Vehicles can now tell us where we’re going, play us our favorite music or movies, control the temperature and seat positions, monitor heartbeats and even warn us if we’re about to get into an accident. As more automotive manufacturers integrate mobile platforms and applications into their vehicles, they’ll only get smarter. Or will they?
There are many issues to consider when integrating mobile applications into connected vehicles, from security to performance and beyond. Knowing and addressing these issues as early as possible in the development process is key to ensuring quality and driver satisfaction.
This article will identify and explain some of the key considerations manufacturers need to be aware of when integrating mobile apps into vehicles.
With advances in technology over the last decade, customer demand and competition among original equipment manufacturers (OEMs) have forced automakers to integrate many of the latest apps into their vehicles. Whether meant to entertain, facilitate communication or enhance performance, these apps bring to the consumer a new level of comfort and convenience, as well as enhanced safety features. As a result, today’s consumers now expect to have more apps and services available in their cars.
There are many issues that automakers should consider when planning to integrate apps into automobiles, issues that may not be readily apparent in the initial stages of development and implementation. In addition to security concerns, certifications, bandwidth and connectivity considerations, manufacturers must decide what types of apps to offer and, most importantly, how to ensure they are safe and helpful to users and that don’t misrepresent their brand.
As a manufacturer of highly-regulated products and components, you may be searching for information on accepted regulations or developed standards for mobile apps in vehicles. As the popularity of connected vehicles grows, governments are now publishing guidance and, in some cases, regulations. Initiatives like the European Union’s Gear 2030 were created to help guide industry policy when implementing automated and connected capabilities into cars.
To date, neither the automotive industry nor the government has developed specific standards around mobile apps in the vehicle. This may come to fruition in the future. Today, however, the onus is mostly on automotive manufacturers to ensure the apps in their vehicles are functional, usable and secure. The best way to do so is to develop a rock-solid certification and verification process, which includes robust testing guidelines, something that many auto manufacturers may not know how to do nor have the staff/resources to do in-house. But doing so is key to ensuring an ideal user experience and protecting a company’s brand and reputation.
This is where a third-party test house can help; especially one that has experience working with companies to develop custom solutions and certification programs. In addition, a test house that is familiar with the automotive industry and its existing and pending regulations will help create a process that is realistic, comprehensive and accounts for changes and adjustments.
Native or Third-Party Apps?
A key consideration is whether or not to provide users with access to third-party apps. It may be appealing to offer drivers access to some of the more than four million apps that are available today; however, there are risks related to opening your product to that many unknowns. Some app stores have had several high-profile malware attacks that have been widely distributed. What’s more, how can you be certain that each of those apps perform well in your vehicle?
Although third-party apps aren’t yours, most of your customers won’t recognize that. They won’t inherently separate the app from the vehicle or the experience. What if a bad app shuts down a fleet of vehicles?
Steers drivers in the wrong direction? Or worse yet, causes an accident? Your brand and your product could be tied to that experience, and the damage could be irreparable. The question you need to consider is: do you trust four million third-party developers to represent your brand?
Many automotive companies develop their own app stores so that they have greater control over the quality and types of apps accessible through their vehicles. This way, they can put in place functional and content guidelines for developers, and have the option to review and test apps before they make them available to the public. This is likely the safest implementation if there are strong testing and validation guidelines attached to the release and review of applications that are published.
Connectivity – Embedded vs. Tethered
There are several ways apps can be accessed through vehicles, but the two most common are embedded and tethered solutions. Embedded implementations generally have all the connectivity and intelligence built into the vehicle itself, and are typically based on a proprietary system controlled by the manufacturer. A tethered solution requires users to connect to a car with their smartphones, via a wired or wireless connection, often using a third-party interface like Android Auto or Apple CarPlay.
There are pros and cons to each solution, as outlined in Table 1.
|Streamlined user experience||Difficult to change hardware once developed|
|On-board “always on” communication||Fees for connectivity services|
|Manufacturer controlled environment||Difficult to update once rolled out|
|Must create guidance and testing policy in-house|
|User-controlled functionality||Not “always on” when user is not present|
|Lower up-front costs||Potential incompatibilities between a device’s implementation of protocols given inconsistent user functionality|
|Pushes connectivity and fees to
the end user
|Charges for data services can generate unexpected data fees and
|Large compatibility requirements between all device manufacturers requiring testing of hundreds of different devices|
Table 1: Advantages and drawbacks to embedded and tethered in-vehicle apps
The first step in making the decision of the method to use requires an understanding of the functionality needed. Embedded solutions are best for connecting the user and the vehicle. Therefore, they allow for functions such as remote vehicle diagnostics, vehicle fleet tracking and theft detection and recovery. Tethered functionality shifts much of the functionality and capability to the user and, in turn, creates a more customized experience, allowing faster updates that aren’t always possible with embedded systems.
Thirty-three states currently have legislation related to autonomous vehicles. It’s becoming clear that, in the future, a significant portion of vehicles on the road will have some type of automated capability. The National Conference of State Legislators has even developed an autonomous vehicle legislative database to help keep up with the rapidly changing guidelines.
