unfortunately I can’t use my phone as a BMW Digital Key Plus to access my car. The BMW app works flawlessly on my Pixel 8 Pro with /e/OS 3.1.1 Android 15 (newest from August 29th).
Trying to activate the key brings me to the error message that my device wasn’t compatible with this feature. The device itself is on BMW’s list of supported devices. Of course everything is different with /e/OS.
Does anyone know a workaround?
Maybe…
installing an app?
changing or activating something in the settings?
Can anyone explain what hardware parts of the smartphone are being used for this feature normally? Like Bluetooth or NFC or…? What makes the normal Pixel 8 Pro with Google’s Android compatible with the BMW? Is it possible to add this feature to e/OS?
McGyer look at what you say in second sentence: “The BMW app works flawlessly on my Pixel 8 Pro with /e/OS 3.1.1 Android 15 (newest from August 29th).”
So what phone does it not work with or is the second sentence a typo? Or is the digital key part of the app. I don’t know I don’t have a BMW. What is being said about the BMW app in the Advanced Privacy, is the BMW app attempting to leak anything? Do you have Bluetooth and NFC turned on (by way of tiles)?
Thanks for your help. Rather a misunderstanding than a typo. The BMW app works, it doesn’t crash. Trying to connect the keys within the app brings a legit and nicely programmed message that says my device wasn’t compatible with this single feature. Everything else works fine.
As the hardware is on the list of compatible devices I am hoping for a software based solution.
NFC, Bluetooth and wifi is on. The app has all permissions. I accepted all trackers for the BMW app.
The feature is supposed to make your smartphone key of the car. If you approach the car it opens, you can start the car when your phone is in the car. You don’t need the real key any more.
In north America BMW was charging an annual fee to turn on the heated seats, but have since dropped this because of blow back. I did a quick internet search and it does not appear that BMW requires you to pay for the feature digital key.
You say you accepted the tracker, when the app asked or in Advanced Privacy?
Is the location permission also on when you try to use the key, if so are you in an underground when you try to use the key?
I find it hard to believe BMW would not allow the digital key in a Google Pixel 8 Pro. Did it work with stock ROM on the Pixel? This way we can narrow it down to the OS.
Edit: It appears there is a pairing process that uses the G Wallet. It is also say many users have issues with this “pairing”. I would try with the alternate wallet that Gael suggested:
Keep searching, looks hopeful there may be a solution…
thanks for your help. Good idea trying to ask someone at BMW. Maybe I find someone.
Unfortunately I am not quite sure what I am supposed to do with your link to the Fairphone 6 Sim Post? Did you want to give an example on how to collect a log? If so… I am sorry, I didn’t get the cue. If not. How would I collect such a log?
The Google/Apple Exposure Notification System (GAEN) seems an option on how it could work.
How do I install this, making it work? Or do crash all privacy then?
thanks for your help. Yes. It is free and should work. As I received the brandnew BMW on Tuesday I never tried with a “real” Google Pixel. I tried to connect it in presence of the BMW employee who gave me the car. It should definately work with an original en-googled Pixel 8 Pro.
The Pixel 8 Pro I use is on the list of officially supported devices of my particular BMW.
I am sure that we can narrow down the search to /e/OS.
Trackers: I activated all trackers in the Advanced Privacy Settings for the BMW app.
GPS: I gave permission to access exact location and within Advanced Privacy it has permission to access the real location. Unfortunately I cannot find an option to give it location access in the background. It does not seem to be required by the app at all. (Is this a hint, not to look within the location settings?)
It has permission to see other devices
In the App settings: I gave it all permissions I could, just to make sure.
Your reddit post seems to be outdated as the person says the support told him it would only work with apple devices. My phone is on the list of supported devices today.
I don’t have a payment solution on my smartphone yet. This’ll be a good reason to look into it and try my luck for the BMW.
both NFC and UWB technology are used to establish the immediate proximity of the sender and receiver in a tamper-proof manner.
Perhaps you could describe how your phone reacts to the Setup card and QR code (and service card) and when you hold the mobile device to the outside door handle.
Taking a logcat like this
adb logcat | grep de.bmw.connected.mobile20.row
before and after performing these tests may reveal something. Performing a restart of the phone first will cut down less relevant “history”.
I installed Curve on my phone so I have a wallett now. It didn’t change the behaviour of the BMW App unfortunately.
I have had NFC and UWB activated on the phone from the beginning.
They key, the setup card and the access card aren’t needed to connect the key to the car. It is just a feature within th BMW app. Here is a screenshot. The blue field is the feature I need basically saying: “Setup Digital Key Plus”
I’ll look into the tutorial on how to log info in the next few days and see if there is something precious when I try to setup the keys here in the app.
is your husky relocked? murena says community releases can’t be relocked, but technically it’s just a different signing key. If it isn’t locked yet, check if you can relock safely (security patch level of /e/OS ahead of original stockrom).
That app will generate keys in the secure element (TEE) of the hardware and I’d think it expects some environment conditions to do so or refuse some actions. As aibd suggests, running logcat or logfox while ending up at that Apps screen will tell you the reason
thanks again everyone. I tried a “deep research” with Gemini Pro (not my Google account ). Here is a very convincing 11 page paper on our exact topic and why it won’t work on /e/OS. It explains the security architecture with several levels and gives suggestions on how to bypass them.
I am very suprised with the quality of those ai results and the actuality. Gemini also found our thread and mentions it in the paper at 3.3.
Have fun reading it. I hope this satisfies your curiousity.
I myself have enough answers now and most probably will use the key BMW gave me and not follow up further on the smartphone key.
thanks for keeping the pdf out-of-thread, it gives context for the unitiated, is generally right where it has official docs, but misrepresents key facts and does some riffing along at "This philosophical conflict… - not really wrong, but misleading.
Imo it will fail because microG doesn’t offer much of the Wallet API surface, not because your devices secure element can’t be prompted to generate and exchange keys or a certain integrity level can’t be reached with an official image (not available for husky sadly - check with SPIC app mentioned here though).
There’s nothing less secure about a user-chain-of-trust and /e/OS doesn’t reject device relocking as stated in that pdf - just that most devices in its history didn’t support user keys in verified boot and you need an official image for adb root debug to be disabled and the relocking make more sense from a vendor perspective.
You should still look into the possibility of relocking as it will raise device security (and then integrity levels) for other apps even if it is a userdebug build. This needs some research as it has bricking risks - SPL mainly.
The best writing on hardware attestation is found with GrapheneOS and interestingly that pdf stays clear off that. Anyway, it’s clear why vendors rely on Google proprietary services, I’m not arguing against that.
I’m not opposed to generated texts when they’re out-of-thread and marked as such (as you did), they can serve a purpose. The signal to noise ratio relies heavily on their sources though.
). Here is a very convincing 11 page paper on our exact topic and why it won’t work on /e/OS. It explains the security architecture with several levels and gives suggestions on how to bypass them.