Officer-safety platform for a state law-enforcement agency
Cross-platform mobile, framework-free Go relay, spec-driven black-box UAT — engineered to keep working when an officer needs it most.
Sector
Law Enforcement
Scale
~17,000 sworn officers; ~5,500–6,000 peak concurrent users
Role
Architect, principal engineer, mobile + backend lead
Timeframe
2024 – current
Challenge
A state law-enforcement agency needed an officer-safety platform across iOS and Android: duress alerts, fall detection, welfare check-ins, Bluetooth push-to-talk integration with a third-party hardware button, and reliable forwarding to an existing dispatch system.
The hard parts were not the features. The hard parts were the non-functional realities: iOS aggressively kills background processes; the duress hardware uses a custom BLE GATT service that needs persistent connection; an officer in distress is exactly the time when connectivity is least reliable. Existing solutions either didn't survive backgrounding, didn't handle the duress hardware, or coupled the mobile clients so tightly to a specific backend that swap-out was impossible.
Approach
A three-tier architecture, native everywhere it mattered, and engineered for the failure modes specifically.
On iOS, native Swift/SwiftUI with ActivityKit Live Activities for visible in-progress duress states, the Apple Location Push Service Extension for genuine background location updates (silent push is rate-limited and unreliable for safety-critical work), and a durable on-device outbox so a duress alert begun on the platform survives the connectivity dropping mid-send. App Groups and Keychain coordinate state between the main app and the location-push extension.
On Android, native Kotlin and Jetpack Compose with a foreground location service, Hilt for dependency injection, Room for local persistence, and WorkManager for retryable delivery work. The same on-device outbox discipline as iOS.
The middleware relay is framework-free Go — net/http only, no web framework footprint. JWT authentication, SQLite WAL persistence, end-to-end APNS push pipeline, an embedded go:embed admin SPA so the operator-side tooling ships in the same binary as the relay. HTTPS forwarding to the upstream dispatch platform.
The whole lineup is gated by an independent black-box UAT suite — Bun, Cucumber, and Maestro for mobile flows — with @spec trace comments linking each test back to its SRS clause. CI release gates are spec-traced, not subjective.
Key Decisions
- 1Native mobile on both platforms — backgrounding behaviour and platform safety APIs cannot be reliably abstracted
- 2Apple Location Push Service Extension over silent push — silent push is rate-limited and unreliable for safety-critical
- 3Framework-free Go on the relay — minimises supply-chain audit surface
- 4On-device durable outbox — a duress alert must succeed even if connectivity drops mid-send
- 5Independent UAT suite traced to SRS — release gates are factual, not subjective
Outcome
Production deployment in the agency's environment. Multi-thousand-device fleet under live operations. Spec-traced UAT suite gates every release. Mean time to duress-alert acknowledgement is measured against an operational target, not against best-effort.
Stack
Technologies
iOS — Swift · SwiftUI · ActivityKit · Location Push Service Extension · App Groups · Keychain · XcodeGen | Android — Kotlin · Jetpack Compose · Hilt · Room · WorkManager · FusedLocationProvider | Backend — Go (net/http, framework-free) · JWT · SQLite (WAL) · APNS · go:embed admin SPA · HTTPS upstream forwarding | UAT — Bun · Cucumber · Maestro · JSON Schemas · spec-traced @spec comments | Hardware — BLE GATT push-to-talk integration
Standards & Methodologies
IEEE 29148 (requirements) · IEEE 1012 (V&V) · IEEE 29119 (testing) · ISO/IEC 25010 · BDD (Gherkin) · BLE GATT · Apple background-mode guidelines
Related Projects
Have a safety-critical mobile product where 'mostly works' isn't enough?
Book a discovery call