinction.

      2nd and more importantly, the statement "users can opt in to share information" is a non specific way of indicating data collection practice is modified by user choice and is compatible with them in fact collection of the data after that point. The fact you have to opt in for Android Auto to become useful is then the salient point.

      Contrast with "we do not collect any of the data the Motor Trends article says we do." Shorter, clearer, almost certainly not said for the reasons given!

      1. wyatt

        Re: FTFY

        Some PR departments are very good at mis-direction. My wife recently had a battle with a small Commercial Gas/Electric/Internet company who conned her into a contract. During the process of getting the contract annulled, they sent some very interesting letters which when you calmed down and read them said quite a bit which they probably didn't want to!

        Needless to say, any response from a company is now read and dissected to find out what they 'really' mean.

        1. SuccessCase

          Re: FTFY

          Yes when you learn to spot them they stand out.

          One very clear instance just recently was Cameron's response to Andrew Marr on the Ashcroft Story. He just referred Marr to an earlier "clear statement addressing this" which was actually a carefully crafted non-denial denial statement, thus he tried to give the impression he had addressed it, when he hadn't ! The non-denial denial playbook. Except he did it quite badly, and needed to appear irritated as though "look I've gone to the trouble of issuing a full statement and you're still asking me, just do your job properly man and read the statement" That would have worked a bit better. Instead he looked a little sheepish.

          The other person who used the same tactic (actually more effectively at the time) was a certain lib dem who ended up in prison for passing off his speeding ticket as his wife's.

      2. Anonymous Coward
        Anonymous Coward

        Re: FTFY

        The original article of defence by Porsche didn't stack up at all though. The data Porsche were talking about is already available (by law) through the OBD port. Therefore all their 'super secrets' could be gained by just hiring or borrowing the car for the weekend and collecting the data, as Porsche already knows.

        Google has enough cash to buy a number of the cars and dissect them if they really wanted more data on the way they operate as well Porsche knows.

        Porsche also know that Google are unlikely to be creating a 'competing' car to Porsche, especially one that they would need the OBD data to produce.

        There is very little also that Google could gain from the OBD interface that is *that* private to an individual, over and above what is already collected anyway. Android, Microsoft and Apple all use location services that can track you current location and can already detect your current speed using the phone itself - unless you disable the GPS and location services, but I'm sure most people wouldn't. Therefore the fear is that the data from Google could be used in the event of an accident for Police evidence, however most of this data is already stored by high end manufacturers in a black box in the car which can be accessed by the manufacturer.

        OBD data is also very useful for an integrated device to have. If you've ever connected bluetooth OBD adapter to your phone and run Torque for instance, the displays and data you can retrieve are great (as well as having some useful diagnostics).

        So the best point is about security and the issue with malware - however many cars have already shown this to be vulnerable recently via the infotainment already installed. At least it would be possible to disconnect the phone if this issue was discovered with Android Auto or Apple's car play and received an OTA update - something you can't normally do with a normal system.

        I suspect that this is just some deal with Apple, that included some push by someone to leak a statement about data privacy as Apple seem to be trying to make a comment about this every opportunity now (similar to how Microsoft did previously with their scroogled campaign). Either Porsche or the magazine has been dragged along into as well.

        1. Muscleguy Silver badge

          Re: FTFY

          We have a friend from university who created a company that makes and sells new engine chips for hot Honda hatches that makes the full range of the V-Tech engine available. He did it by reverse engineering the standard chip from a bought Honda.

          They have since helped out the Honda racing team and now get the necessary info from Honda. But the point is that even without modern buses such things can be had if you are determined enough.

        2. LeeV

          Re: FTFY

          "Therefore all their 'super secrets' could be gained by just hiring or borrowing the car for the weekend

          and collecting the data, as Porsche already knows."

          The problem is that the 'data' is meaningless gibberish until you put a lot of effort into test samples while the doors/bonnet/boot are open/closed, driving at low/medium/high speed, with high/low revs, indicators on/off, etc/etc/etc/etc.

