Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Tesla Companion App

This site may earn commission on affiliate links.
#41
Looks like I may not be able to release the new version of Tesla Companion for keyless driving and full calendar integration since the current beta is using the new authentication mechanism that requires a client id key and secret key that are not publicly available.

The way to obtain that keys is decompiling the official app or decrypt the HTTPs requests, decompiling the App violates the software license, I’m not sure what the current implication of sniffing the HTTPs request are yet.

I contacted Tesla and they are not providing keys for third party apps.

Using Tesla proprietary client and secret key to authenticate a third party app might have legal consequences.
This is different to the previous authentication mechanism where authentication requires only email/password provided by the user.

The Beta program will continue working for some time however it may be closed as well.

The released version of Tesla Companion will stay on the store using previous authentication mechanism, however it won’t provide any new functionality released on Firmware 6.0 and will stay operational until Tesla decides to retire the old protocol.

As sad as it may sound I need to protect myself from possible lawsuits.

For example in the following link it exposes what certain risks are when developing a third party app for Tesla using their secrets.

https://www.eff.org/issues/coders/reverse-engineering-faq

“It is legally risky to bypass any “technical protection measures” (e.g., authentication handshakes, protocol encryption, password authentication, code obfuscation, code signing) that control access to the code or any specific functionality.”

Castor
 
#42
castor said:
Looks like I may not be able to release the new version of Tesla Companion for keyless driving and full calendar integration since the current beta is using the new authentication mechanism that requires a client id key and secret key that are not publicly available.

The way to obtain that keys is decompiling the official app or decrypt the HTTPs requests, decompiling the App violates the software license, I’m not sure what the current implication of sniffing the HTTPs request are yet.

I contacted Tesla and they are not providing keys for third party apps.

Using Tesla proprietary client and secret key to authenticate a third party app might have legal consequences.
This is different to the previous authentication mechanism where authentication requires only email/password provided by the user.

The Beta program will continue working for some time however it may be closed as well.

The released version of Tesla Companion will stay on the store using previous authentication mechanism, however it won’t provide any new functionality released on Firmware 6.0 and will stay operational until Tesla decides to retire the old protocol.

As sad as it may sound I need to protect myself from possible lawsuits.

For example in the following link it exposes what certain risks are when developing a third party app for Tesla using their secrets.

https://www.eff.org/issues/coders/reverse-engineering-faq

“It is legally risky to bypass any “technical protection measures” (e.g., authentication handshakes, protocol encryption, password authentication, code obfuscation, code signing) that control access to the code or any specific functionality.”

Castor
Click to expand...

I've tweeted Elon asking for some support for us Windows Phone-using Tesla. It'd be nice if others did the same and hopefully he'll dignifiy at least one of us with a response. It seems WP use amongst Tesla owners is growing and we deserve some kind of official support, hopefully via support for Castor's app so he can continue to do great work.
 
#46
Castor,
Thank you for all the time and effort you have put into this. I really hope Tesla is reading these boards and remedy the situation for wp users. As a former IPhone user, I've been much more satisfied with wp on my Nokia. Its strange to me that a company as forward thinking as Tesla chooses not to recognize what some of their patrons consider an equivalent ( better in my view as I switched after owning several generations of IPhones) platform.
 
#48
ACDriveMotor said:
TMC could also just release an official WP app. But I would much prefer that they enable others via an SDK.
Click to expand...
While logically I like the idea of an SDK, it seems to me that as the API increasingly allows control of a 2 ton missile, the disincentive for Tesla to do so rises. Imagine the scenario where someone writes a piece of code which contains a bug and as a result of its use a fatal accident occurs.

It becomes a lawyers' paradise and a huge distraction for Tesla management to handle the fallout. I can see the arguments that Tesla should have protected the interface so that nothing bad could possibly be done. Hard enough to do with their own software; next to impossible with third party software.

Can you see any simple way round this? Until there is, I regret to say that I think an SDK in a diminishing probability.
 
#49
simonog said:
While logically I like the idea of an SDK, it seems to me that as the API increasingly allows control of a 2 ton missile, the disincentive for Tesla to do so rises. Imagine the scenario where someone writes a piece of code which contains a bug and as a result of its use a fatal accident occurs.

It becomes a lawyers' paradise and a huge distraction for Tesla management to handle the fallout. I can see the arguments that Tesla should have protected the interface so that nothing bad could possibly be done. Hard enough to do with their own software; next to impossible with third party software.

Can you see any simple way round this? Until there is, I regret to say that I think an SDK in a diminishing probability.
Click to expand...

The mobile apps don't have anything to do with actually controlling the movement of the vehicle, however.
 
#51
With the new (post 6.0) API and oauth, they can easily limit the allowed functions based on the application id. Today we are "forced" to fake the id of either the official android app or the iPhone app. If they allowed 3. party apps, we could use unique ids for each application (Tesla Companion, Visible Tesla and so on) and they could make sure these would only be allowed to do a subset of what the APIs might actually provide. They could then also be much stricter about misusing other application ids.
 
You must log in or register to reply here.

Similar threads

ikarusk
  • Locked
Done with Tesla Model Y Performance after 2000km
Replies
198
Views
35K
Model Y
JezzaE
J
SilverGS
2-year ownership experience with a now 5-year-old 2016 Tesla Model S 75D
Replies
22
Views
11K
Model S
SilverGS
SilverGS
_tpt_
Vendor Tesla Performance Tools - Track focused CANbus display for iOS
Replies
35
Views
5K
Model S: Driving Dynamics
mattack4000
M
Alex D
Any word on the official Tesla app update?
Replies
6
Views
1K
Model S: User Interface
Shock-On-T
Shock-On-T
SeBsZ
Anyone willing to beta test my Android app/website TesLender.com?
Replies
2
Views
1K
Model S: User Interface
SeBsZ
SeBsZ
Top
Back
Blog
New
Forum list
Marketplace
Menu