{"id":11319,"date":"2025-03-19T08:00:00","date_gmt":"2025-03-19T07:00:00","guid":{"rendered":"https:\/\/haimagazine.com\/uncategorized\/diy-ai-how-to-outsmart-your-grandson-2-0\/"},"modified":"2025-06-26T15:12:05","modified_gmt":"2025-06-26T13:12:05","slug":"diy-ai-how-to-outsmart-your-grandson-2-0","status":"publish","type":"post","link":"https:\/\/haimagazine.com\/en\/tools\/diy-ai-how-to-outsmart-your-grandson-2-0\/","title":{"rendered":"\ud83d\udd12 DIY AI: how to outsmart your grandson 2.0"},"content":{"rendered":"

Phishing, vishing, spoofing* \u2013 these terms have firmly taken root in our reality, not only in business (cyber attacks on companies or government institutions) but also in private life (schemes involving fake consultants or police officers).<\/p>

Despite education and the increasing knowledge about the aforementioned criminal practices, many companies and individuals still fall victim to scams<\/mark><\/a>. We have better security measures at our disposal, but criminals also use increasingly sophisticated tricks to access our money and data. The proliferation of AI tools means that both sides have gained a powerful ally.<\/p>

But cyber scams aren’t just complex operations. They also include calls from seemingly familiar voices: “Mom, I had a fender bender, you need to transfer money so I can avoid reporting it to the police<\/em>.” Impersonating family members is a technique scammers have been using for years. However, modern AI tools, such as voice cloning and deepfake audio, make it increasingly difficult to detect fraud. Scammers no longer need to intercept passwords or install malicious software\u2014a few seconds of a person\u2019s voice recording is enough. Such recordings can be found on social media or obtained during an apparently innocent phone call. Importantly, the quality of the recordings used by the scammer to clone a voice doesn’t have to be perfect. In stress\u2014which can indeed be triggered by news of an accident\u2014we may not pay attention to minor deviations from the norm. The eerie vision from the movie Johnny Mnemonic (1995) is becoming less abstract.<\/p>

\"\" \"\" \"\"A Yakuza member animates the already deceased Pharmakom receptionistSource: Johnny Mnemonic, TriStar Pictures<\/p>

How to protect family members from situations like these?<\/strong><\/h4>

One way is to set up a unique password that can be used to confirm the identity of the person you’re speaking with in an unusual situation. But as it goes with passwords\u2014memory can be unreliable, especially under stress. A homemade app might help us with this.<\/p>

The article is one of the tutorials titled \u201cDIY AI\u201d<\/strong>, featured on hAImagazine.com. In these, I show how AI can be used to build “small apps that solve small problems”. I also discuss how to plan work on such projects and choose the right tools, while revealing some secrets of the developer’s kitchen. The prompts presented do not guarantee that the app will always work, as the same query yields different code each time. Therefore, the app should be tested and errors reported to the model for correction. Consider it all as learning through play.<\/td><\/tr><\/tbody><\/table><\/figure>

Stage 1<\/strong><\/h4>

In the first version of the app, I decided to implement only the key functionalities. It’s a good way to quickly verify assumptions, but also an opportunity to test the app with family members and gather feedback. I approached the Claude model (version 3.5 Sonnet) with the following prompt asking for code:<\/p>

Write a PWA app that meets the following criteria:1. the app is optimized for display on mobile devices,2. at the top of the screen, the app displays an alphanumeric password agreed upon by family members; the password is fetched from the pass.json file in the main directory of the app,3. below the password, there are avatars of 4 family members (mom, dad, brother, sister) arranged in a 2x2 matrix; all elements are visible without scrolling the screen,4. clicking an avatar natively initiates a call to the phone number assigned to it; the phone number is fetched from the tel.json file.Prepare separately all the necessary files and propose a structure for the .json files to be stored in the main directory of the app. Once installed on a phone, the app should work only in offline mode, without any server connection.<\/code><\/td><\/tr><\/tbody><\/table><\/figure>

Claude suggested the file structure you see in the picture a few lines down. You can freely configure the number of family members and their avatars. Saving the data in .json files allows for their quick updating in the future, without digging into the app’s code.<\/p>

\"\"<\/p>

After generating the code, I uploaded it to the server along with previously prepared icons and .json files containing sensitive data. The final step was to pull up the www domain in the Safari browser, under which I wrote the application, and to install it on the phone’s desktop. At the same time, I disabled internet access for testing to make sure everything would work offline.<\/p>

Why the app is being developed with PWA technology is explained in this tutorial I made<\/mark><\/a>. Of course, you can also run it locally on your laptop (Claude will explain exactly how to do it). However, if you want to install the app on your household members’ phones, you’ll have to visit them. Hosting the app on a server allows for remote installation.<\/td><\/tr><\/tbody><\/table><\/figure>

\"\"<\/p>

At the top of the screen, there’s a password (here: today’s password), and selecting an avatar initiates a connection with a specific person. The password can be simple enough to make it easier for older people to remember (e.g., names of animals or city names related to family history). I recommend to mark the app with a suggestive icon and pin it in a visible spot on the desktop. If you’re particularly cautious, you can even hide it (for example, under a kitten symbol).<\/p>

