The instruction manual mentioned a firmware upgrade which had an interesting way of connecting to the internet. So when the dongle is connected to a power source you can connect to it via Wifi and an IP address in your browser. Now in the dongle's web UI, there is a button to upgrade your firmware. But how does this work when the dongle is not connected to the internet at all?
Well as I learned, the dongle simply uses the iPhone's mobile connection to send/receive data from the internet. I wasn't aware this is even possible and there doesn't appear to be a way to stop this or be notified of an active connection (aside from the wifi connection obv).
Now my concern is: when the dongle is connected to the iPhone in the car, is there a way for the dongle to use the same mechanism and send Carplay data (messages, contacts, etc) to a remote server using the iPhone's mobile connection?
You can determine this by checking the WiFi network's properties after the connection is established. If there's no value in the "Router" field, that's how it works.
Once you load the firmware update page, JavaScript on the page instructs the browser to fetch the firmware payload from a server on the public Internet, then relays that data to the dongle's web server to execute the firmware update process.
As the other reply mentioned, this can be tricky, as CORS likes to prevent this kind of data transfer for security reasons, the right configuration on the web server will make it work.
It's a fairly clever setup.
If you want a low-tech way of confirming this design, try running the firmware update with a device that doesn't have two network connections, like a laptop, instead of a cell phone. If it doesn't work from such a device, the scenario I described above is probably how it works.
If you do install an update, make sure you reopen its' web portal and confirm the version number is different to what it was before. If it hasn't changed from before, you'll have to wait a while as its still flushing bytes to its flash memory, and if you accidentally trigger an update again here, you'll be left with a brick (speaking from experience).
Depending on the device you bought, you might also be able to flash custom firmware on it: https://github.com/ludwig-v/wireless-carplay-dongle-reverse-...
I never could get the upgrade to work when connected to my phone. I did get it to work connecting my PC to the dongle (which acts as a wifi access point). My PC then loaded the firmware in a desktop browser window as I was connected to Ethernet and the dongle at the same time. I may have had to set some up routes manually.
They absolutely should not get Internet access through the phone. I really hope it doesn't work that way! I searched quite a bit but could not find a definitive answer.
Edit: I read the other replies and it makes sense. The browser on your phone can make a request over wifi and over cellular, so really the browser would do the fetching over the internet, not the device.
But is it happening? Who knows. Maybe it doesn't now, but a future firmware update will. Who knows. Given your wise threat model, I'd avoid buying stuff from AliExpress.
I guess if you have a wireless charging pad in your car, then that's a little bit more convenient. But the big inconvenience for me is just to have to take it out of my pocket in the first place, not to plug it into the car. (And my car does have wireless charging, but my phone rarely seems to sit on it stably enough for it to charge all that well.)
To get fully back on topic: sure, a wireless dongle could exfil data, but unclear what data is all that valuable. The car (and thus the dongle) just gets video and audio streams, not the actual textual content of your text messages, for example. Sure, it could try to OCR the video and/or do voice recognition on the audio, but those are fairly computationally expensive. And sending all that video to a remote server would be... a lot.
This is nothing new. Some websites split the content between html, javascript and api access. To limit the requests coming from websites there is CORS, an allowlist of the API. But this requires that an webpage is open to the dongle and you don't run into cors problems.