Sure, some day Google may well drive us around. But today we drive ourselves, assisted by roughly 60 to 100 sensors per car, a number expected to mushroom to 200 per car by 2020, or 22 billion in-vehicle sensors worldwide.

While all this data has the potential to become a privacy nightmare, it also presents a quandary for developers. Our cars are already eminently hackable in the worst sense of that word, as researchers at Black Hat recently presented. But they’re also hackable in the positive sense, as Carvoyant, a Florida-based startup aims to show.

Carvoyant built a platform for developers that puts driver data first. With a tagline that would make Ayn Rand proud—”Your car. Your API. Your control”—Carvoyant just opened up a developer sandbox that allows technologists to test their apps with simulated vehicle data. That means being able to see how an in-car app will respond without having to connect it in a vehicle, finding an appropriate road with the perfect amount of traffic, and then staging a service need of some sort.

In keeping with its tagline, the plan is to open source the simulation data.

Your Car Is A Hack

While cars seem like self-contained fortresses, they’re anything but, as Selena Larson has written. As researchers Charlie Miller and Chris Valasek presented at Black Hat, the very things that make driving a pleasure—from keyless entry systems to Bluetooth-connected stereos—also make our cars permeable to outside hackers.

See also: The Smart Car Will Be Hacked

How hackable? Well, here are some of the worst offenders, with “+” signs indicating that the car is more hackable, and “-” signs indicating it is less hackable:

Credit: Charlie Miller and Chris Valasek

Suddenly that 2006 Ford Fusion is looking like a safer bet than that brand, spanking new Range Rover. And the Infiniti Q50? Forget about it.

But hackable cars aren’t necessarily a bad thing.

After all, Ford, GM and other auto manufacturers are increasingly opening up key parts of their systems to outside developers. In fact, Ford has a developer program tailored for open source developers. Other initiatives like the OpenXC Platform “use standard, well-known tools to open up a wealth of data from the vehicle to developers, even beyond OBD-II.”

In other words, our cars are going to get hacked. The key is to make sure the good guys have the right tools to do this well.

Enter Carvoyant.

Crashing Your Car In The Safety Of Your Own Home

Carvoyant’s new sandbox makes it easy for developers to build apps against automobile data without actually driving the car. Given that texting while driving is already illegal in many places, imagine what the police officer would say if she discovered you programming the car while driving. Bad idea.

As Carvoyant COO Renz Kuipers writes:

Today, if a developer wants to create a connected car app there are precious few places they can go to test it without actually connecting their own vehicle. It doesn’t take a lot to realize how inefficient and difficult this is. Plus, if the developer is using their own vehicle, that means they have to drive it to create the data they need … which means they are developing against this live data … which, itself, is kind of a problem. And it gets worse: once the developer is ready to take that finished app to market, they have nowhere to go.

In other words, today, if developers want to build a connected car app, they have to use their own car. (And if, say, they want to build an app for crash detection, the only way to do that right now is to crash their own car.) Carvoyant replicated the production environment and added the ability for developers to programmatically add simulation data.

That’s a big deal.

Still, there are at least two caveats, as Kuipers goes on to note. The sandbox matches Carvoyant’s production environment with two important distinctions:

1. It is not possible to connect a live vehicle to an account in this system; all of the data in this system is “fake.”

2. All developers have the ability to call an endpoint that allows them to create their own vehicle data; in this way, they can programmatically generate the vehicle data that they need to test their application.

Open Sourcing The Data

All of this would be interesting on its own, but it becomes more so given that Carvoyant doesn’t lock up and hoard its data.

In an earlier post, Kuipers argues that to be truly open, a developer must be able to answer the following two questions in the affirmative: “Can you get the data?Can anybody who plays nice, play?”

Carvoyant’s developer sandbox is just the start of a movement toward giving developers more control of their simulation data, but also of giving car owners real ownership of their car’s data. Today that data is owned by the car or system manufacturer. Tomorrow it really should be owned by the person driving the car.

As Kuipers notes, “To us, it just seems like common sense that the data from something that you own should be yours. Yours to keep, yours to selectively dole out as you deem fit.”

This will be welcome news to the developers who want to hack your car, and to you, the driver, who wants to control what they are allowed to do with the data.

Lead image by Oran Viriyincy