RE: Initial draft of agenda for upcoming April f2f in Munich

> Hi, I may prepare a presentation on what would be needed for Android/AOSP to be secure and safe for use in applications where safety is critical such as cars, based on my own experience in a project I am coordinating with my company and my previous research
 on the subject of mobile security in general.

JF - Are you referring to ISO 26262 certification? I think that is really the only relevant benchmark for safety-critical software in vehicles. OEMs want to have multiple displays in the vehicle and have functional safety information, like telltales, appear on any screen. This domain interaction (functional safety domain and infotainment domain) is GENIVI's focus now.

> Likewise, when it is used for in-car entertainment purposes only, I may provide my perspective on making it compatible with the upcoming GDPR (May!).

JF - This is hugely important as the EU plainly states that GDPR is relevant for vehicles. Also, the emerging idea of 'industrial data rights' in relation to vehicles is an area that ought to be addressed I believe (PDF: in relation ti GDPR. Personally I feel that W3C has not been as robust as it might have here in promulgating standards around data usage. I think the work is being done in other places. W3C needs to clarify its relevance to not just the GDPR but to other emerging IPC and display standards.

> Last but not least, if possible, I would like to invite a speaker from a German university who could provide interesting insights on the current mobile base band attack surface, OS-independent (i.e. not restricted to Android/AOSP in particular), with the  goal to identify areas that need to be improved upon, thereby avoiding scenarios like getting one's connected car stolen (or worse) with the use of a rogue/manipulated mobile network cell. I know, this is about web technology and I am considering the full stack, but since we speak about Android... Pick your favorite!

> JF - Interesting stuff and well worth discussing. But there is a lot of automotive specific security work done in other places. Firstly, each OEM has a robust security shell that they deem crucially important. Along with their own approach, they have their own service level agreements and other contractual obligations that they place on their suppliers (right to inspect, vehicle lifetime, etc.). AGL has developed its own security framework, Android obviously has its own. Hypervisors are another layer that are selling security and isolation capabilities (with containers making inroads). In addition, GENIVI has a security expert group and that group coordinates with other groups globally, like FASTR and ISAC, though the bindings to these other initiatives might benefit from greater coordination. In general I worry that there is a surfeit of standard bodies and a paucity of real standards. I wonder what the W3C hopes to do to address this?



On 03/21/18 21:56, Paul Boyes wrote:

I changed to Android in Automotive.

Paul J. Boyes |
 INRIX | Director of Telematics and Standards - OpenCar  |  206-276-9675 | |

On Mar 21, 2018, at 1:51 PM, Peter Winzell <> wrote:

HI, so we should change the agenda item from Android auto to Android Embedded/AOSP ?


Peter Winzell

2018-03-21 13:49 GMT-07:00 Peter Winzell

Sure, sounds good.

On Wed, 21 Mar 2018 at 13:21, Paul Boyes <> wrote:


You can pin that one on me.  I am seeing Android (not just Android Auto) pop up in automotive quite a bit and am interested in hearing thoughts and discussing it in relationship to the Automotive WG and experience in general.   Make sense?

Paul J. Boyes |
 INRIX | Director of Telematics and Standards - OpenCar  |  206-276-9675 | |

On Mar 21, 2018, at 11:53 AM, Peter Winzell <> wrote:

Hi Wonsuk!

I was just wondering why we are having phone mirroring(android auto) on the agenda for the f2f ? What is the idea behind that (sorry for have missed the meeting)


Peter WInzell

2018-03-06 21:34 GMT-08:00 이원석 <>:

Hi. Guys.
I made an early draft of agenda below for upcoming f2f in Munich. It’s only have input from Paul and me. So please review and let us know your view!



Stiepan A. Kovac
M Sc ICT Security
IT+Tech. Tel. Eng.

T: +41 22 734 59 96
M: +41 76 382 59 96


This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.

Received on Thursday, 22 March 2018 15:14:54 UTC