CloudKit-based architecture to solve privacy/trust problem

I am new in mobile development. I'm designing the architecture of the application that has to support sharing of geolocation data of the users with other users who use that data for the tracking. However, I would like to give users firm assurances of what and with whom they share and full control over their data.

Usually the architecture would look like the following.

  • Users grant the application the access to their geolocation,
  • The geolocation data is being stored in a database on my server,
  • The server-side application controls other users' access to this data.

Unfortunately that architecture doesn't work for me because it implies trust to my application and its full control over the user data which I want to avoid. Therefore I decided to implement architecture based on CloudKit, which keep user data in three DBs: private, shared and public. It looks for me like it allows users to request and share the location data directly to each other, bypassing my server-side application. So initially I am going to define users' location data as private. When a request for access the data is approved, then it appears amongst the shared DB records. I assume the user can revoke access anytime. Thus, I as a developer can't access the user location data until he/she shares it with me explicitly. And the trust is provided by Apple which developed CloudKit.

Since I am new in mobile development and have no experience with CloudKit in particular, I have the following questions.

  1. Do you think I can indeed solve the trust problem by using CloudKit? Is my architecture based on CloudKit doable at all?
  2. Each request for access the location data has a specific location and time properties. Using CloudKit, can I implement stopping to add new records of the location data into the shared DB when the specific location or time reached?

Thank you so much for your replies!

Hi @malbaq, welcome to the Swift forums!

These forums are for discussions around the Swift language itself and its associated core libraries. CloudKit is not a core Swift library, but is instead part of Apple's device SDKs. A much better place to ask this question would be on their developer forums: Apple Developer Forums.

(I will say that, at a high level, it is generally possible to use CloudKit in the manner you're describing, although there may be some use-case-specific things you'll need to work around.)



1 Like

It wouldn't solve the trust problem, the user doesn't really know what you are doing other than asking for permission to use location services. I've also seen multiple devs complaining about frequent partial outages of CloudKit. AFAIK CloudKit doesn't encrypt the data you upload by default and having sensitive data stored in CloudKit without encryption is just as bad as sensitive data stored anywhere else without encryption.