This is borderline negligence for the lack of authentication and security of the app. I suppose it may just be a matter of time until someone figures out how to get access to other more critical systems in the vehicle, similar to the Tesla vulnerability from last year. It took the Tesla security researchers less than a year from when they found they could access the sound and climate systems (over similar cellular networks) to being able to flash custom firmware on-the-fly and take control of steering and acceleration / braking.