I am new in mobile development. I'm designing the architecture of the application that has to support sharing of geolocation data of the users with other users who use that data for the tracking. However, I would like to give users firm assurances of what and with whom they share and full control over their data.
Usually the architecture would look like the following.
- Users grant the application the access to their geolocation,
- The geolocation data is being stored in a database on my server,
- The server-side application controls other users' access to this data.
Unfortunately that architecture doesn't work for me because it implies trust to my application and its full control over the user data which I want to avoid. Therefore I decided to implement architecture based on CloudKit, which keep user data in three DBs: private, shared and public. It looks for me like it allows users to request and share the location data directly to each other, bypassing my server-side application. So initially I am going to define users' location data as private. When a request for access the data is approved, then it appears amongst the shared DB records. I assume the user can revoke access anytime. Thus, I as a developer can't access the user location data until he/she shares it with me explicitly. And the trust is provided by Apple which developed CloudKit.
Since I am new in mobile development and have no experience with CloudKit in particular, I have the following questions.
- Do you think I can indeed solve the trust problem by using CloudKit? Is my architecture based on CloudKit doable at all?
- Each request for access the location data has a specific location and time properties. Using CloudKit, can I implement stopping to add new records of the location data into the shared DB when the specific location or time reached?
Thank you so much for your replies!