A computing platform of a vehicle may receive a request, from a mobile application accessing a secure vehicle function, to create a secure tunnel between the computing platform and the mobile device; retrieve an application certificate from the mobile application; and validate the creation of the secure tunnel using the application certificate and a module certificate from a local policy table of the computing platform. A mobile device, connected to a computing platform of a vehicle may execute a mobile application requiring a secure vehicle function; send a request to create a secure tunnel with the computing platform responsive to access of by the mobile application of the secure vehicle function; and send to the computing platform an application certificate corresponding to the mobile application to validate creation of the secure tunnel.