          Having lots of data collected over a weekend is fun, but it won't tell you 'all the secrets'.

          Also 'all the secrets' are very much dependent on the manufacturer and change between models, and even revisions of the same car...

      3. Fitz_

        Re: FTFY

        "Someone really needs to teach The Register about the art and craft of non-denial denials."

        I just find it curious the totally different style of writing. If it was specifically Apple doing this, the story angle would be ridiculous hyperbole about how the world was ending and how it was all Apple's fault with a negative spin on literally anything at all, no matter how insignificant.

        1. DavCrav Silver badge

          Re: FTFY

          "I just find it curious the totally different style of writing. If it was specifically Apple doing this, the story angle would be ridiculous hyperbole about how the world was ending and how it was all Apple's fault with a negative spin on literally anything at all, no matter how insignificant."

          No it wouldn't, because Apple don't send The Register statements at all, bullshit ones or not.

        2. Darryl

          Re: FTFY

          Oh please. In the article about Apple and Ferrari the other day, there wasn't paragraph after paragraph about how Apple *could* be hacking the cars and *might* be able to do this and the option *exists* for them to do that.

          I really hate it when the iFans manufacture reasons to get offended.

          1. DougS Silver badge

            Yes, data Porsche is data talking is available via ODB, but...

            The key here is that Google would be collecting it from millions of cars eventually. They aren't going to convince millions of people to connect a doo-dad to their ODB II port, then download the data off it to Google.

            That sort of data has more value the more of it you have. Porsche doesn't want to just hand it over to Google and potentially advantage them.

      4. Indolent Wretch

        Re: FTFY

        Bah, no corporate PR or not.

        For a start the statement you've said is shorter and clearer and not given for reasons of evil also contains the term "The Data".

        If you read the first part of the google statement it basically states exactly the same as you've said "do not collect the data the Motor Trend article claims" they then use "such as" and give examples. Your clearer shorter statement claims exactly the same thing just doesn't have the examples attached. Providing a subset of examples in no way legally limits the initial statement.

        Secondly the opt in statement is written such that it clearly doesn't provide a get out clause to the first one. "Users opt in to share information with Android Auto that improves their experience" in no way trumps "we do not collect".

        The nuance here is the word "collect". I think what Google want to allow is the information to go to the "phone" so that it can be used for fancy displays and other apps, eco-driving-assist app for instance. When Google says they don't "collect" that normally means that even if they've got it it will not be sent to the cloud and won't be saved on any database.

        Thirdly, the phone has got my GPS location, my contacts, the data of all my texts, emails and phone calls, and a run down of my awful taste in music. Why the hell should I care if they know what my oil temperature is, I can think of plenty of reasons why I might want them to know.

        This is all about Porsche being scared of competition, nothing else. However then despite that wariness they've been blinded by the shiny and trusted Apple instead. Flids.

  2. Charles Manning

    All cars have split CAN buses

    CAN packets are prioritised, meaning it is possible to completely DOS a bus through sending high priority messages - that will never allow low priority messages to get through. There is no "fairness" policy etc.

    You certainly separate the engine control stuff from the body electronics. Any bridging between these is done with a gateway of sorts (think firewall). This limits what data can flow between the buses as well as the rate packets can be sent.

    Even when you attach diagnostics (OBD2 etc) that will be via the bridge preventing the diagnostics tools from trashing the engine bus.

    It is also very common for the different buses to have both different bit rates and signalling levels. There is no point in having high speed CAN buses (1M etc) for opening doors, switching on lights etc etc. There is good reason to have high speed in the engine to reduce latency.

    So where does a Google device sit on the bus(es)? Clearly not on the engine bus. Most vendors would only allow it to be attached to a dedicated bus so that the bridging can be managed into the rest of the vehicle.

    Nothing new to this - that's how CAN buses have been set up "forever".

    1. Paul Crawford Silver badge

      Re: All cars have split CAN buses

      That sounds sensible. But what happened with Jeep's hacking via entertainment system? Seems someone was not thinking security through at all.

