just to expand on the content/context of this thread (without trying to beat a dead horse);
at the end of the day, these third party services cost money. they cost money to develop, to host and to distribute. the liabilities added in the clauses and TOS are standard lingo for deniability and to protect the issuing party. at the end of the day, they have ZERO interest in protecting you, as a consumer. yes there are implied warranties and agreements, but if an opportunity to collect additional revenue through basic data generation, the company/issuing party were to be sold, or the infrastructure was somehow hacked (at any level), the data they've collected from all of the tokens, logins, etc., are now exposed. this happens more often than you may know/realize.
honestly, i think most of the data collected and measured through most of the apps is benign at best, but there is important data like location history, VIN information, specific vehicle location and even personal data that is at risk. so while I agree there are far too many controls available at the API level, there is still a lot to be desired in terms of data collection and what it's used for.
as a modern IT professional, i love the thought that i can manipulate the data coming from my car to change my driving patterns, track my battery health, etc., but these tools are risky at best. if something were to happen to someone's vehicle as a result of a data breach, there will be a LOT of "i told you so's" being posted.