The app does talk directly to the car, when you're in range of Bluetooth. That's how the phone key functions, all handoff and communications are done via bluetooth, not the internet when the devices are in range. Even with my phone in airplane mode (WiFi/Cellular disabled), and only Bluetooth on, I'm still able to unlock/lock the car, drive, and open the frunk/trunk.
That's not what I meant. I mean why can't the app learn the car's IP address using the cloud and then just connect directly to the car? That way if the cloud goes down it still works as long as its IP doesn't change.
It just amazes me that literally everything has to round trip to the cloud for everything. It's like we forgot that things can connect to each other.
This doesn't have to do with communicating with the car.
I believe internet is needed because tesla acts as a CA for your phone. That allows you to revoke a device, for instance if it were stolen. My guess is that the phone has authorizations that it renews fairly frequently and in this case apps could renew auths so once the current set expired you couldn't use the phone to unlock, etc. I can't immediately think of a better solution to the problem that allows using a phone for some functions and being able to remotely revoke a device.
If letsencrypt went down we'd similarly see a large portion of sites be inaccessible through browsers after 90 days even though you could directly connect to those servers
Why is it harder to secure the cloud endpoint than the car? Is it immune to remote attacks because it lives in a data center? A CPU is a CPU. Code is code.
Having every car aggregated at one cloud system means if you got into that you could simultaneously attack every single Tesla in the world.
There is no good reason for this. It's just a mixture of "how things are done nowadays" and superstition.