      As I have commentarded before, its time that in-car hardware and software was audited for this sort of thing and the results published ncap-style so you can choose to avoid dumb/misled designer's results.

      1. Indolent Wretch

        Re: All cars have split CAN buses

        Yep... let's hope somebody took better care with the Boeing 787

    2. James Micallef Silver badge

      Re: All cars have split CAN buses

      "Perhaps the audio systems are controlled without CAN bus access: the dashboard could connect the phone to the radio and speakers via a separate media-only network"

      If any carmaker is integrating digital entertainment systems (especially internet-enabled ones) and car controls, I would like to know who that is so I can forever shun them.

      "You certainly separate the engine control stuff from the body electronics. Any bridging between these is done with a gateway of sorts (think firewall). "

      I would jolly well hope that this is the way that things are done, but is there a way to know for sure? Car brochures are full of glossy fantasies, and I bet if you ask a dealer if the vehicle's primary CA bus is internet-accessible, you'll get in reply either a blank stare, or an enthusiastic yes because they don't have a clue what a CAN bus is and why it's a terrible idea for it to be internet-connected.

      1. Phil O'Sophical Silver badge

        Re: All cars have split CAN buses

        If any carmaker is integrating digital entertainment systems (especially internet-enabled ones) and car controls, I would like to know who that is so I can forever shun them.

        It's exactly what Jeep did. The 'infotainment' system needs signals from the CANbus for stuff like switching to the rear camera when reverse gear is engaged, blocking video playback if the handbrake isn't on, etc. The entertainment part was supposed to be firewalled off from the main bus, and only able to receive such data, but the hackers found a bug in the phone system that allowed them to remotely rewrite the firmware in the infotainment system so that it could effectively become a bus master. Job done...

        Even a CANbus-USB bridge of the sort described in the article is potentially open to such an attack, if there are bugs in the USB-side firmware.

  3. PsychicMonkey
    Terminator

    I would suggest....

    that Porsche choosing iOS had nothing to do with data collection, and more to do with brand. Lets not forget that Porsche is a premium brand and that Apple is seen as a premium brand, at a guess I'd say that the majority or Porsche drivers (as in new ones, not second hand) are probably iPhone users as well.

    Any connection questions aimed at Android can be also be aimed at Apple. They will, after all, connect to the same system.

    1. Indolent Wretch

      Re: I would suggest....

      High mark cars have always been about limiting choice wherever possible.

    2. big_D Silver badge

      Re: I would suggest....

      The problem is, the car will probably be around in 20 or 30 years time. How many people will still be using a 2015 iPhone or Android device that can still connect to the iOS or Android head unit?

      It needs a simple, open standard that just channels the input and output and works with any device.

  4. Voland's right hand Silver badge

    Perhaps the cars compatible with Android Auto have compartmentalized CAN buses so the audio system is blocked by a gateway from the engine control hardware – although reprogramming controllers on the bus to bypass these defenses is possible.

    Are you kidding me? That would require a level of security awareness and defensive programming which you are not likely to find in an embedded software and hardware engineers in consumer (and vehicle) electronics space.

    They take pride in how much cr*p one can shovel to run in real time on one measly CPU instead of separating functions onto a couple of units and thus reducing the complexity. The end result is stupidities like a 50K car allowing you to program new keys with a 20£ gadget despite the fact that the alarm is activated and the car is supposedly in lock-out mode (hello BMW) and in more recent days connecting an unprotected fully opened CANbus implementation to the Internet with no security whatsoever (hello Crysler-Fiat).

    It is not that difficult to do a CAN to CAN translation and/or forego CAN as presentation on the USB altogether and lock-down the CAN in the USB-to-CAN controller (the car providing to the stereo USB presentation, not CAN as we know it). However, you are more likely to make all 3 faiths coexist peacefully on the Temple mound first before you make an automotive engineer design and implement this correctly as a security measure against an attack coming from the infotainment unit.

  5. Your alien overlord - fear me

    "Users opt in to share information with Android Auto that improves their experience," - so it sees I drive fast so it pops up quality ads saying I should buy a Porsche. Coolant running hot? I should consider a holiday to Sweden to keep my engine oil cool, maybe ordering through a Google advert ?

