"Remote S", "ConneTT" and Tesla's app do the same, i.e. requires your ID/pwd to gain access, you'll have to trust the app designer that there isn't any secret sauce in the code. Having said that as these are available in Apple's app store I guess somehow they must have been checked for malicious code?