← Back to the fleetS P A C Y A P P SSECRET-STUFF
S

Secret Stuff.

IOS · v10.4

Implementing v10.4

Built sometime around 2010 — my first fully deployed app, spanning multiple countries. That reach opened up opportunities throughout my life and career that I never expected. I'm happy to bring it back as a legacy app, a reminder of where it all started.

Download on the App Store ↗
Unique Picture Key Signature Unlock
I.01

Original signature algorithm

Written in Obj-C, the algorithm uses gesture point distances, relative locations, and per-metric thresholds to build a reliable single signature matching system. Kept in Obj-C for compatibility.

See deep dive ↓
I.02

Obj-C → SwiftUI migration

The original 2010 Obj-C project was migrated into modern SwiftUI with AI assistance. Because the original data design was structured and organised well, the migration was predictable and reliable — not pure vibe-coding.

A good experience to trial how AI can assist app-building, and a reaffirmation that a well-structured plan and vision is key to a maintainable codebase.

I.03

Redesigned UI

A fresh, modern interface built for a more pleasant experience. Same trusted app, new look. Enjoy!

Before
BEFORE
After
AFTER
◈ INSPIRATION

Remembering a password is hard because numbers and letters have no personal context — they're arbitrary, and a hint is often your last resort. The problem was simple: find an easier, more natural way to unlock.

Combining cognitive psychology and muscle memory — drawing a personal signature on an image you chose — the system creates three memory anchors:

  • the image you picked
  • the gesture you practised
  • whatever meaning you gave that gesture

Together, a new kind of unlock.

THE PROBLEM47X2q9Kno context · arbitrary · hint is last resortTHE IDEAimage you know · signature you drawTHREE MEMORY ANCHORSYOU PICKED IT+YOU PRACTISED IT=YOU REMEMBER ITcognitive psychology + muscle memory = new lock
◈ ALGORITHM DEEP DIVE

Signature Gesture Matching Algorithm for Hand-Drawn Authentication

When a user draws their Picture Key, the app records a sequence of points — the raw coordinates of a finger moving across the screen. The saved key is one sequence; the login attempt is another.

The goal: decide if two hand-drawn paths are the same, knowing that no two drawings are ever identical.

Algorithm Implemented · August 2010

Rectangles of Tolerance

Every point in both sequences is given a tolerance rectangle — a square box centered on that point, extending outward by a fixed sensitivity distance on all sides. Two points "agree" if their boxes overlap. One sensitivity value governs the entire system — wider boxes for a more forgiving match, tighter for stricter — with no similarity score to calibrate and no preprocessing of the drawing required. This accommodates the natural imprecision of a human hand rather than demanding pixel-perfect accuracy.

RECTANGLES OF TOLERANCEPQboxes overlap → matchPQno overlap → fail

The Greedy Traversal

The comparison uses two pointers — one for the saved key, one for the attempt — that walk their respective sequences together. At each step, the algorithm checks whether the current box from the saved path overlaps the current box from the attempt. If they don't overlap, the match fails immediately.

When they do overlap, the algorithm makes a greedy decision about which pointer to advance next. It measures two distances: how close the saved path's next point is to the attempt's current position, and vice versa. Whichever path's next point is closer to the other's current position gets to advance — no lookahead, no backtracking, just the locally best choice at each step. This creates a greedy traversal — the two pointers trade advances back and forth, one pulling ahead while the other catches up, keeping the boxes in contact as they move along both paths together.

This naturally handles the fact that two drawings of the same shape won't have the same number of sampled points. A faster draw produces fewer points; a slower one produces more. No preprocessing of the drawing is needed.

✦ IN PLAIN ENGLISH

Imagine two hikers walking two different trails that run roughly parallel — one hiker on the saved path, one on the attempt path. They're connected by a bungee cord.

At every step, they check: are we still close enough that our boxes overlap? If yes, whoever is behind gets pulled forward by the bungee — they take the next step to catch up. If the lead hiker is way ahead, the trailing one advances several steps in a row until they're level again. Then the other one surges ahead and the dynamic flips.

The traversal follows that rhythm — one advancing, then the other — neither marching in lockstep, but always staying tethered within the tolerance distance.

SAVED KEYLIVE TRACESTART

The moment the bungee stretches too far — boxes no longer touch — the match is over. They've diverged.

What gives the traversal its alternating rhythm — rather than two pointers advancing in lockstep — is that drawing speed oscillates. One path might have dense point clusters (slow careful drawing) while the other has sparse points (quick confident stroke) in the same region. The greedy step absorbs that mismatch naturally — the dense side advances many times while the sparse side waits, then the roles flip.

Why It Works for Authentication

The immediate-fail rule is a deliberate security decision. A drawing that drifts outside the tolerance zone — even once — is rejected. There is no averaging, no best-fit recovery, no forgiveness for a single bad segment. The path either stays within its tolerance envelope the entire way, or it doesn't. That strictness is what makes it a reliable lock rather than just a similarity score.

SAVED KEYLOGIN ATTEMPTtolerance zoneDIFFERENT POINTS · SAME PATH · BOXES OVERLAP → MATCH

15+ years in production. Not a line of the hand written algorithm has changed.

Signature Gesture Matching Algorithm for Hand-Drawn Authentication
Authored 14 August 2010  ·  © MMX Walter Mak / SpacyApps. All rights reserved.

📼
THE OG · CIRCA 2012
Watch the original launch video ↗