App Prototypes 2026-05-10

Kin Code

Prototype

KinCode

The family safe-word vault and AI-clone scam drill — pick a word the scammer can't say, then practice using it.

Date: 2026-05-10 Form factor: Web app (single-page; mobile-friendly) Status: Prototype

What it is

KinCode is a calm, low-tech defense against the AI voice-clone scam wave of 2026. It walks a family through choosing a strong shared safe word, scoring how exposed each member's voice already is online, and rehearsing the call with a built-in drill simulator so the protocol is muscle memory the moment a "frantic grandchild" rings.

Who it serves

The primary persona is a 35–55-year-old "family CIO" — the adult child or caregiver who has aging parents, kids with public TikToks, and a group chat. The pain is real and recent: 1 in 4 Americans has now received an AI deepfake voice call, the FBI is publicly recommending a family code word, and nobody has actually picked one or practiced the protocol. KinCode turns the advice into a 10-minute setup the family can run together.

Why it could be profitable

Monetization is freemium with a very natural upgrade path:

Free: one trust circle, one safe word, drill simulator, printable card.
KinCode+ ($4.99/mo or $39/yr): multi-circle (in-laws, caregivers, kids' households), per-member voice-exposure audits, scheduled rotation reminders, scam-script library updates.
B2B pilots: senior-living communities, financial advisors, and credit unions resell as a member benefit ($1–$2/seat/mo). Insurers (homeowners + cyber riders) bundle it as a discount-driver.

Demand rationale: Hiya's State of the Call 2026 says 1 in 4 Americans got a deepfake voice call in the last 12 months, and 1 in 10 households has already lost money to a voice-clone scam. The FBI and the National Cybersecurity Alliance are both publicly recommending a family code word as the only behavioral defense that works against perfect voice clones — yet there is no consumer product that helps a family actually pick, store, and rehearse one. The wedge is the drill, not the vault.

Form factor & scope

A single-page web app, mobile-first. The prototype demonstrates the four screens that make the freemium tier real: Trust Circle (add members + roles), Safe Word (suggest, strength-meter, lock), Voice Exposure (per-member risk audit), and Scam Drill (simulated call where the user has to ask for the safe word and refuse to act until they hear it). A printable Verification Card view rolls those four into a fridge-ready summary.

How to run it

Open index.html in any modern browser (Chrome, Firefox, Edge, Safari). No build step, no install, no API keys.
The sample data is embedded in the page as an inline <script type="application/json"> block so the prototype runs directly from file:// without a local server.
Click through the four numbered tabs in order: Circle → Safe Word → Voice Exposure → Drill. Use the Print Card button at the bottom for the kitchen-fridge view.

What's in this prototype

Trust Circle screen — add/remove family members, assign roles (Anchor, Member, Vulnerable), see the seeded "Schecht Family" example.
Safe Word screen — generate word suggestions from a curated wordlist, see a live strength meter that penalises social-media-discoverable words, and lock the chosen phrase.
Voice Exposure screen — per-member checklist of public audio sources (TikTok, YouTube, voicemail greeting, podcast, work bio); each box ticked raises the member's clone-risk score with a plain-English explanation.
Scam Drill screen — simulated incoming call from a "cloned grandchild" with timed prompts; the user must ask for the safe word and refuse to send money. Wrong choices show the post-mortem; correct choices unlock the success state.
Printable Verification Card — one-page summary with circle members, the safe word (masked by default, click to reveal), and the three-step "Hang up → Call back → Ask the word" protocol.

Roadmap

iOS/Android wrapper with one-tap "Verify Caller" widget on the lock screen.
Voice-exposure audit that actually scrapes a member's public footprint (TikTok handle, podcast RSS) instead of self-report.
Family-shared encrypted vault so the safe word syncs across members without leaving plain text on any device.
Live scam-script library kept fresh from FTC Sentinel + IC3 feeds, pushed as drill updates.
B2B admin console for senior-living and credit-union resellers.

Sources

https://www.fbi.gov/contact-us/field-offices/phoenix/news/fbi-warns-of-criminals-using-ai-voice-cloning-tools-to-create-realistic-impersonations — FBI public recommendation to use a family code word against AI voice cloning.
https://www.webanditnews.com/2026/03/02/state-of-the-call-2026-ai-deepfake-voice-calls-hit-1-in-4-americans-as-consumers-say-scammers-are-beating-mobile-network-operators-2-to-1/ — Hiya State of the Call 2026: 1 in 4 Americans got a deepfake voice call in the last 12 months.
https://scamwatchhq.com/ai-voice-cloning-congress-scrutiny-social-media-april-2026/ — April 2026 Senate Commerce + House Energy hearings on AI voice cloning; Voice Cloning Protection Act introduced.
https://www.cbsnews.com/news/elder-scams-family-safe-word/ — CBS News explainer on the family-safe-word defense.
https://www.aarp.org/money/scams-fraud/detecting-ai-fraud/ — AARP guidance on AI-powered scams targeting families.

Requirements

KinCode — Requirements

Goals

Help a family pick a strong, AI-clone-resistant shared safe word in under 10 minutes.
Make the verification protocol — hang up, call back on a known number, ask the safe word — muscle memory for every adult in the circle.
Surface each family member's voice-clone exposure so they understand why this matters specifically to them.
Produce a one-page printable card the family can stick on a fridge or share to a parent's phone home screen.
Keep all data on-device by default — a scam-defense app should never become its own data-leak risk.

