BMW Connected Apps Protocol

This happened to me with GM

I tried to get developer access via a form and never got a response, so I tried sending a message the head of the infotainment on LinkedIn

Thankfully he was able to get my application to the dev site moving... but unfortunately, they required a business use case to get an API key once you had access to the site.

So I tried to pick the API key out of the app.

They had the most novel obfuscation I've ever seen for an app's API key

The key was inside the image data for the launcher icon

There was a weird transformation applied to it too, so instead of trying to reverse engineer it I just fired up Charles and intercepted it from there

With the API key and the documentation for the API from the dev site I was able to write a program that started preconditioning my Volt when I left my apartment (the car was in an attached underground garage, so it'd be at the right temperature by the time I got down)

While I agree that companies should share development libraries/SDKs, this will not prevent reverse engineering and if closed source gives reverse engineers another avenue to gain access. BMW likely declined due to possible liability. If someone creates a smartphone app than anyone could download that unlocks the vehicles and is sued, it is easier to convince lawyers, judges and nontechnical plaintiffs that the company is not at fault if they provided no access to the software regardless of whether the SDK provided was utilized or not. Even if there was an explicit opt in for each vehicle to allow users to utilize a SDK, the auto industry does not have protocols on how to do factory resets after the vehicle changes hands.

I could imagine a lot of scenarios where BMW wasn’t ready to publicly share its SDK for security reasons

> Half the time I enter the vehicle the car thinks I'm my wife.

I had the same issue with a fairly old Volvo, and manually adjusting the seats for the large height difference was quite irritating (even with the setting memory feature). I was convinced it was buggy or random, until I accidentally figured out the car's actual "algorithm" - it was simply remembering the last seat setting for the key used, and since we were using a single key and just swapping the car between us as needed... Not sure why this took me so long to figure out, it was just kind of an unexpected default behaviour, given our use case of a shared car.

> But the software is awful. It's not poorly designed, necessarily, but it's buggy as hell.

Can't say I agree with this in the slightest, assuming you are not talking about a 2002-2005 (EU) year which did have a very buggy implementation of iDrive based on Windows.

The issue you are describing is otherwise known as "opening the car with a key attached to the driver profile for your wife".

My 2009 3 series with the professional navigation option is not only bug-free in everyday use (with all updates applied) but substantially better than most brand new cars available today, which is why I still have it.

It sounds like all of these problems have to do with the driver profile. My grandpa's 1999 Buick Park Ave had 2 key fobs. Each fob was paired with a different driver profile. Depending on which fob unlocked the car, the seat and preferences were adjusted instantly. Surely BMW can do something similar here. My only advice is to talk to your salesman / dealer and see if they can set you straight.

> But the software is awful. It's not poorly designed, necessarily, but it's buggy as hell.

Seconded. It was always crappy, but I recently switched to a 2019 model and expected it to be better. It isn't.

I'm amazed that in 2019/2020 we still have problems with keeping track of two driver profiles (yes!) and their phones. It's not rocket science!

A phone can stop working for no reason and require un-paring/re-connecting. The UX is crappy, Spotify integration works or does not, depending on the phase of the moon.

My car also came with Apple CarPlay, which was somewhat better but after a couple of weeks both phones stopped working with the car. The dealership told me I never had a CarPlay subscription (!), which means it must have been a demo. From the point of view of the user: phones worked nicely, until suddenly they stopped working, completely. Wasted time on dealership visits and unparing/re-connecting phones again.

Oh, and the much-touted feature that lets you unlock the car with an NFC card or your phone? Only works with Samsung phones.

I'm not sure if manufacturers get the fact that for a certain segment of customers phone integration is one of the most important features in the car. After my lease expires I will be shopping with that in mind.

This reminds my of the troubles I have with CarPlay on BMW.

I use Android. Anytime I try to go somewhere while my wife's iPhone is near the garage, it takes over my car and I can't do anything. No music, no phone calls, nothing but drive. In order to regain control of my car, I have to drive a mile down the road, pull over, shut off the ignition, count 30 Mississippi, then restart the car. Only then will the unresponsive CarPlay coupe coup be ultimately defeated. :)

Sure I could remove her iPhone profile, but that hurts her feelings.

Use the correct key fob. The car selects the profile depending on the fob used to unlock the car.

I have two BMWs, both do the same.

As all the others say, just use the right key fob. It's in the manual how all this works (it is in mine, at least).

This story is exactly why I want my cars to be dead simple. I don't care about the "luxury" that is having some gigantic distracting screen with whatever invariably-horrible software implementation running on it.

My current car is almost entirely mechanical, with the exception of electronic throttle body. This may sound like a petty gripe considering the pure garbage that is being sold today, but I can feel the difference between this and a throttle body with a physical cable attached to it. It annoys the hell out of me that I can sense a 1mm deadzone before the computer detects that I have pressed my accelerator pedal. I cannot comprehend how people are tolerating things like brake/steer-by-wire, lane-keep assist on by default, engine auto stop, emergency auto breaking, etc.

