App developers at Nissan appear to have copied code from Stack Overflow and pasted it into the NissanConnect EV app, which had previously been taken offline due to security concerns. The app allows owners of Nissan’s electric cars like the LEAF and the eNV200 to remotely “manage your vehicle and control many frequently used features directly from your iPhone,” according to its description on Apple’s App Store.
Reports of the copied code began circulating last week, when a user on a forum for electronic-vehicle enthusiasts posted a strange message found in the NissanConnect app settings. The message was under the options for when to enable location services: “App Explanation: The sprit of stack overflow is coders helping coders.”
The user added, “‘sprit’ is not a typo on my part.”
The next day, security consultant Scott Helme posted a screenshot of the settings page to Twitter, which included the message:
Helme told Quartz that, as of Monday morning, the message was still present.
To put this in context, it’s kind of like copying something from Wikipedia into a term paper and forgetting to take out the bit that says “citation needed.” Actually, since this error made it all the way to the App Store, it’s more like a published article or book than a term paper. And it’s even worse than that because Nissan previously had to take the app offline after a security researcher found he could easily hack into it.
It’s not uncommon for developers to copy code from Stack Overflow. The question-and-answer website for programmers contains billions of answers to hyper-specific questions, many of which include code snippets. The snippets might be one line of code or 100, so the amount of code copied can vary widely.
Technically, many code snippets copied from the site and pasted into a project are supposed to be attributed to the source, according to Jay Hanlon, Stack Overflow’s vice president of community. But that depends on how long the snippets are, and how original.
“A lot of code on SO is probably short and not creative enough that it may not require licensed rights for re-use,” Hanlon said.
According to Helme, who posted the screenshot of the Nissan app, the problem isn’t so much that code was copied from Stack Overflow, but that the customer-facing message made it through quality assurance.
“The main point really isn’t that the code was taken from SO, I think most of us would agree it’s a great resource and have probably used it,” Helme wrote in an email. “The problem is that the code has obviously been used without fully understanding what it did or without any proper review or QA (Quality Assurance). Something like that should have never made it to production, it’s a glaring mistake.”
Nissan did not respond to a request for comment.