A GPS Tracker That Actually Stops Bike Theft
The device mounts to a bicycle and does two things well. First, it deters theft. When armed, any tampering triggers an audible alarm and a push notification to the owner's phone. Thieves tend to pick easier targets. Second, if the bike does get taken, GPS tracking locates it to within 10 feet. Owners have recovered stolen bikes from garages, pawn shops, and flea markets using the real time map.
The hardware packs a GPS chip, cellular radio, TI microcontroller, and motion sensors into a weatherproof enclosure. Battery life matters because the device runs for weeks between charges. That constraint shaped every firmware decision.
Beyond individual bike owners, the product deploys in fleet configurations. Universities use it to monitor campus bike share programs. City operators track usage patterns across hundreds of bikes. The fleet dashboard shows which bikes are where, which ones have low batteries, and heat maps of popular routes.
Everything But the Hardware
Sequoia Applied Technologies is a Santa Clara software engineering firm that builds IoT platforms, embedded firmware, and mobile apps. The client came to us with working hardware prototypes but no software team. They needed someone to build the entire stack: device firmware, cloud backend, mobile apps, and the tooling to manage devices in production.
We also inherited a legacy hosting environment that had outlived its usefulness. The old infrastructure ran on a provider with limited observability and no managed services. Outages were opaque. Scaling meant buying bigger boxes. The AWS migration was part of the scope from the start.
The engagement ran for several years, through multiple hardware revisions and feature expansions. What started as a consumer product grew into a fleet platform used by institutional customers.
Four Layers, One Coherent System
The architecture splits into device, messaging, cloud, and app layers. Each layer has its own constraints, but they have to work together without seams. A theft alert that takes 30 seconds to reach the owner's phone is useless. The system had to be fast enough that the notification arrives while the thief is still in the parking lot.
C firmware on a TI microcontroller handles GPS acquisition, motion detection, cellular connectivity, and power management. Low power modes extend battery life. The firmware supports over the air updates using a dual bank pattern with signed artifacts and automatic rollback on failure.
Devices publish telemetry and subscribe to commands over MQTT with TLS. The topic structure separates status updates from control messages. QoS settings vary by message type: theft alerts use QoS 1 for guaranteed delivery while routine telemetry uses QoS 0 to conserve bandwidth and battery.
The cloud layer handles ingestion, stream processing, alert dispatch, and time series storage. The migration from the legacy host used shadow traffic and staged rollouts to validate behavior before cutover. Autoscaling handles traffic spikes when a university starts a new semester.
Native iOS and Android apps let owners arm the device, receive alerts, track location, and review trip history. Fleet operators see a dashboard with all their bikes on a map. Background refresh keeps status current without draining the phone battery.
The web dashboard gives fleet operators a bird's eye view. They can see which bikes are checked out, which are idle, and which have been sitting in one spot for suspiciously long. Heat maps show where riders actually go, which helps with station placement decisions for bike share programs.
From Legacy Infrastructure to AWS
The original backend ran on a hosting provider that predated the modern cloud. It worked, mostly, but the team spent too much time firefighting. When something broke at 2am, diagnosing the problem meant SSH into boxes and grepping logs by hand. Scaling required provisioning new servers manually. The billing was opaque.
The AWS migration replaced that with managed services. RDS for the database. Kinesis for stream processing. CloudWatch for metrics and alerts. Lambda for event driven functions. The infrastructure became something you could reason about from a dashboard instead of a terminal.
We ran both systems in parallel during the transition, comparing outputs to catch discrepancies. Shadow traffic validated that the new system handled real workloads correctly before we moved any production traffic. The cutover happened in stages, one device cohort at a time, with rollback checkpoints at each phase.
Consumer Product to Fleet Platform
The product now ships to individual bike owners and deploys in fleet configurations at universities and municipal bike share programs. The device has gone through multiple hardware revisions, each requiring firmware updates pushed over the air to devices already in the field.
Fleet operators report that the visible deterrent, the blinking LED and the audible alarm, reduces theft attempts. When bikes do go missing, the GPS tracking has a strong recovery rate. One operator mentioned they stopped losing bikes entirely after installing the devices.
Sequoia continues to support the platform as the client expands into new markets and adds features like carbon offset tracking and integration with campus access systems.
Common Questions About IoT Product Development
What did Sequoia build for this bike security product?
Sequoia Applied Technologies built the entire product stack. That includes embedded firmware for the GPS tracking device, the MQTT messaging layer that connects devices to the cloud, native iOS and Android apps for bike owners, a web dashboard for fleet operators, and the AWS backend infrastructure after migrating from an older hosting provider. The product ships as a consumer device and also deploys in fleet configurations at universities and city bike share programs.
Why use MQTT for a bike security device?
MQTT is lightweight and works well on cellular connections that drop in and out. The protocol supports publish subscribe messaging with quality of service controls, which matters when you need to guarantee that a theft alert actually reaches the owner's phone. Sequoia designed the topic structure and QoS settings to balance battery life against delivery reliability, using higher QoS for critical alerts and lower QoS for routine telemetry like trip data.
How do over the air firmware updates work on IoT devices?
The device uses a dual bank update pattern. New firmware downloads to an inactive memory bank while the device continues running on the active bank. After download completes, the device validates the signature, swaps banks, and reboots. If health checks fail after the swap, it rolls back to the previous bank automatically. This approach prevents bricked devices in the field when updates go wrong.
What changed after migrating from the legacy host to AWS?
The legacy infrastructure had limited observability and no autoscaling. Outages were hard to diagnose. After the AWS migration, the team gained CloudWatch metrics, managed database services, and the ability to scale ingestion during traffic spikes. The migration used shadow traffic and staged rollouts to avoid downtime. Cost control also improved because the legacy setup had fixed capacity that sat idle most of the time.
What features do the mobile apps provide?
The iOS and Android apps let owners arm and disarm the device, receive tamper alerts via push notification, track the bike's location in real time if it moves while armed, and review trip history with distance and route data. Fleet operators get a separate dashboard view showing all bikes in their fleet, usage patterns, and heat maps of where bikes travel. The apps also calculate carbon offset for riders who track commute miles.
What kind of companies does Sequoia work with on IoT products?
Sequoia Applied Technologies is a Santa Clara software engineering firm that builds IoT platforms, embedded firmware, mobile apps, and cloud backends. Clients range from hardware startups bringing their first connected product to market, to established companies adding connectivity to existing product lines. Related engagements include distributed energy storage systems, consumer water monitoring devices, and industrial IoT platforms.