    As an aside, you can get bluetooth ODBC-II dongles and there are plenty of Playstore apps to read everything. I can't see why Porsche are complaining since I can stick my phone on the window, plug in a bluetooth ODBC dongle and read speed, revs, temperature without their sayso or indeed knowledge.

    1. Ben Bonsall

      As an aside, you can get bluetooth ODBC-II dongles and there are plenty of Playstore apps to read everything

      True- but you are unlikely to upload all the data to a central database to let people search, for instance, to prove from parking sensor data that all Porsche drivers really do drive so close to the car in front that it counts as automotive buggery...

      1. Richard Taylor 2 Silver badge

        Well they all just seem to race past me - guess a lowly Toyota is not worth tailgating

      2. petur

        "but you are unlikely to upload all the data to a central database"

        To actually use the ODB-II dongle, you need an app. Have you looked in the app stores how many of such apps are popular there? There are a few with *many* installs. And by that I mean several hundred thousands.

        Plenty of means to create that database, I'd say!

  6. Yugguy

    "We take privacy very seriously"

    Read my lips! No new taxes!

    The problem is that connected cars are very new and the average punter out there who picks up their new car will have no idea whatsover that it's connected beyond "oooh, dave, sweet, we can get facebook in the car now."

  7. Anonymous Coward
    Anonymous Coward

    Android Auto app or not

    Many cheap bluetooth devices and apps can link in similar ways to cars.

    The amount of telemetary cars emit is a lot more comprehensive than you would expect though.

    And yes, some feed back.

    Is this app special in some other way apart from being Google provided?

  8. LDS Silver badge

    I'm buying a new auto, and I guess I'll avoid too much integration...

    ... until I'm sure the systems are secure enough to avoid any bad interactions. Also, I'm interested to see how long they take to become obsolete - has it already happened for smartTVs. Having an integration that stops to work within two-three years is not acceptable.

  9. Uberseehandel

    OBD2 Connector

    Apparently these connectors are designed for infrequent use, as in when they are serviced and tested. Frequent connection/disconnection is likely to fatigue failure.

    Anybody who finds the OBD2 information interesting as they drive down the road needs to get a life, beyond its novelty value, it ain't that useful unless you are sufficiently trained to understand what is being displayed. I think it is Nissan which has displays of "interesting" data available, once the novelty value has worn off, they are rarely looked at.

    As far as Porsche choosing to go with Apple, well Porsche is part of VAG. VAG always needs alternative suppliers and they are traded off against each other.

    1. PNGuinn
      Boffin

      "VAG always needs..."

      VAG sure needs ANYTHING at the moment to distract attention....

      Or maybe theyr'e sacred that google will be able to get some dirty info on their emissions by the back door??

      OK, call me cynical if you want to.

  10. fandom Silver badge

    "the German automaker wasn't happy handing over these diagnostics to a company that is potentially a rival"

    And that's why they went to Apple.

    1. Fitz_

      ...Apple who are not over-collecting data. Carplay is only interested in if the car is moving or not so that it can restrict the controls to force the driver to focus on driving. It's not siphoning off all kinds of telemetry such as speed which could be used to convict you or push up the price of your insurance premium for example.

      1. Indolent Wretch

        Says you. Which version of Carplay are you talking about and which of the 587 pages of the terms & conditions indicates that may never change?

      2. fandom Silver badge

        If Google, or Apple, want to know anything about Porsches, or any order cars, they don't need to be sneaky about it.

        It's easier to buy a couple of them and fill them with sensors.

  11. Graham Marsden
    Thumb Down

    Sounds like...

    ... typical Android "all or nothing" permissions.

    1. Indolent Wretch

      Re: Sounds like...

      I don't think you can blame Android for the all you can eat buffet of data and the car bus.

  12. Anonymous Coward
    Anonymous Coward

    Business decision, the posers who buy Porches, are likely to be the posers who buy iPhones. They wouldn't want to soil their prize possession with muck like Android,that belong with us working poor.

