It is the same number used to provide details for your service appointment. I didn't like the practice myself, I'll ask at my next appointment.
This is confusing to me. A phone number does contact me for service via text, but only for appointment confirmations. Any actual info about the car, problems, etc. is done via the official Tesla app and potentially email to official Tesla addresses. The only other phone numbers I've seen for service are what seemed to be personal cell phones calling me to say the work is done and to come pick up the car (mobile service team).
The people at your appointment may be the problem, see if you can get in touch higher up or at least with a more general support line. It's entirely possible Tesla is simply intentionally employing a very poor practice here, but that doesn't make it any less appalling.
I’m laughing that I got “well actually”-d and treated as if I have no clue how APIs and authentication work. I’ve worked in software my entire career, thanks.
The problem is that we’re not dealing with Google here (who, arguably, is the last company you want to give any data to btw). Most of the people making these third party apps are not thinking about the security of your data or access to your car. It’s only going to take one story about how someone’s Tesla got “hacked” (a.k.a. They handed out their credentials) and we’re going to have full blown congressional investigations and permanent marring of the Tesla brand. We’ll never hear the end of it from people that don’t understand the tech. It’s a massive security hole that they’ve left wide open and an improved authentication method still isn’t going to solve it.
They should hire some of these folks creating 3rd party apps, upgrade the official app with better functionality, and close off much of the access they currently grant to third parties. Tesla should strive to be the shining example of privacy, security, and trust - it’ll be a competitive advantage for them in the long run as other brands experience breaches and security issues.
Maybe they can start by implementing actual 2FA, which should’ve been available years ago? I love Tesla, but they have a lot of work to do here and I can’t just give them a free pass. We should demand more from them and every other company in this regard.
I agree with many of your points, including the original one that Tesla should just improve what the app can do. Unfortunately that alone isn't really productive for most of their users, and mostly a waste of Tesla's time. People using these third-party services are doing and reading a lot more with their vehicles than the average EV driver who unplugs, drives to work, drives home, plugs back in, and then leaves it until the next day. EVs attract these folk for sure, but they're still not a majority of Tesla owners.
Given that the API is publicly usable right now, there are two options for improvement (one you sort of mentioned): Prevent public access (rendering the services and apps useless), or enhance their authorisation schemes.
There are a large variety of services and apps simply because one can always think of a new way to use an API, or contextualise some data. If Tesla closes off the API because they now have a better app and info service, they will likely be missing things that a small minority does actually want to see or reimagine.
I did not realize the extent of this threat. Approximately how many Teslas have experienced being hacked?
I want to avoid using the word "hacked", since it's not "hacking" if you willingly give a stranger access to your account.
Due to that, it's nearly impossible to tell as an owner. We have no insight to who is getting data from our vehicles. Control of a vehicle would be more obvious, but also not necessarily noticeable if done at opportune times.
Even if nothing bad has happened yet, it may in the future. This isn't a "sky is falling" scenario, but giving a stranger the full-access key to your car that anyone can use from anywhere in the world has some obvious theoretical problems when phrased as such.