I developed an app to control the car from the smartwatch and I ask for the token, then save it encrypted locally. Did this because as said before, giving credentials to others is a very risky idea. Anyone can use a Fiddler proxy and test my claims. And after that, I hope people will think...