They’ve already had a security “moment” with an earlier version of this app.
If I recall correctly (it was a couple of years or so ago and I’m not a web programmer) once you’d authenticated with the server with valid credentials it issued some kind of persistent (and quite long lived) authentication token, and you could then issue requests using that authentication token but with the VIN of a different car to acesss State of Charge, driving records, and potentially location data.
It would be disappointing if they’d made another cock-up like that (or been forced to make customers update passwords in order to prevent the possibility of a similar cock-up) but in view of the, errr... “disappointing” nature of the Nissan Connect offering (it’s appallingly sluggish, frequently unavailable, and has a bloody awful UI) it wouldn’t be entirely surprising.
This is a shame since (as others have suggested) being able to check charge status, fire up the climate control and even interrogate vehicle location is jolly useful...
Biting the hand that feeds IT
