FAQ
Why do I need TeslaKee?
TeslaKee provides a secure, privacy-focused alternative to the official PhoneKey. It uses on-device geofencing, motion detection, and time-based policies to protect against BLE relay attacks, ensuring your vehicle remains secure even when you are nearby.
Should I activate PIN2Drive?
While TeslaKee significantly reduces the risk of relay attacks, activating PIN2Drive adds an extra layer of security and is generally recommended for maximum protection of your vehicle.
How should I use the app?
Use the official Tesla app for all data connection features, like checking vehicle status or climate control from afar. However, make sure the official app is NOT set up as a PhoneKey. Instead, configure and enroll TeslaKee as your PhoneKey, and delete your official app’s key from the vehicle’s locks menu.
How does TeslaKee work?
TeslaKee uses the Android StrongBox Keystore to securely store your cryptographic keys. It communicates directly with your Tesla via local Bluetooth Low Energy (BLE), requiring no internet connection. To prevent relay attacks, the app actively monitors your device’s motion and location, only enabling the passive entry broadcast when you are physically moving and within authorized geofences.
Can weather affect the Altitude Lock policy?
Yes. The Altitude Lock policy rule uses your phone’s barometric pressure sensor to detect whether you are at roughly the same altitude as when the vehicle was last locked. Barometric pressure is heavily influenced by weather — a low-pressure system moving in can make the sensor report an altitude several dozen meters higher than reality, even though you haven’t moved. A high-pressure system has the opposite effect.
If you find the Altitude Lock rule blocking passive entry while you are standing right next to the car, the most likely cause is a recent weather change. You have two options:
- Increase the Tolerance setting on the Altitude Lock rule (under Policy → Altitude Lock) to a value that comfortably exceeds your local weather variability — typically 20–30 m is enough for most climates.
- Lock and unlock the car once to refresh the altitude baseline against the current barometric pressure.
The rule is most useful as an Optional policy contribution, paired with other checks (geofence, last-lock cell IDs, etc.), so that a weather-related fluctuation doesn’t single-handedly block legitimate entry.
Does TeslaKee require Google Play Services?
No. The Android version of TeslaKee does not depend on Google Play Services, Firebase, or any other Google-proprietary library. It talks to your Tesla directly over local Bluetooth Low Energy, evaluates every policy on-device, and uses only the standard AOSP platform APIs for location, sensors, and cellular cell IDs.
This means TeslaKee works out of the box on de-Googled Android distributions such as GrapheneOS, CalyxOS, LineageOS, /e/OS, and similar privacy-focused builds — no microG, no Aurora Store workaround, no compatibility shims. Install the APK, grant the runtime permissions (Bluetooth, location, sensors), and the full feature set is available.
How can I keep the official Tesla app for remote commands while using TeslaKee?
Tesla unfortunately couples the BLE phone-key and the Fleet API in a single app: if the official Tesla app’s phone-key disappears from the car (or you delete it on the touchscreen), the app also deletes its key from its internal keystore and stops offering most remote commands — remote Lock/Unlock, Summon, climate, charge control.
The workaround is to leave the official app’s phone-key registered on the car so its Fleet API feature gate stays satisfied, but revoke the official app’s Nearby devices permission on Android so it can no longer use BLE. TeslaKee then handles all local BLE traffic; the official app keeps offering remote commands over the internet.
Prerequisites
- TeslaKee is installed and your TeslaKee key is enrolled on the car (visible under Locks → Phone Key).
- The official Tesla app is installed, signed in, and its phone-key is still enrolled on the car. If you’ve already deleted it, re-add it via the official app’s Security → Set Up Phone Key flow first.
Steps (Android 13+)
- Open Android Settings (the system Settings, not the Tesla app’s own settings).
- Go to Apps → See all apps → Tesla (on Samsung One UI: Apps → Tesla).
- Tap Permissions.
- Tap Nearby devices.
- Choose Don’t allow and confirm. Only the official app’s BLE access is disabled — its cloud features keep working.
- Back on the Tesla app’s detail page, tap Force stop.
- Optional: reboot the phone so the OS fully drops any cached BLE bond.
Verifying it worked
- Walk up to the car carrying the phone — TeslaKee should connect and unlock as you reach for the handle.
- Open the official Tesla app — live status (charge level, climate, location) and remote commands (Lock, Unlock, Honk, Climate, charge-port) still work over the internet.
Caveats
- After Tesla app updates, double-check that Nearby devices is still Don’t allow — some OEMs (notably Samsung) silently re-grant permissions on update.
- The official app may show a “phone key unavailable” or similar banner. That’s expected and harmless; cloud features keep working.
- This is not a Tesla-supported configuration. Tesla can change the app at any time such that revoking Nearby devices also disables Fleet API features in the UI. If you notice that, please let us know so this guide can be updated.
TeslaKee - Secure Passive Entry