Remote Engine Start via Mobile App

Implementing Remote Engine Start via Mobile App

Remote engine start is one of the technically most responsible functions in a car app. Accidental or unauthorized engine start—threat to people nearby. Not a CRUD operation; a command with serious consequences. Architecture must reflect that.

Stack: Telematics Unit + GSM + Secure Command

Remote start implemented via telematics control unit (TCU) with relays connected to vehicle ignition circuit. Budget options—Pandora, StarLine, Scher-Khan with GSM module and manufacturer API. Custom fleet solutions—Teltonika FMB003/FMB125 with DOUT outputs and commands via MQTT or SMS.

Pandora/StarLine provide cloud API. Start command:

suspend fun remoteStart(carId: Long): EngineStartResult {
    // 1. Check preconditions via API
    val status = api.getVehicleStatus(carId)
    check(!status.isMoving) { "Vehicle is moving" }
    check(status.doorsLocked) { "Doors not locked" }
    check(status.hoodClosed) { "Hood open" }

    // 2. Request with TOTP confirmation (or biometrics)
    val otp = totpManager.generateOtp(currentUser.secret)

    // 3. Signed command
    val command = EngineStartCommand(
        carId = carId,
        userId = currentUser.id,
        timestamp = Instant.now().epochSecond,
        otp = otp,
        duration = 15,  // minutes of idle run
    )
    val signature = hmacSha256(command.serialize(), currentUser.commandSecret)

    return api.sendCommand(command.copy(signature = signature))
}

Biometric Confirmation on Device

Before sending—mandatory confirmation via BiometricPrompt (Android) or LocalAuthentication (iOS). Not PIN, not password—biometrics or device credential:

suspend fun confirmWithBiometrics(context: FragmentActivity): Boolean {
    val executor = ContextCompat.getMainExecutor(context)
    val prompt = BiometricPrompt(context, executor, object : BiometricPrompt.AuthenticationCallback() {
        override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
            continuation.resume(true)
        }
        override fun onAuthenticationFailed() {
            continuation.resume(false)
        }
        override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
            continuation.resumeWithException(BiometricException(errString.toString()))
        }
    })

    val info = BiometricPrompt.PromptInfo.Builder()
        .setTitle("Confirm engine start")
        .setSubtitle("Toyota Camry · ${car.plateNumber}")
        .setAllowedAuthenticators(BiometricManager.Authenticators.BIOMETRIC_STRONG
                or BiometricManager.Authenticators.DEVICE_CREDENTIAL)
        .build()

    return suspendCoroutine { continuation = it.also { prompt.authenticate(info) } }
}

iOS equivalent—LAContext.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics).

Command Status and Timeout

Start command sent—engine doesn't start instantly. GSM command takes 2-15 seconds, startup another 3-5. UI—progress bar with stages:

enum EngineStartStage {
  sending,        // command to server
  delivered,      // server confirmed delivery to TCU
  cranking,       // TCU signaled starter
  running,        // engine running (ignition = on, rpm > 400)
  failed,         // didn't start within timeout
}

Status updated via WebSocket or device status polling. 60-second timeout—if engine doesn't start, error shown and starter relay disabled (safe stop).

Safety Constraints

Command blocked if:

• vehicle already moving (speed > 0 from GPS)
• hood open (DINPUT from TCU)
• less than 30 seconds since last start attempt
• user changed password or device in last 24 hours (account theft protection)

Every attempt logged to audit with vehicle coordinates, user ID, device, IP, result.

Developing remote engine start feature with biometric confirmation and status control: 5–8 weeks (within broader app). Cost individually quoted after TCU API analysis.