The Blueprint.

On its own, any single sensor reading can be spoofed. Together, they triangulate truth. Every five minutes (or earlier on significant events), PRAMA quietly fuses these six streams into a single SHA-256 hash called the Superhash.

• GPS/ 01
  lat / lon · ±0.4 m

  Your position. Fast to lock, easy to spoof on its own, so it never travels alone.

• Wi-Fi BSSIDs/ 02
  up to 12 networks

  Hardware MAC addresses of surrounding routers. Each one is a fixed physical anchor.

• Cell towers/ 03
  MCC / MNC IDs

  Carrier identifiers. Bouncing these requires actual RF gear, not software.

• Bluetooth/ 04
  proximity beacons

  BLE devices within range: laptops, headphones, retail beacons. A passive crowd.

• Barometer/ 05
  altitude · hPa

  Air pressure. Catches floor changes inside multi-storey buildings GPS can't see.

• Biometric state/ 06
  Face ID · HR

  Last Face ID unlock + a live Apple Watch heartbeat. Proves a human was holding it.

Five tightly-coupled modules ship inside the app. Together they form a self-sufficient personal black box. Sensor capture, cryptography, storage, and legal PDF export all happen on the device. The cloud is just the receipt counter.

1. Layer 01Flutter · Dart

   Mobile UI

   What you see. Onboarding, dashboards, the privacy panel, and the export button. Pure presentation. It never touches a cryptographic key directly.

2. Layer 02Kotlin · Swift

   Hardware bridge

   Native OS code that runs as a foreground service on Android and an event-driven listener on iOS. Its only job is to ask the OS for raw sensor readings and pass them down.

3. Layer 03Rust · FFI

   Crypto core

   The brain. SHA-256, AES-256, Curve25519 / ECDH, PDF formatting. Compiled to ARM64, called through `flutter_rust_bridge` so the math is byte-identical on iOS and Android.

4. Layer 04SQLite · SQLCipher

   Local vault

   Your full chronological timeline, AES-256 encrypted, sitting on the device. It doubles as the offline sync queue; snapshots get written here when there's no signal.

5. Layer 05Rust · C2PA

   Legal export

   Turns hashes into a court-ready PDF. C2PA metadata is injected directly into the file so any provenance-aware tool flags it as hardware-verified.

On Day 1, your phone generates a 12-word seed phrase. From it, the Rust core derives an AES-256 master key. We never see that key and cannot reconstruct it. Your timeline is encrypted with that key before it ever leaves the device. Here's the honest accounting of who holds what.

Five attack vectors come up over and over against alibi systems. Each one is closed by a specific architectural choice, not by a runtime heuristic that could be tuned around. The honest version names both sides.

• Threat · 01

  GPS spoofing

  A $5 USB emulator can rewrite your coordinates to anywhere on Earth.

  Defense

  Multi-modal sensor fusion

  Spoofing one signal is cheap. Simultaneously faking a coherent ring of 12 surrounding Wi-Fi BSSIDs, cell-tower MCC / MNC IDs, and a barometric pressure trace requires physical RF infrastructure. The Superhash binds them together.

• Threat · 02

  Time tampering

  The device clock is editable from Settings. An attacker rolls it backward to fabricate a past alibi.

  Defense

  Cloudflare Roughtime + hardware monotonic clock

  Every online snapshot fetches a cryptographically-signed UTC from Roughtime, bypassing the OS clock entirely. Offline, PRAMA uses the device's hardware monotonic clock to measure exact elapsed time since the last anchor.

• Threat · 03

  Software emulator

  An attacker writes a Python script on a laptop and posts millions of fake payloads to the API.

  Defense

  Hardware attestation, ingress

  Every payload carries a live Apple App Attest or Google Play Integrity token. The ingestion service mathematically verifies the call came from real silicon. Emulator payloads are dropped at the gateway, never touch the database.

• Threat · 04

  Phone left behind

  Adversary leaves the device in an office to manufacture an alibi while operating elsewhere.

  Defense

  Continuous biometric binding

  Each snapshot is bound to a recent biometric event: a Face ID unlock, an Apple Watch heart-rate reading, or a wrist-detection signal from WearOS. No biometric activity, no signature, no proof.

