github owntracks/ios 26.2.2
Security enhancements
on GitHub

4 hours ago

OwnTracks 26.2.2 iOS/ipadOS

  • Release Date 2026-04-30

Security

This release addresses a security advisory covering several intent-handling and remote configuration vulnerabilities.
Users are strongly encouraged to upgrade. Thanks to Noel Gomillion & Pranati Majhi
at Texas A&M for working with us on this.

  • External configuration loading (via owntracks:// URLs and config files) is now disabled by default and must be explicitly enabled in Settings
  • A confirmation dialog is shown when enabling external configuration, warning that any config URL can fully reconfigure the app
  • All intents/shortcuts now require a shared secret (Intent Auth Key) in every intent, preventing unauthorised apps from triggering location publishes or changing monitoring mode. The Intent Auth Key is created once when the app is installed.
  • Security-related preferences (allowConfigurationByURIAndConfigFile, allowIntentControl, intentAuthKey) cannot be changed via imported config files or URLs

New features

  • New Remote Control preferences screen showing the intent auth key (with a copy-to-clipboard function) for use with shortcuts. The Intent Auth Key is created once when the app is installed.
  • A new setting remoteConfguration controls (defaults to off)
  • Config import screen now shows a structured diff of what is changing

Under the hood

  • [NEW] UI implemented in Swift
  • [NEW] replace Cocoapods with swift packages
  • [NEW] replace Cocoalumberjack with os_logger
Check out latest releases or
releases around owntracks/ios 26.2.2

Don't miss a new ios release

NewReleases is sending notifications on new releases.

Get notifications