DEV Community

NexusDriftStudio
NexusDriftStudio

Posted on

No Cloud, No Account: Why We Chose On-Device for Our Screen-Time App

#privacy #android #programming

When we started building an Android screen-time blocker, the obvious design was a cloud account: sync your block list across devices, backup your stats, send a daily report to the parent. The only problem is that this is exactly what every screen-time app already does, and exactly what people do not trust.

So we went the other way: no account, no server, no analytics SDK, no remote config. Everything — the block list, the focus budgets, the step counts, the streaks — lives in the app's private storage. Uninstall the app and the data is gone with it. There is no account to delete, because there is no account.

What this means in practice

  • No cross-device sync. If you have two phones, you set the rules twice. We consider this a feature, not a bug: a screen-time app should be local to the device it is supposed to be watching.
  • No "find my phone" anti-tamper cloud beacon. Uninstall protection is a device-side PIN plus a strict-mode accessibility service. We do not phone home when someone tries to disable the app.
  • No remote A/B tests, no kill switches, no "we updated the rules, please reopen the app" pushes. The app you installed is the app you keep.
  • No parent dashboard on a server. If you want to see what your kid blocked this week, you look at the device. That is a tradeoff we accept.

What we had to give up to get this

Honestly, the list is longer than the list of features. We gave up:

  1. Engagement metrics. No DAU, no retention funnel, no cohort analysis. We get only the Play Store install count. Most of our decisions are now made on the basis of reviews, support emails, and a few friends.
  2. A copy-protection story. Without a backend, we cannot phone-home-validate licenses. The paid ad-free tier uses Play Store billing and the in-app purchase is the source of truth.
  3. The ability to ship "personalised" features. We cannot learn from your block list what to suggest next. Suggestions are a static list that ships with the app.

What we kept

  • A real screen-time lock with hardware-backed step counter, no GPS, no location permission.
  • A focus score and streak view, computed locally from the local database.
  • A privacy page that is one screen long, in plain English, and that we will not silently change.
  • Export-to-JSON for the data, so a power user can back it up to their own cloud.

The rule we work by

If a feature would require sending data off the device, it does not get built. That rule has killed about a third of the features we considered in the first sprint, and it has made the privacy page one paragraph long.

It is not the only way to build a screen-time app, and for many users an account-based app is the right call. For us, for this product, no-cloud-by-default is the position we are taking. We will see if it is a tenable position in 2026.

The app is StepShield Pro on Google Play. The privacy policy is at nexusdriftstudio-a11y.github.io/steplockprivacy.html.

Top comments (0)