Security#

OwnTracks and its associated utilities have been designed foremost with data privacy in mind. We think your location or that of your family members and friends is something only you respectively they should know about. While we cannot help you (or ourselves for that matter) protect against NSA snooping, we do our best to protect your data from other people's eyes.

  • If your broker supports it, and if you configure OwnTracks to do so, OwnTracks uses MQTT over TLS when connecting to your broker. (We configure this and passwords automatically for you in quicksetup.)

  • The apps support authenticating to the MQTT broker with username and password which can be as strong (or as convoluted) as your broker supports.

  • In HTTP mode, the apps provide support for HTTP basic authentication with TLS.

  • Credentials you configure (i.e. username and password) are thus protected from snooping, at least until they get to your broker. The same applies to location data our app transmits.

  • The apps support using TLS client certificates for authentication to the MQTT broker.

  • The apps have optional support for payload encryption for privacy.

  • The apps do not send location data to any server until that server has been configured by the user (i.e., there is no preconfigured demo server).

  • The apps do, however, perform reverse geo location lookups.

    • For iOS these lookups are submitted to the Apple Maps infrastructure, and as reverse geo-coding is rate-limited on the iPhone we do not use it for all sent locations, but only when a location is displayed on user request, e.g. on the Friends page.
    • On Android the requests are performed via Google Play services for the non OSS release. This configuration can be optionally changed by configuring Android to use OpenCage as reverse geo location provider. This functionality cannot be disabled.