  13. big_D Silver badge
    Facepalm

    Didn't Fiat (Jeep)

    Just demonstrate what a blindingly good idea it is to put the CAN-bus in contact with Internet connected devices?

    Security? Pah! This is way too cool to worry about safety!

  14. naive

    Apps from Google Play will ask for more data permissions in the futiure

    So next time one installs a new flashlight app from Google Play it will now inform users it needs to access

    - Engine data

    - Gearbox data

    - Other vehicle data

    - Vehicle control module configuration and settings

    This except from access to ALL data present on the phone which is by default required by any app from Play Store in order to run.

  15. Anonymous Coward
    WTF?

    But why?

    Other than the touch screen intergration my Winphone and i10 do all that anyway.

    Why does it need the CANBUS?

  16. CrazyOldCatMan Silver badge
    Devil

    "We take privacy very seriously"

    Specifically - that you have none. None whatsoever. All your informations are belong to us!

    Brewhahahahahahahaha!

  17. davidnixgop

    "...can the connected smartphone write to the CAN bus as well as read from it?"

    It seems that this could be a problem for Apple iOS as well. Who is allowed to write to the CAN?

  18. Anonymous Coward
    Anonymous Coward

    ODBII and your friendly government (NOT)

    For the record, New York State shares ALL the info on your ECU with Auto Insurers and the Tax Department.

    Why, because NYS MONETIZED THE DATA and gets PAID for it by the insurers or through increased tax revenue.

    Every car that has a required annual Vehicle Inspection and an OBDII port, sends the contents of the ECU to Albany.

    That includes mileage, highest speed and acceleration/deceleration among other things like if the ECU has been re-programmed for better speed, lower economy Air/Fuel ratios etc.

    You give up the right to keep that data private when you get a liscence.

    And you think Google is bad.

  19. Anonymous Coward
    Anonymous Coward

    worry over nothing

    It's not as if Google have form on over-collecting data.*

    *Except the occasional "one rogue engineer"

    1. PNGuinn
      WTF?

      Re: worry over nothing

      "It's not as if Google have form on over-collecting data.*

      *Except the occasional "one rogue engineer""

      So it's Big G 1, VAG 2 at least then, according to the latest arse covering statements from their senior management.

      Just waiting for the engineering department to use the Eichmann defence.

      Pass me some more popcorn.

  20. Unicornpiss Silver badge
    Meh

    Everyone is freaking out...

    But I have to ask, just how relevant is some of this 'super secret' information that may or may not be collected? I can see how throttle position and vehicle speed and RPMs could be used to determine (somewhat) if a person is racing their car, or (indirectly) possibly breaking traffic laws when combined with GPS, if analyzed to death, and if the data could be matched to a user ID.

    But what mayhem is Google or anyone going to do with data such as oil temperature or pressure? Determine that someone doesn't like to warm up their car before they get on the highway? Market oil changes? Determine that you're a bad person because you have premature engine wear or aren't driving "green"? How in creation is any of it going to benefit a "automotive competitor" that has dimwitted self-driving cars that putz around town slowly like ants carrying bread crumbs on a sidewalk?

    I realize that having an open avenue for data to be exchanged with a car's systems by an Internet-connected device is a very bad idea, and could lead to all kinds of unpleasant exploits. But that doesn't seem to be the point of this decision. Though while we're on the subject, what data is marketing king Apple secretly gobbling with even less openness? I really just suspect that Porsche 'drank the Kool-aid" and caved because iStuff is perceived as being more hip among the pretentious set, and most people that buy Porsches are likely to have an iPhone. Not because they respect the performance of Porsche or its racing heritage, or that iPhones are better in any meaningful way functionally, but "ooh, shiny!"

    Realistically, is either company less scummy with your demographic data? What are cars that boast built-in 4G connectivity without using a phone blasting back to home base about your driving habits, location, and other data? If you want to go in that direction, GM's integrated "OnStar" system, which preceded all other systems of this type, is probably the spymaster of the bunch.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019