Primary user

A 35–55-year-old "family CIO" — typically the adult child or caregiver who already manages shared subscriptions, holiday plans, and the parents' router. They have read at least one news story about AI voice cloning, are nervous about it, and want a single concrete thing they can do this weekend that protects everyone in the group chat. They are comfortable on a phone but will not download anything that requires an account, an SMS code, or a credit card on day one.

Functional requirements

FR1: User can create a Trust Circle with a name and add 2–10 named members.
FR2: Each member has a role tag of Anchor, Member, or Vulnerable (the latter triggers higher-risk default settings).
FR3: The app suggests safe-word candidates from a curated wordlist that mixes nouns + adjectives and excludes obviously guessable phrases (pet names, sports teams, hometowns).
FR4: A live strength meter scores the chosen safe word on length, uncommonness, and "would a scraper find this on social media" heuristics; explains the score in one sentence.
FR5: User can lock the safe word; once locked, it is masked behind a click-to-reveal control with a configurable rotation reminder (default 6 months).
FR6: For each member, the user can run a Voice Exposure self-audit (8–10 yes/no items) and see a 0–100 risk score with the top contributing factors.
FR7: The Drill simulates an incoming AI-clone call with a timed transcript and at least three decision points (e.g. "Send the money", "Ask follow-up question", "Ask for the safe word", "Hang up and call back").
FR8: Wrong drill answers route to a teaching post-mortem screen explaining what the scammer is exploiting; correct answers unlock the success state.
FR9: A Print Card view renders the circle name, masked safe word (revealable), member list, and the three-step verification protocol on a single page sized for letter/A4.
FR10: All state persists in localStorage so a refresh does not lose the circle; a one-click "Reset Demo" wipes it.
FR11: All sample data is loaded from an inline JSON block so the page works when opened from file:// with no local server.
FR12: The app is fully keyboard-navigable and has visible focus rings on every interactive control.

User stories

As an adult child of aging parents, I want to set up a single shared safe word in under 10 minutes, so that everyone in my family knows what to ask if they get a frantic call.
As a "family CIO", I want to see why my mom is high-risk for a voice-clone scam, so that I can have the conversation with concrete evidence rather than vague worry.
As a college student with a public TikTok, I want a safe word I can memorise without writing it down, so that I can answer correctly even when I am genuinely panicked.
As a caregiver running a drill with a parent, I want a guided simulated call, so that they experience the right behaviour once before they need it for real.
As a financial advisor, I want a printable card I can leave with a client, so that the protocol survives between our quarterly meetings.
As a privacy-conscious user, I want the safe word never to leave my browser, so that signing up for a scam-defense product does not itself become a leak.
As a reseller (senior living community), I want to white-label the drill, so that I can offer it as a member benefit without building it.

Non-functional requirements

Performance: page interactive in < 1 second on a mid-range phone; no blocking network requests at runtime.
Privacy: zero outbound network calls in the prototype; all storage is localStorage; safe word is masked by default everywhere it appears.
Accessibility: WCAG 2.2 AA color contrast; keyboard navigable; ARIA labels on the drill timer and the strength meter.
Resilience: prototype must run from file:// (double-click index.html) without a local web server.
Maintainability: vanilla HTML/CSS/JS, no build step, single CSS file, single JS file.

Out of scope (for the prototype)

Real account creation, multi-device sync, or end-to-end encryption.
Actual voice analysis, deepfake detection, or microphone access.
Live integrations with FTC Sentinel, IC3, carrier APIs, or any backend.
iOS/Android native wrappers and lock-screen widgets.
Payments / subscription billing.

Open questions

Should the safe word ever be exportable to an encrypted password manager (1Password, Bitwarden) — or is leaving the browser the wrong tradeoff?
For the Vulnerable role, do we add a "trusted third party" (e.g. an advisor) to the circle, or keep the circle strictly family?
How often should the rotation reminder default to — 6 months too aggressive, 12 too lax?
Is the drill more effective as a one-shot ten-minute exercise, or as a 30-second monthly micro-drill that pings a member at random?

Open raw folder ↗ Apps/Prototypes/May_2026/kin-code_2026-05-10

Metadata

Overview

Title	Kin Code
Category	App Prototypes
Date	2026-05-10
Slug	kin-code
Source	Apps/Prototypes/May_2026/kin-code_2026-05-10

Details

generated	2026-05-10
workflow	weekly-app-prototype (Claude)
model	claude-opus-4-7[1m]
form factor	Web app (single-page; mobile-friendly)
idea source / inspiration	AI voice-clone scams have crossed the consumer-awareness threshold in 2026 — Hiya's State of the Call 2026 reports 1 in 4 Americans received a deepfake voice call in the last 12 months, the FBI is now publicly recommending a family code word, and Congress opened hearings on the Voice Cloning Protection Act in April 2026. Despite this, no consumer product walks a family through actually picking, storing, and rehearsing a safe word. KinCode is that 10-minute kit — a vault + drill simulator built around the only behavioral defense that survives a perfect voice clone. Sources:

Browse App Prototypes

← Previous Fair Fare → Next Trap Scout