Cross Platform E2EE Location Sharing: FindFamily

I had a quick look since I’m usually interested in apps like this. I’m trying to write it so both the app author and other users get something useful from it.

The first thing I noticed is that GitHub Copilot is listed as a contributor. For me this isn’t a total showstopper, but it does make me wary. Not because AI was used in general, but because it indicates people used the GitHub web UI to make commits. Which appears to be the case here. You can see that in the commit history: look for verified commits, it normally says something like “created on GitHub.”

I’m not saying this automatically makes the product bad, but it’s usually an indicator, since it’s mostly people new to coding who use the web UI and I have yet to meet a professional to use the web UI.

I personally prefer immutable tags/releases because they can’t be changed later. I also like verified and reproducible builds, which increase trustworthiness. All of those appear to be missing, as far as I can tell.

Then I looked at the actions. Again, it’s full of “Running Copilot Cloud agents” and doesn’t include many useful code or quality checks.

Also, it’s not transparently stated in the README (or anywhere I could find) that AI was used to generate this. Which, in my opinion, is another red flag.

I then decided I had invested enough of my own time and started an AI session to assess the quality. It’s okay, I’d say and probably usable (I haven’t tested it), but not great.

Here is the output of the AI:

Security Perspective as a user (click for more details) Code Quality/Maliciousness (click for more details)