Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Giving Apps Permission to your Tesla Accounrt

This site may earn commission on affiliate links.
Some Apps request permission to your Tesla account, I read this is not a good idea because they can then have access to your whole car/account etc.

is this true?
I was looking at using A better route planner and Optiwatt apps...Im sure there at plenty others that want to sync with the car.

thanks
 
Whether you think its a good idea or not is completely up to you. The apps want to generate a token to access your car. Once it has a token it can do the same things with your car that you can do with it, in general.

How safe that is depends on how feel about that.
 
  • Like
Reactions: angus[Y]oung
I've put longer responses to this in other threads in the past, but to summarize.

- If you give them your login, or just a token, they have the same access via the API that you do.

- The biggest problem for me isn't that I don't trust the app/app maker, it's that I don't know how good their security is, and for a criminal this would be an attractive target.

- Imagine if someone got into their systems and had a list of all the GPS locations of cars. They could look for nearby ones and remotely unlock them to steal things.
 
This topic tends to have a lot of passion around it, actually. There are people who swear by these apps, and there are others that would never install one. As you mention, the issue for me is not really whether I think the app makers are out to do something nefarious (the larger ones likely arent).

The issue is more around, "if large companies that have entire cyber security divisions can get hacked, its inevitable that a smaller app developers data will get hacked, if they get large enough to matter / be an attractive hacking target".

shrug...

Everyones risk tolerance is different, so thats why I said "its up to each individual to make that decision, just know that if an app can open your car or provide information about your location to you, that data could end up in someone elses hands as well".
 
Tesla can do a much better job and make the permission scope of the token much finer. So I can let OptiWatt has only ability to change charging levels and schedule, for example, and nothing else. Or I can allow Tezlab to control my car, or even just some features of my car. Right now it’s all or nothing.

That would be assuming that tesla wants to endorse the use of their APIs and such, which they likely dont.
 
  • Like
Reactions: AlexHung
I avoided using a 3rd party app for my Model 3 for the last 2 years but am a data junkie and have missed the ability to track certain things. I had read about an app that you can manage on your own server but never looked into it. Has anyone used this option and has a good summary of the pros/cons compared to the bigger 3rd party options such as Teslafi, Stats, or Tezlab?

I'd like to start using one for my new MY to keep better track of efficiency in different conditions and battery degradation over time.
 
It's the same reason hackers will attack something smaller, like even this website, and get usernames & passwords. Many people use the same username/password combo so they'll then run them all through banks and whatnot and eventually find a hit.

Which is why you should have separate login credentials for everywhere you visit on the web.