Location sharing apps raise legitimate security concerns, and that's completely natural and expected. Geographic location is one of the most sensitive types of data because it reveals your actual physical presence, and if it falls into the wrong hands, it can cause serious problems. In the Tammeny app, security was the highest priority from the very start. From data encryption to access control, every design decision was driven by security considerations.
The first thing I thought about was: how do I protect location data in transit? The answer was clear — mandatory HTTPS encryption for all connections. But that's not enough. Even if the connection is encrypted, if the server stores location as plaintext, anyone who accesses the database will know your location. That's why I used additional application-level encryption. Location gets encrypted before being stored in the database, and the encryption key is kept in a secure location separate from the database.
The second challenge was: who can see the location? In Tammeny, the user determines who can see their location. Every share has clear permissions: either a specific person via a temporary link, or family members in the family circle. The system ensures every location view request is validated — there's no way to bypass permissions and see someone's location who hasn't shared it with you.
Temporary sharing links were a core concept. The user chooses the duration: 15 minutes, 1 hour, 3 hours, or a full day. After the duration expires, the link automatically deactivates and no one can access the location anymore. The app uses encrypted tokens (JWT) with expiration dates. Even if someone tries to use the link after expiration, the server rejects it immediately.
Instant sharing stop was a fundamental requirement. The user must be able to stop sharing their location at any moment with a single tap. When the user presses "Stop Sharing," the app deletes the active token and broadcasts an event to all followers that the location is no longer available. This entire process completes in under a second.
Another challenge I faced was battery consumption. Continuous location tracking drains the battery quickly. The solution was to implement a smart system that changes the update frequency based on battery status. If the battery is above 50%, updates happen every 10 seconds. Below 50%, every 30 seconds. Below 20%, every minute. I also used Significant Location Change instead of Standard Location when the app is in the background.
One of the most important lessons I learned in the Tammeny project: security isn't a feature you add at the end — it's an integral part of the design from the start. If you start building the app and then think about security, you'll have to rewrite large portions. I also learned that user experience and security aren't contradictory — you can build a secure and user-friendly app at the same time if you think about both from the beginning.
A final piece of advice: test your security system yourself. Try to bypass the protection, try to use a link after expiration, try to access someone's location who hasn't shared it with you. This self-testing will reveal vulnerabilities you didn't expect. In Tammeny, every vulnerability I discovered through self-testing, I fixed before the app was published.
Top comments (0)