DEV Community

Ethan
Ethan

Posted on

Privacy Is Not a Feature — It's Architecture. How Swipe Cleaner Processes Everything On-Device

Disclosure: I work on Opennomos, the ecosystem behind Swipe Cleaner.

Last week, I watched someone install a photo cleaner app, grant it full photo library access, and hit "Clean" — all without realizing their entire camera roll was being uploaded to a server in a different jurisdiction.

This isn't an edge case. It's the default.

The Architecture Problem

Most iOS photo cleaners follow the same pattern:

  1. User grants photo library access
  2. Images get uploaded to a cloud server
  3. Server-side ML models detect duplicates, blur, and screenshots
  4. Results come back to the app
  5. User deletes suggested photos

The problem? Step 2. The moment your photos leave the device, you've lost control. No privacy policy can undo that.

Swipe Cleaner's Approach: Zero Data Exfiltration

Swipe Cleaner is 4.7MB. Everything happens on your iPhone:

  • Duplicate detection runs against on-device perceptual hashes
  • Blur detection uses Core ML models running locally
  • Screenshot classification uses on-device heuristics
  • Similar photo grouping computes feature vectors in-process

No API calls. No cloud processing. No analytics that include photo metadata.

What "Privacy Architecture" Actually Means

Privacy-as-architecture means three things:

1. The Network Is Untrusted by Default

Swipe Cleaner doesn't make network requests related to photo processing. The only network calls are for optional things like checking for app updates — and those don't include any user data.

2. Processing Happens Where the Data Lives

Core ML, Vision, and Metal run on the same chip that stores your photos. There's no latency from network round-trips, and no exposure from data in transit.

3. Privacy Can't Be "Turned Off"

When privacy is a feature toggle, it can be accidentally disabled, changed in an update, or removed under pressure. When privacy is the architecture, there's nothing to toggle. The data path simply doesn't include an exit.

The Trade-off

On-device processing means:

  • The app has to be efficient (4.7MB isn't an accident, it's a constraint)
  • ML models need to be optimized for mobile (smaller, quantized, Metal-accelerated)
  • Some cloud-only features (like "tell me what's in this photo") aren't possible

But here's what I've learned: users don't actually want cloud processing. They want their photos organized. If you can do that locally, the "trade-off" disappears.

Why This Matters Now

Apple's privacy labels have made data collection visible, but they haven't changed the default architecture. Most apps with "No Data Collected" labels still process user content on remote servers — they just argue that "processed" data isn't "collected" data.

That distinction doesn't hold up. If your photos touch a server, that's collection. Period.

Swipe Cleaner takes the harder path: build everything on-device, accept the engineering constraints, and let the architecture speak for itself.


Swipe Cleaner is part of the Opennomos ecosystem. If you're building privacy-first tools, check out opennomos.com.

Top comments (0)