alt Hacker NewsHow else would you build "security" into the app (in the sense of not allowing third-party modifications of it that would open them up to liability), except relying on hardware attestation that the app has not been modified? That attestation necessarily requires the platform provider to be involved.
You don't, the app runs on a user-supplied device. They should secure the part that runs on the car and consider the interface between the app and the api to be a user interface.