\"\"<\/p>

So how does it work in practice? <\/strong>Each family member should have the same version of the app installed. When an unusual situation occurs, you must immediately end the call. This is a critical moment, as scammers will do everything to prevent this from happening. Then, open the app, check the password, call the person you wish to call, and ask them to provide it. Just taking these steps will prevent an unpleasant situation in most cases.<\/p>

Stage 2<\/strong><\/h4>

If you’re happy with the result, you can start playing around with the app’s appearance and functionalities, for example, enlarge elements for the visually impaired, add more passwords that will change according to a specified system, or upload family photos instead of avatars. However, this solution has one downside.<\/strong> Keeping passwords and phones in an open .json file is not very good practice, to put it mildly, especially since the goal of installing a PWA is to place the app on a publicly accessible server. When I shared these concerns with Claude, it advised me to encrypt the sensitive data using the AES-GCM method. Therefore, I asked it to create a suitable app for me (although similar ones are also available online) for browser use:<\/p>

\"\"App for encrypting .json files created by Claude<\/p>

Then, I developed a second prompt that would help Claude enhance the security of the already generated application:<\/p>

Prepare your app update with the following security features:1. set up a robots.txt file to protect all app components from being read by bots\/crawlers,<\/code>2. .json files containing passwords and family contacts stored on the server will be replaced by me with AES-GCM encrypted versions (the encrypted files are attached),<\/code>3. after installing the app on a phone and launching in PWA mode for the first time, the family password field should be locked with a lock icon displayed instead of the password,<\/code>4. when tapping on the lock icon, users are asked once for the encryption key (known only to them),<\/code>5. after correctly entering the key, files are decrypted and saved in the phone\u2019s local storage (localStorage); users can then see the family password and make phone calls,<\/code>6. on subsequent app launches, if there\u2019s an entry in localStorage about unlocking, passwords are automatically decrypted without asking for the code,<\/code>7. all other app functions remain unchanged.Prepare separately all the necessary new files or updates to existing ones considering the current app structure.<\/code><\/td><\/tr><\/tbody><\/table><\/figure>

Claude updated the earlier code and added two new files to the file structure, which are specifically responsible for security: robots.txt and crypto-utils.js. I updated the files on the server and reinstalled the app on my phone. As a result, after launching it\u2014until the encryption key was entered\u2014I couldn’t see the family password or make any calls.<\/p>

\"\"<\/p>

Of course, the app itself can be further secured with a pin, but I didn’t want to add another layer of security that would require recalling a unique digit combination in a potential crisis situation. Unfortunately, with PWA technology, it’s not possible to use biometric securities\u2014a native app is needed to use such solutions. The advantage of PWA is that it works immediately on both iOS and Android. Remember also to delete the app from the server as soon as everyone in the family has installed it.<\/p>

I asked Piotr Konieczny from the Niebezpiecznik.pl portal<\/strong> for his opinion on the effectiveness of my solution. By the way, I recommend installing their app<\/mark><\/a>, which constantly provides alerts about dangerous activities online.<\/p>

\"\"<\/td><\/tr>
Verification by password or calling back is essentially the simplest form of confirming that we\u2019re talking to someone we know. The problem is that criminals are aware of this and are already skillfully bypassing password authentication procedures used in several banks. For example, scammers may claim they are calling from a special security department that doesn’t have access to the helpline database. It\u2019s easy to imagine that in the case of a “grandchild” scam, we might hear two sentences in the forged voice of a loved one they are impersonating, and then be informed that this person has fainted and is no longer contactable, so they can’t “return” to the phone and we cannot ask them for the password. Action must be taken quickly, of course! Unfortunately, in stressful situations, people panic and there\u2019s no remedy for that. Nor an app. That doesn\u2019t mean raising awareness and trying isn\u2019t worthwhile. Every trip-up counts against the scammers.<\/em><\/td><\/tr><\/tbody><\/table><\/figure>

The app is a tool, education is the key<\/strong><\/h4>

As Piotr wrote, no tool, not even the best one, can provide us with 100% protection.<\/strong> That’s why, in addition to the app, it’s worth spending time educating your loved ones, especially the older family members<\/mark>.<\/a> Practice together scenarios of potential attacks, emergency communication methods, and convince seniors never to make financial decisions under time pressure. No matter how dangerous and credible the situation seems\u2014there’s always time to hang up and talk to someone close or trusted.<\/p>

There are apps that recognize suspicious numbers, monitor phone connections or verify the caller’s voice, but we also have to tread lightly with them<\/mark>.<\/a> For example, the very popular spammer-tagging app Truecaller asks for access to your telephone directory. Entrusting these solutions with your safety carries the risk of losing some privacy. At the same time, AI tools for user protection are being developed\u2014Google and Microsoft are working on models that analyze the tone and content of conversations, and warn about potential scams, which I wrote about in relation to the Google I\/O conference<\/mark><\/a>. There are even new virtual grandmas<\/mark><\/a> who waste the time of fake grandsons or consultants in long conversations.<\/p>

\"\"\/<\/p>

But ultimately, it’s not technology, but awareness and common sense that provide the best protection. AI can help detect threats, but it’s up to us to respond appropriately.<\/p>

PS.<\/strong> I consulted with an experienced developer on the first version of the app. He immediately noticed that Claude had embedded the encryption key in the app’s code! This shows that creating solutions with AI (even as simple as the app described) where security issues are particularly crucial should always be verified by seasoned experts.<\/p>

*) Glossary:<\/strong><\/p>