I understand the most profitable target market for these cars is "people who didn't want to drive in the first place", but can we at least spend a little time considering those still in the "I like to drive and don't want it to be a miserable experience" demographic?

Which iDrive version does your car have? The only notable software bug I’ve encountered on my G12 with the current gen NBT EVO (101172.3.214, 2017-04, Q18491l) is that carplay sometimes fails to connect until I restart the infotainment.

I’ve never seen the car pick any other driver profile than the one associated with the keyfob.

Something to remember about the automotive industry is that they have a long running time for each project. So each generation often have a large improvement over the last because they worked on it for years before first release.

This is why some things can be "not perfect" for some users. The companies are improving rather fast just past years to be able to have things like software be improved in a much faster way and free of chains to the timeline of the project they are part of.

"Car thinks i'm the wife". Some cars go by weight and some by the key used. Some go by the last use and once you sit down it adjust things to that last setting.

I used to have a Audi and a Volvo with these things. The Audi i had seemed to go by weight only and the Volvo had memory buttons to be used but seemed to go by the key.

What the newer BMW use i am unsure of.

Do you and your wife use multiple BMW keys interchangeably? Each key can be made to default to a profile, so when either my wife or I enter with our keys, everything sets up per each of our preferences.

>And the UX is pretty good. The computer controls can almost be used by memory, they're very close to hand and well laid out. The nav is so-so but the in-dash lane view makes it sane for big cities.

But the software is awful. It's not poorly designed, necessarily, but it's buggy as hell.

Interesting. I have a 2015 BMW 3 Series with professional I-Drive and I still find it one of the best systems available.

Hardware companies make terrible software.

But now the problem is that software companies make very good software - that benefits themselves first, and the customer as almost an afterthought.

I am driving a new Mercedes C class and can confirm: the software is utter rubbish. Half of the built-in "Mercedes apps" are crashing, not starting, not working, not connecting. Mercedes Me works - sometimes, sometimes it doesnt.

Germans are very bad at software.

Oh god. I got rid of my BMW less than a year after buying it in part because of the horrible "iDrive" central console interface. It was absolutely terrible! Examples: Putting the car into drive would pass by reverse, so the reverse camera would come up, then not go away for 20 seconds or so. Notifications would pop up for gas at 1/8th of a tank with an alert sound like the scene change music to Law & Order. Unkillable notifications for unneeded oil changes. Deep menus for common functionality like sound adjustments. The audio didn't stop when you turned off the car, only when you opened and shut the door (letting everyone in the parking lot hear a snippet of your music first). The nav system took a minute or so to start up, so you can't begin to enter an address until it's ready. Where were the physical play/pause buttons? There are none.

There's a reason why California companies lead the world in UI design: We actually care about the user experience. The hostility of a BMW UX is on a level that I honestly didn't think was possible. It wasn't just moronic, it was straight up belligerent.

Thank goodness the car had a major safety recall and I had an excuse to get rid of it. My first and last BMW ever.

Yeah, I 'inherited' a 2015 BMW 1-series with very basic equipment from my grandma. Plenty of car for a cs student, but I really wanted Apple Carplay and Android Auto in my car.

You're right though, it is not perfect. But I was surprised how well it's integrated. It definitely connects faster and more reliably than the default Bluetooth connection in the car and it can be removed without a trace afterwards, since it's just a piggyback box.

I do experience a crash though sometimes, and then I have to stop, turn off and lock the car for ~30 seconds just to restart the box.

I have a binary firmware file from the manufacturer, was thinking I might try to decompile it and make my own version, but I don't have a the experience or the time atm.

Dang, there is something odd with the (unusual high) number of newly registrated comments on this post. Good comments, but could all be from the same person?

From zwb’s bio: “(..) Hacker News is an online game you can play where your score is up in the top right corner and there's a leaderboard, and you get points by posting stuff and making comments people like. (..)”

Another possible explanation (other than keeping everything in case it can be monetized) is being concerned with mirriad of ways it can bring liability to the company. Perhaps, it is not a practical way to keep such risk away, but I can see how it can be most rational decision by a big company.

Tesla didn't try to block it when people did figure out the calls to talk to their car, so that's at least a good thing. They figured it out by putting the android or ios app on wifi and looking at the calls. Then from there they figured out the login token. One thing Tesla hasn't done right, you can't revoke tokens (at least it didn't seem to be possible last I looked).

Yes completely!

I want an electric car. I don't want any screens though. Analogue dials, switches, buttons.

I don't expect to own a vehicle for 20 years, but what is the real life-expectancy of those LCD screens and back-lights? I'm driving a 9-year-old car right now and half of the 'tech' on it doesn't work worth shit. It drives ok, but it's nearing it's serviceable EOL.