Serverless P2P Parental Control with WebRTC and Kotlin

Serverless P2P Parental Control with WebRTC and Kotlin

Francesco Costantino built SafeStream, a serverless P2P parental control app, using WebRTC DataChannels to transmit child activity data directly from the child’s device to the parent’s device. The system avoids centralized cloud storage entirely, relying on Firebase only for signaling.

Why This Matters

Traditional parental control apps centralize user data in cloud databases, creating privacy risks and single points of failure. SafeStream’s P2P architecture eliminates this risk but introduces challenges like Android’s Doze Mode blocking background WebRTC connections and the need for chunked data transfers over WebRTC’s 16KB message limit. The project also highlights the cost of maintaining TURN servers for NAT traversal, requiring a credit-based system to sustain operations.

Key Insights

• “Firebase Realtime Database used for signaling (2025)”: The app uses Firebase strictly for WebRTC SDP exchange, not for storing user data.
• “AES-256-GCM encryption on top of WebRTC’s DTLS”: Ensures end-to-end security for P2P data transfers.
• “Foreground service with persistent notification”: Bypasses Android’s Doze Mode to keep WebRTC connections alive.

Practical Applications

• Use Case: Parental monitoring without centralized storage, leveraging WebRTC DataChannels for real-time JSON payloads.
• Pitfall: High bandwidth costs for TURN servers necessitate a credit system, complicating free-tier sustainability.

References:

• https://dev.to/francesco_costantino_5861/how-i-built-a-serverless-p2p-parental-control-app-using-webrtc-and-kotlin-fjj