The recent Android app update to 3.13.0 (2019101401) has been very annoying.
Firstly, my car configuration was lost. And my life is busy and re-configuring with long passwords that I have to look up is a pain so I didn't reconfigure. Then the real bizarre behavior comes in.
Even though the app shows the Demonstration Car and does not offer my car to be selected, I still get alert messages for my car configuration although my car is not an option for the app.
A couple months ago an app update lost my configuration and I fairly quickly reconfigured so I didn't notice if this is a long standing issue.
This seems very strange and I worry if there is little validation of messages from the server pushed to the app. It seems like the server is pushing messages to the app and the app passes them along without checking that they are for configured vehicles.
Does anyone else see this? Is there a security issue? Seems pretty big to me.
Jeff Anton
Sorry for the issue with the lost car config. There are new developers helping with the App… shouldn't happen again.
Regarding the notifications, that's normal/expected behaviour. Notifications are sent via Google FCM, and the FCM registration isn't bound to the vehicles configured, it's bound to the App instance. That's the way FCM works. Only if you uninstall the App or clear the App data, the FCM tokens become invalid.
In case of this update failure, only the list of vehicles was lost, no other App data. So in terms of FCM registration, there was no change.
The App could validate if messages received match a defined car, but it can only do so by the vehicle ID contained, so that wouldn't gain anything in terms of security.
If you sell your phone, you should at least wipe the Apps you used. That should invalidate any remaining FCM registrations… but you need to trust Google on that. The web has reports of reinstalled Apps (not OVMS though) still getting notifications for previous instances.
A better protection is to wipe the device.
Regards,
Michael
New update yesterday, and still lost car configuration. Android.
Yes, Android.
There was no change to any configuration data structures in this update, just functional changes.
I have no idea how/why that would need to break existing configurations.
*sigh*
Same problem here on the Android app, Lost config since last two updates.
As you may have read in the history by now, I've changed the storage format to JSON with release 3.14.0.
That should avoid future issues with the file.