Laptop theft protection for macOS
A menu bar app that detects lid close and power disconnect events,
then tracks your device and sends alerts via Telegram and Pushover.
Disabled ──arm──▶ Enabled ──trigger──▶ Theft Mode
◀──disarm─── ◀──authenticate───
├─ 📍 Location
arm: menu, shortcut ├─ 📶 WiFi & IP
trigger: lid close, power disconnect ├─ 🔋 Battery
authenticate: Touch ID, Telegram ├─ 🔔 Alerts (Telegram + Pushover)
disarm: Touch ID ├─ 🚨 Siren alarm
└─ 🔒 Lock screen overlay
When theft mode activates, LidGuard sends tracking updates every 20 seconds with location, IP, WiFi, and battery status — all controllable remotely via Telegram.
🛡️ Theft Detection — lid close, power disconnect, power button press
📍 Device Tracking — location, IP, WiFi, battery every 20s
📲 Telegram & Pushover — instant alerts with full device info
🎮 Remote Control — enable, disable, alarm, status via Telegram bot
🚨 Alarm — synthesized siren or system sounds at max volume (enforced, can't be silenced)
😴 Sleep Prevention — IOKit assertions + pmset disablesleep
🔒 Lock Screen — fullscreen "STOLEN DEVICE" overlay with owner contact info
⌨️ Global Shortcut — system-wide hotkey to arm/disarm
🔐 Touch ID — biometric auth for settings, disable, and quit
🛑 Shutdown Blocking — prevents force quit and shutdown during theft mode
🔄 Auto-Update — checks for new versions and installs with one click
🚀 Launch at Login — start protection automatically via macOS login items
Grab the latest .zip from Releases, unzip, and move LidGuard.app to /Applications.
git clone https://github.com/Erel3/lidguard.git
cd lidguard
make run # build .app with -dev suffix and open
make lint # run swiftlint
make install # install to /ApplicationsOn first launch, LidGuard opens Settings automatically if no notification service is configured.
LidGuard uses a Telegram bot to send alerts and receive remote commands.
- Open Telegram and message @BotFather
- Send
/newbot, pick a name and username - Copy the bot token (looks like
123456789:ABCdefGHI...) - Send any message to your new bot, then open
https://api.telegram.org/bot<TOKEN>/getUpdates - Find your chat ID in the response JSON (
"chat":{"id":123456789}) - Paste both into LidGuard Settings → Notifications → Telegram
The bot only responds to your chat ID — no one else can control it.
Pushover delivers instant push notifications to your phone. Useful as a fast backup channel alongside Telegram.
- Create an account at pushover.net and install the mobile app
- Copy your User Key from the Pushover dashboard
- Create an application to get an API Token
- Paste both into LidGuard Settings → Notifications → Pushover
Settings are organized into four tabs:
| Tab | What's there |
|---|---|
| General | Contact name & phone (shown on lock screen overlay), launch at login, auto-update, reset |
| Triggers | Lid close, power disconnect, power button toggles; global shortcut config |
| Protection | Sleep prevention, shutdown blocking, lock screen, alarm sound & volume, auto-alarm |
| Notifications | Telegram bot token & chat ID, Pushover user key & API token, per-service toggles |
Credentials are stored in macOS Keychain — never synced or uploaded.
Control LidGuard from anywhere via your Telegram bot:
| Command | Action |
|---|---|
/stop or /safe |
Deactivate theft mode |
/enable |
Arm protection |
/disable |
Disarm protection |
/status |
Device info + current state |
/alarm |
Trigger siren |
/stopalarm |
Stop siren |
Telegram replies include context-aware button keyboards — no need to type commands manually.
LidGuard lives in the menu bar with a custom laptop icon:
| Icon | State |
|---|---|
| Closed eye (dark) | Disabled |
| Open eye (green) | Protection enabled |
| Open eye (red) | Theft mode active |
Left-click opens the full menu. Right-click quick-toggles protection.
Hold Option while the menu is open to reveal hidden items (test alert, activity log).
| Permission | Why |
|---|---|
| Accessibility | Global keyboard shortcut + power button monitoring |
| Location Services | Device tracking in theft mode |
| Contacts (optional) | Auto-fill owner phone number from your Me card |
The app is not sandboxed — it needs direct access to IOKit, CoreAudio, and pmset for full theft protection.
