this post was submitted on 23 Jun 2026
416 points (97.5% liked)
Technology
85670 readers
3500 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why they do this:
After the first three years, Volkswagen is charging ev customers €150/year to see the charge level on the app, remotely start the air conditioning, schedule charge and so on.
Any tinkerer is thinking "well, if I am paying this extortion just to see the charge level on the app, then I want to exfiltrate my data in home assistant or similar, getting better stats and so on"
So they blocked the API with Google play integrity signatures
Now, instead of spending money on engineering ways to block uncertified devices, they could have simply introduced an official API with rate limits and stuff.
The fact that they noticed all those "unauthorized accesses" it's prove that people just want to pay for a lightweight API access, not a 250mb app that takes 4 minutes to remotely start the air conditioning
After all, we're talking for €150/year for accessing the data of a €1 iot sim card using 0.0001€ of compute time. There should be enough margin for that.