Earlier this month, some code was found in the iOS 13.4 beta for a CarKey API, or application programming interface. CarKey seems to be a system that will allow your iPhone or Apple Watch to lock, unlock, even start your car… if your car has NFC and the manufacturer partners with Apple to make it all just work.
And… it sounds great. Terrific even. But it also still sounds so limited compared to the Apple Watch future I've been dreaming about for over half a decade: The everything key.
So, the CarKey gist from the first beta was that you'd take out your iPhone, put iton your car's NFC reader, open the Wallet app, and tap to initiate a new pairing. Then, like with Apple Pay, it would have to authorize you, most likely through another app on your iPhone supplied by your car maker. So, like, a Toyota app.
That would make the pairing process pretty secure, both in terms of proximity and ownership. This means you not only have to authenticate through the app, you have to be right at the car, which makes it harder to do with stolen credentials or spoofed NFC. You'd need both, at the very least.
If the automatic setup process fails, it would fall back on a pin code so you could still finish the setup manually.
Next, CarKey would generate a virtual key and store it in Wallet, just like Apple Pay generates a virtual credit or debit card and stores that in Wallet. And, you'd have the option to share that key from your iPhone Wallet to your Apple Watch Wallet, if you have an Apple Watch. Again, just like Apple Pay.
Now, a key difference between CarKey and Apple Pay seems to be this: The availability of an express mode for CarKey on iPhone.
To use CarKey, hold iPhone or Apple Watch to reader. It will work automatically, without requiring Face ID. You can change express mode settings in Wallet.
That's a feature Apple already offers for transit passes to help make the process faster. Instead of having to Touch ID or Face ID first, or presumably maintain contact with the Apple Watch heart rate sensor, to enable it, you just have to tap as you go. Basically, you're trading the convenience of speed for the security of biometrics.
As someone who lives in a country where we've had tap-to-pay credit cards for over a decade, it was a little nerve-wracking to think if you dropped your card at the gas station, someone could pick it up and go on a short-term, low-limit shopping spree.
Apple Pay got rid of that completely by requiring biometric authentication through Touch ID or Face ID on the iPhone, or constant contact with the heart rate sensor on the Apple Watch.
The benefit is that CarKey should continue to work even if your iPhone or Apple Watch runs out of battery. And, yeah, it would be a real downer if running out of juice meant being locked out of your car.
The downside is that if you lose possession of your iPhone or Apple Watch, and presumably haven't yet remote wiped it, someone else could use it to unlock and start your car. But… that's been true of real-world car keys since… forever.
And it looks like, if security is more important to you than convenience, and you're not worried about a dead device keeping you out of your car, you'll be able to disable express mode and have to biometrical authenticate before you can go for a ride in your ride.
At first, it was unclear how CarKey would handle multi-person vehicles. In other words, families or anyone who shares a car regularly.
With the Wallet app, you can easily share regular passes, like movie tickets, just by tapping the share icon and choosing to AirDrop or messages or whatever your target. Apple Pay cards, not so much. You have to give them your device and register their fingerprint for Touch ID or give them the passcode instead of Face ID. Because there, security beats convenience. You can iMessage Apple Pay Cash, though, at least in the U.S. and let them pay themselves. And that seems to be how CarKeys will be handling sharing as well.
In iOS 13.4 beta 2, released this week, there is new functionality for sharing CarKeys over Messages. Like Apple Pay Cash, it'll only work over one-to-one messages, not group messages, so you couldn't share your keys with your entire Westworld fan chat all at once, luckily for all involved, but you could send it your spouse or partner or child, or even your friend who's boring your car for the day.
CarKey is not available in group conversations. You can send CarKey in conversations with an individual.
Presumably, hopefully, there'll be options for expiry, from never or manual for your immediate family to an hour or end of day, like Location Sharing already offers in iMessage.
So, what else could I possibly want?
Why, HouseKey of course.
Way back in 2014, before the Apple Watch was even announced, I said the killer feature was going to be convenience. Logging fitness activity, controlling HomeKit, alerting through notifications, and authenticating for things like tap to pay.
We got Apple Pay fast enough, but not much else, not for a long while.
Aloft, the hotel chain, tried a clever workaround almost immediately, at least in a few locations like Cupertino. You put an app on your iPhone or watch and then, to prevent your hotel room from unlocking when you were too far away, you held it up to the door and the metal would deform an electromagnetic field, and that plus the signal from the app would unlock. Again, clever workaround but still a workaround.
Internally, at Apple Park, Apple began using iPhones and Apple Watches in place of traditional security cards. They also rolled out the system to a few schools, and have been growing it out as part of their student ID program ever since.
There have been a good amount of HomeKit locks as well but they're nowhere nearly as elegant as what Apple's doing with CarKey.
You can use Siri or the Home or vendor app to lock and unlock, and some offer proximity unlock as well, but nothing as precise as NFC.
And they're also glitchy. I have an August lock and, when I switched to my new phone, the lock only shows up in the August app like once every couple of weeks and it's a pain in the apps to reset it, so mostly I've just gone back to using my key, like an animal.
I've had that problem with rental cars as well, where I got NFC fobs instead of keys and had the car fail to detect it to the point where I had to abandon it at the side of the road and demand an actual key car replacement.
So, yeah, this stuff is still all shades of hella buggy and the Battlestar Galactica approach — all analog, all the time, is often still the safest.
But I'm me and I still want more.
Part of the issue with HomeKit locks, I think, is how locked down Apple has kept NFC on the iPhone. For security and maybe just overall control issues, Apple doesn't let developers do just anything they want with it. They've added reading functionality over the years but I don't believe it's anywhere near wide open. And I don't believe I want it to be either, given the attack vector it creates.
What I do want is a HomeKey API similar to the CarKey API that would let the lock-making companies do exactly what the car companies are going to be able to do — provide much better, more convenient, more secure, more robust functionality for those of us who really do want our iPhones and Apple Watches to be our keys. Not just for cars but for everything.