Unfortunate news:
As @Jeroen_van_den_Booga already mentioned, this was announced. I’ll translate the marketing talk about security in the article: We want money for your own data.
Here’s what I figured out: I intercepted all transactions that the app made and found one that isn’t listed in any of these other integrations: A call to https://emea.bff.cariad.digital/auth/v1/android/challenge. This endpoints gives the app a UUID that is (likely) sent to Google to and then signed with their own Google Cloud key to prove that you’re on an legit Android phone. This is why all requests outside of this Google environment fail. I cannot verify that part because the emulator that I use to intercept doesn’t have Google Play Services installed.
Anyway, since they’re planning to monetise their API (to sell you your own data), this’ll probably become a cat and mouse game between VAG and Homey/HA developers. I’m not going to participate in that. If someone finds a fix and publishes it for smart home users like us, VAG will immediately know how we did it and patch it.
It’s been a great time creating this app for you all, 1437 installs! 
I’m going to ask Homey to remove it from the store. If you’re a developer and want to know more in depth details about this issue, feel free to send me a DM.
Not happy? I found this petition to change things. English version below.
