Nearly – Family Location Sharing Without the Data Harvesting

1 & 2. Transport is encrypted via HTTPS/TLS. Device pairing happens over the local network and is end-to-end encrypted. I have experience implementing high-grade data protection in other projects - but here the server fundamentally needs to know the location to do its job: nudging devices Android might have put into doze mode and evaluating geofence rules server-side. Full E2EE would break that. To be transparent - as the server operator I can query the database, so location data is visible to me at the infrastructure level. That’s a real architectural constraint, not a convenience trade-off.

1. Fair request - a direct APK download is something I can add. It’s not complicated, I just used the Play Store as it automatically selects .aab per users device architecture which also reduces install/update size.

2. I can’t guarantee zero vulnerabilities in dependencies - nobody can honestly. I use latest stable sdk/libraries and keep an eye if any gets reported.

3. Legitimate concern and I won’t argue against it. Closed source requires trust by definition. I can only be transparent about how it works when asked, which I’m happy to do.