Map of nearby traffic hazards
Networking diagram for backend
Security is important
Proper security headers
Cars are full of sensors that constantly monitor things like speed, acceleration, engine performance, emissions, and so on. Drivewest is our take on the possibilities made available through the analysis of these data points.
What it does
As a Drivewest user travels, the Android app sends sensor information to a microservice-based API, which aggregates data across all clients and uses it to determine potential road hazards like potholes, speedbumps, or car crashes. An online dashboard, drivewest.algome.me, is also implemented for showing the overall collected data.
How we built it
The Android client feeds raw accelerometer readings alongside the current position of the vehicle to an AWS API Gateway endpoint, which in turn triggers an AWS Lambda to process the data and insert it into a PostgreSQL database running on Amazon RDS.
Periodically, a task is executed on an EC2 instance which performs analysis on the queued up sensory data, and determines if the car experienced abnormalities (sudden acceleration, deceleration, etc.) If so, it marks the location as a traffic hazard, which other Android clients can request through a second Lambda endpoint. This data can also be displayed on the live-updating drivewest.algome.me overview.
We chose a polling-based approach over more modern websockets due to connection stability on shoddy data connection.
In terms of security, each device generates a session-unique SHA256 ID which it uses to communicate with the aggregating API, which is invoked over HTTPS. Since the ID is unique per session, it means the server has no personally identifiable information like frequently traveled routes. The frontend is served over HTTPS as well, with nginx configured to send HSTS headers, scoring an A+ on the Qualys SSL Labs test. We also configured it to send security headers like
X-Frame-Options to mitigate some injection and clickjacking attacks. This gets an A on the securityheaders.io test — Google Maps relies on
Challenges we ran into
psycopg2, the standard library used to interface with PostgreSQL from Python, is built with a dynamic link to PostgreSQL's
libpq.so. For inclusion in a Lambda package, it had to be recompiled to statically link
libpq.so, which was shipped as part of the package.
Accelerometer readings depend on the orientation of the phone, so to get a reading of (x, y, z) with z vertical, some tricky matrix math has to be done to account for rotation (gyroscope) of the device.
Accomplishments that we're proud of
What we learned
- AWS, fun coming from Azure.
- Android Auto
What's next for Drivewest
We drive east, hopefully in less than 4.5 hours.