[APP][2.3+] PiLc 2.0 - Secure alternative to Google Latitude for Android
Hi guys !
PiLc is a secure location sharing platform with end-to-end encryption, so you can safely share your real-time location with your friends, and no one else.
Link : https://pi.lc
Google Play : https://play.google.com/store/apps/details?id=lc.pi
It provides a simple and straightforward user interface that hides effectively the complex operations needed to establish cryptographically secure communication channels. As a result, PiLc works just like any other sharing application and does all the critical key generations and exchanges in the background without bothering you with the technical stuff.
On the main PiLc screen, you have access to a general view of your friends locations. The PiLc app also uses your own mobile device GPS and compass (if available) to determine their distance and heading in real time.
A tap on a friend opens the map interface where you can visually locate and track them. A long press opens the friend dialog to manage your sharing preferences.
PiLc optionally uses a third party reverse geocoding service to provide a real street address instead of raw GPS coordinates to your friends. This of course could leak potentially sensitive data to the geocoding service provider (Google on Android) and that is why our default settings is to have it disabled.
Battery usage is often a problem for location tracking mobile applications, and PiLc does everything possible to consume as little power as possible, fetching location when other foreground apps ask for it and keeping the GPS on time to a strict minimum.
PiLc uses end-to-end encryption to ensure that your location data is only made available to whom you publish it for. We accomplish this by storing decryption keys on users mobile devices and nowhere else, so even the PiLc servers never store decrypted data nor decryption keys.
When you first run the app and create a PiLc account, your device generates a pair of 256-bit ECC keys and sends the public key to our servers. The private key is stored on the mobile device, encrypted using AES and a 256-bit key derived from your password using the PBKDF2-HMAC-SHA256 algorithm.
Once you have registered, your device sends periodic location updates to the PiLc servers over HTTPS. For every location update, your device generates a new ephemeral random 128-bit AES key and uses it to encrypt your location data. The ephemeral key is then published to each of your friends with whom you want to share using the ECDH key agreement algorithm. In order to prevent MITM type attacks, every public key your device fetches from the PiLc servers is authenticated using 256-bit ECDSA.