According to the U.S. Department of Transporation (DoT), wireless vehicle communication is an emerging factor that will need to be considered. Communication between vehicles is a key feature of capabilities to enable fleet management and streamlined traffic flow. Developed frameworks will need to take into account these current recommendations and also have the flexibility to change as the recommendations turn into regulations. Currently, the DoT classifies five distinct levels of autonomous functionality:
- Level 1 – A single function is automated
- Level 2 – More than one function is automated at the same time
- Level 3 – Driving functions are automated and the driver can perform other activities
- Level 4 – The car can drive without a human driver and perform all safety-critical driving functions
- Level 5 – Fully autonomous and can handle extreme environments (dirt roads, snow)
Each level comes with its own set of concerns. Having a flexible yet robust policy for all levels of autonomous capabilities is a key component to having a safe and future-ready design that can stand up to public scrutiny.
As demonstrated by a hack that stopped the transmission in a moving vehicle, security is something that must be addressed. The U.S. Federal Bureau of Investigation and DoT have released a joint statement covering several important measures to take when dealing with security in connected vehicles. Some of the key recommendations are keeping devices up to date, and to exercise discretion when connecting third-party devices to a vehicle.
Manufacturers need to have a robust and validated procedure for updates and security patches. This includes over-the-air updates that have been popularized by some newer car manufacturers, and which can bring additional complexity into securing your eco-system.
As the technology becomes more advanced and there are more ways to access vehicles through networks and apps, the risks for security breaches will continue to grow. OEMs will need a trusted partner to independently verify and test any software or hardware product that will be integrated into their vehicles. These tests should include enterprise-level testing and verification, such as man-in-the-middle attacks, SSL verification, and data protection, to name just a few.
Integrating apps into vehicles comes with a certain degree of risk – to users and your brand. But the degree of risk can be significantly mitigated with the creation of a certification program and solid testing plan.
Creating a certification program for your apps gives you more control over what types of apps appear in your eco-system. With a certification program, manufacturers have the power to approve or deny apps based on defined test criteria. Creating a robust test plan can help offload much of the technical testing responsibility onto the app developers, which leaves your team to focus on functionality and app selection.
Engaging a third-party test house can significantly speed the entire process, from program creation to app certification. Selecting one with established certification program development and certification testing expertise can also provide you with valuable insight into best practices and streamlined processes. This can help to ensure you’re providing users with the highest quality apps.
Real World Solutions: Examples of Third Party Testing Capabilities
With so many connected devices available and on the horizon, it can be increasingly challenging for OEMs to ensure the quality and safety of their vehicles. Utilizing third party test services that have a “one-stop-shop” offering can streamline the testing and certification creation process significantly and help build quality into the process. A partner that can cover the technical testing as well as certifications of the hardware related to connectivity, such as LTE and WiFo, is essential to releasing a safe, independently tested and verified product that will provide a positive experience to users.
The following sections illustrate some examples of testing you will want to your testing organization to perform quickly and expertly, so your team is able to focus on what it does best.
Test Bench Build
Seek out a company with expertise creating prototype and commercial vehicle benches for testing, preferably test benches that can help validate internal results before releasing to the general public, and that can also be migrated to field tests to mimic the “out of box” experiences that your customers will encounter.
Comprehensive Hosting and Testing Services
A third-party testing company should have the capability to perform a wide array of hosting and testing services. At a minimum, such hosting and testing services should include:
- IT management and support of the test benches
- Web services
- Remote access to security
- Backup and other hardware/software maintenance as necessary
- Availability of root cause analysis specialists
- Test script management, maintenance, bug fixing and enhancement
- Test execution team, test monitoring, and test results delivery
- Email and phone support, with ticket system
Load testing is a basic service that many testing companies can provide. Consider whether the testing company can perform load testing for many platforms and certification programs, and has developed testing scenarios and environments ranging from maxing
out device resources to overload testing to stress test server capability.
While it is true that automated testing can save time and resources, it isn’t always the best solution. Your testing partner should have a host of automated tools at its disposal, as well as the ability to utilize a blend of automated and manual testing, in which automated tools help to guide manual tests.
Information Security Protection
Your intellectual property is your bread and butter; any third party you use should protect it as if it is their own. Make sure that your testing company has established an information security policy to govern the protection of information assets of the organization, customers and suppliers from all threats, whether internal or external, deliberate or accidental, and that the policy complies with all governing laws.
Test Suite Management
Finally, a third-party testing company should provide you with 24/7 access to test plans, reports, analytics and access to a dedicated project manager. You should have access to information about every step of your testing project, at any time.
Delmar Howard is a Program Manager for Intertek, a leading Total Quality Solutions provider. He focuses on test process development and security assurance in both enterprise and consumer software. He has been directly involved in the design and implementation of testing programs for smart product manufacturers. Delmar has more than 10 years of experience in IT testing and holds a B.S. in Computer Science from Bloomsburg University.