• Threat · 05

  SIM swap

  Hacker swaps your phone number, signs in via Keycloak with the OTP, tries to post forged snapshots under your identity.

  Defense

  Ed25519 signature from seed

  Every payload is signed with an Ed25519 private key derived from your 12-word seed on Day 1. The attacker doesn't have the seed. The signature fails verification. The payload is rejected before it reaches the queue.

Cryptographic primitives with decades of peer review. Export formats matched to the actual evidence statutes of each jurisdiction. No proprietary "black-box" detection model to defend in cross-examination.

• United States

  Daubert Standard

  Requires

  Scientific evidence must be testable, peer-reviewed, with a known error rate, and accepted by its scientific community.

  PRAMA satisfies

  PRAMA relies entirely on open-source primitives: SHA-256, Merkle trees, Curve25519. Decades of peer review, error rate effectively zero. No black-box detection AI to defend.

• India

  Bharatiya Sakshya Adhiniyam (BSA), 2023 · §63

  Requires

  Electronic records need a certificate stating the device identifier, hashing algorithm, and verification path before they're admissible.

  PRAMA satisfies

  `prama-legal-export` auto-generates the §63 schedule: device IMEI, SHA-256 spec, the full verification trail. The schedule is appended to every exported PDF.

• EU / India

  GDPR · DPDP Act

  Requires

  Absolute data minimization. No central honeypot of personally identifiable information.

  PRAMA satisfies

  The central ledger stores only encrypted blobs + Superhashes. The identity service is physically isolated from the ledger. A full breach yields no PII, no plaintext, no map from hash to person.

• Global media

  C2PA · Content Provenance

  Requires

  Cryptographically-signed manifests embedded in media files, recognizable by C2PA-aware tools.

  PRAMA satisfies

  Exported PDFs carry C2PA metadata injected at the Rust core. Browsers, newsroom CMSs, and social platforms with C2PA support flag the file as hardware-verified provenance.

Long-form alibi systems break the moment a single edge case isn't handled. Battery, dead zones, lost devices, hostile network actors. Each has an explicit answer, not a hope.

1. Scenario · 01

   Your phone runs out of battery.

   Background snapshots are designed to be invisible. The Rust core finishes each one in roughly three milliseconds and instantly puts the thread back to sleep, fast enough to slip under iOS and Android background limits.

   / KPI · < 2% battery drain per 24 hours

2. Scenario · 02

   You're in a basement with no signal.

   Snapshots keep firing on the same five-minute cadence and queue inside the encrypted SQLite vault. The instant connectivity returns, the mobile app drains the backlog and syncs in bulk. No gap in the timeline.

   / SQLCipher vault doubles as offline sync queue

3. Scenario · 03

   You lose your phone.

   Buy a new one, reinstall, type your 12 words. The AES blobs download from the server, decrypt on-device with the key your seed phrase derives, and your full encrypted history is back. The server never saw any of it in plaintext, and yet you got everything back.

   / 12-word seed → AES key via HKDF · zero server-side decryption

4. Scenario · 04

   You lose your 12-word seed phrase.

   Historical data is permanently unrecoverable by design. A 'forgot password' backdoor would mean the key is subject to court subpoena, defeating the whole zero-knowledge guarantee. A Hard Identity Reset re-keys you for the future without touching the past.

   / Onboarding forces you to type the phrase back, to prove you saved it

5. Scenario · 05

   A hacker SIM-swaps your number.

   They might get past Keycloak with the SMS OTP, but every snapshot has to be signed by the Ed25519 private key your phone derived on Day 1. They don't have your seed phrase, so they don't have that key. Every forged payload fails signature verification at the gateway.

   / Anti-SIM-swap signature gate on the ingestion API

6. Scenario · 06

   Apple tries to throttle your background process.

   PRAMA doesn't rely on `BGProcessingTask`; iOS will silently kill it the moment your battery dips. Instead the engine wakes on system-level events the OS cannot starve: significant location changes, device unlocks, and Apple Watch HealthKit observers.

   / Event-driven hybrid trigger · no blue tracking pill