Breaking Change
- Stricter TLS trust - User-installed CAs from Android Settings -> Encryption & credentials are no longer trusted by Colota. If your sync endpoint uses a self-signed or private-CA certificate that you previously trusted via system Settings, sync will fail until you re-import the CA via the new mTLS Settings -> Trusted Server CA flow. Publicly-trusted certificates (Let's Encrypt etc.) are unaffected.
New Features
- Encrypted backup and restore - Bundle your locations, settings and credentials into a single password-encrypted
.colotafile you can store anywhere. Restore on the same device or migrate to a new one. There is no password recovery, so use a password you won't lose. - mTLS client certificate support - Authenticate to your server with a client certificate at the TLS handshake. Pick a cert already installed in Android's KeyChain or import a
.p12/.pfxfile directly. Useful when your reverse proxy enforces mTLS. - Self-signed and private CA support - For self-hosters running their own CA, import a Trusted Server CA in the new mTLS Settings screen. Trust is scoped to Colota only
- Import location history from external files - Merge GeoJSON, Google Timeline, GPX, KML and CSV files into your existing history. Duplicates are skipped, the preview shows any invalid rows and the import can optionally be queued for replication to your sync backend.
- GPS position-jump filter - Filters out the rare GPS glitch where a single point appears many kilometres off your actual route. Works automatically and doesn't affect normal tracking.
Bug Fixes
- Removed "Delete Queue" button - Cleaned up the offline-mode switch dialog. The same action remains accessible via Data Management -> Clear Queue
Full Changelog: v1.8.0...v1.9.0