When Bluetooth is not turned on and someone enters their car, they can freely use their phone to do what they want (the solution depends on the Bluetooth connection with the SafeDrivePod in the car).
On the other side, the security risk of Bluetooth is very very low.
There are 2 types of Bluetooth connections:
1) Bluetooth Classic, which has the most abilities but needs a Pin-code verification before the connection is made.
2) Bluetooth Low Energy, which doesn’t always need the pin-verification, but when it is not needed it also has no possibilities to do anything harmful to a device.
Then there are also attacks that don’t need a connection (BlueBorne).
Both iOS and Android have the security measures built in for this for a while now (iOS since iOS 10, which was released in 2016, Android since security fixes in September 2017).
In short, if the phones of the drivers have not been updated to the latest version, they are exposed to a lot more and often-used exploits and viruses than the BlueBorne attack.
Therefore we would definitely recommend to require drivers to update the OS on their phone.