← All Resources

What is ATAK?

A plain-language, build-up guide to ATAK and the wider TAK ecosystem: clients, EUDs, data packages, imagery, mesh networks, federation, plugins, deployment types, and the CoT protocol underneath it all.

ATAK is a moving-map app for a phone or tablet that lets a team see each other, see what they are looking at, and talk about it on one shared picture in real time.

If you read nothing else: ATAK stands for Android Team Awareness Kit in the civilian and first-responder world, and Android Tactical Assault Kit in the military world. It primarily runs on Android, but there are sibling apps for other devices. Additionally, there is a server that ties them together when you want one, and a message format underneath that makes the whole thing interoperate.

Where ATAK came from and who runs it now

ATAK started as a research effort at the AFRL (Air Force Research Laboratory) and is now maintained by the TPC (TAK Product Center), which publishes releases through the government portal at TAK.gov. The current product line is the TAK 5.x generation. The core apps are government-managed, but the plugin interfaces are public and the toolchain to build against them is openly available, which is why a real third-party ecosystem exists around it.

Two practical consequences of that ownership model. First, the core apps are free. The cost of a TAK program is in the EUDs (End User Devices), the server if you stand one up, mesh radios, and integration work, not in a license for the app itself. Second, the civilian build, ATAK-CIV (often just called CivTAK), is export-classified EAR99, meaning it is broadly available to most people and most countries except those under specific sanctions. The military build, ATAK-MIL, requires a verified government or defense-contractor account. For most commercial defense work at the unclassified tier, ATAK-CIV plus a free TAK.gov registration is the starting point.

The TAK family: clients, and the server they may or may not need

People say "ATAK" the way they say "Kleenex," to mean the whole system. It helps to separate the clients (the apps people carry) from the server (the optional hub that ties them together).

The clients, roughly in order of capability:

  • ATAK (Android): the original and most capable client. The widest plugin support and the deepest feature set.
  • iTAK (iOS): the iPhone and iPad client. A subset of ATAK's features, easier to onboard, more limited plugin story. Most iOS integration work targets the web client rather than native iTAK plugins.
  • WinTAK (Windows): the desktop client, common in operations centers on a big screen. Note that WinTAK is slated to sunset in 2026.
  • TAKX: the Linux-based successor that consolidates WinTAK and the RaptorX mapping lineage, intended to run across Web, macOS, Windows, and Ubuntu. This is where the desktop line is heading.
  • WebTAK: a browser-based client with no install. Good for an operations center that just needs the COP (Common Operating Picture) on a screen quickly. WebTAK is also the one client that supports certificate or token-based CAC (Common Access Card) login.
  • TAKAware: an alternate iOS client adopted heavily by the first-responder community.

The key fact a newcomer needs: all of these clients speak the same language to the same server. You can mix ATAK on Android, WinTAK on a laptop, and iTAK on an iPhone on one network and they all see each other. That interoperability is the entire point, and it works because of a shared message format we cover below.

The core picture: markers, blue force, GeoChat, and CoT

Open ATAK and you get a map. On that map you and your teammates appear as icons. You drop markers on things that matter, a vehicle, a hazard, a casualty, a sensor, and everyone on your network sees that marker appear on their own map within a second or two. You can draw routes and shapes, measure range and bearing, attach a photo to a point, and send text in a map-aware chat called GeoChat. That is BFT (Blue Force Tracking) plus collaborative mapping, and for many users it is 90 percent of what they ever do.

Under the hood, every one of those actions is a message in a format called CoT (Cursor on Target). CoT is a small XML message that says, in effect, "this thing, of this type, is at this position, as of this time, and goes stale at this time." A CoT event carries a unique ID, a type code, a latitude and longitude and height, a time stamp, a stale time, and a detail block for everything else. The type code encodes affiliation and dimension in a compact grammar, so a friendly ground unit reads as one pattern and a hostile air track reads as another, lining up with MIL-STD-2525 military symbology.

CoT matters more than it looks. Because every client and server speaks CoT, a sensor, a drone, a radio, or an outside system only has to emit valid CoT to put a track on everyone's map. If you can produce CoT, you can talk to TAK. That single fact is why the ecosystem is as broad as it is, and it is the cleanest integration path for anyone building a system that wants to appear inside ATAK.

How devices actually talk: the comms layer

ATAK does not provide its own radio. By default it uses whatever the device already has: cellular or Wi-Fi, passing data across an existing network to a server and on to other devices. That is fine in a city or on a base. It falls apart the moment you are off-grid, and off-grid is exactly where a lot of operators live.

This is where the comms layer gets interesting. To run without cell towers, you bridge ATAK onto a radio network through a plugin:

  • Mesh radios: small radios that form a MANET (Mobile Ad-hoc Network), a self-forming, self-healing network where every radio relays for every other radio. Drop a node and the mesh rebuilds around it. Professional options like the goTenna Pro series bring turnkey setup and PKI encryption; the open-source Meshtastic stack on cheap Semtech LoRa (Long Range) radios brings low cost and deep control at the price of more setup. Higher-end tactical MANET comes from vendors like Silvus and Persistent Systems (Wave Relay).
  • HF radio for BLOS (Beyond Line of Sight) reach measured in hundreds or thousands of miles, typically carried over STANAG 5066 between two servers or between a remote client and its server.
  • SATCOM uplink nodes that bridge a local mesh out to the wider network. This can be Starlink on Ka/Ku-band, or dedicated military SATCOM systems.

The mental model to keep: ATAK is the picture, the radio is the pipe, and a plugin is the adapter between them. Choose the pipe to match the environment and the threat, not the other way around.

TAK Server: what it does, and when you do not need one

A TAK Server is the hub that connects clients on different networks, stores and distributes shared data, and brokers who sees what. It runs on Java 17 against a PostgreSQL database with PostGIS, on Linux distributions like RHEL or Ubuntu, and it will run on hardware as small as a Raspberry Pi 5 for a minimal node or scale up to a data center.

You need a server when you want devices on different networks to share one picture, when you want central control over data and identity, or when you want to persist data and missions over time. You do not strictly need one for a small co-located team: ATAK clients can share peer-to-peer over a mesh with no server at all, which is the cheapest way to get a handful of people on the same map in the field.

Clients connect to the server with TLS certificates and exchange CoT. The common ports are worth knowing because they show up constantly in setup: 8089 for streaming CoT over SSL, 8087 for plain TCP, 8443 for the admin console, and 8446 for certificate enrollment and WebTAK. Newer servers also support the QUIC transport in addition to SSL/TLS.

Group membership on the server uses three roles, in, out, and both, which control whether a user receives a group's traffic, contributes to it, or does both. That simple model is how a server keeps a coalition partner's feed separate from an internal one without standing up a second server.

Deployment types: from a phone in a field to an air-gapped enclave

The same software stretches across very different deployments, and picking the right one is mostly a question of who needs to see the data and what network you are allowed to touch.

  • Standalone / serverless: clients share over a local mesh, no server. Smallest footprint, no infrastructure, limited to line-of-sight or mesh range. Extend public WAN with VPN tools such as ZeroTier, WireGuard, OpenVPN, or otherwise.
  • Self-hosted on-premises: you run TAK Server on your own Linux box or VM. Full control, full responsibility.
  • Cloud-hosted: the server lives in a cloud you manage, reachable by clients over the public internet with TLS.
  • TAKaaS (TAK as a Service): a vendor runs and manages the server for you, and increasingly pushes user and device management down to edge operators. This is a fast-moving part of the ecosystem in 2026, with prototypes like TAK-Portal aimed squarely at taking the backend pain away from small teams.
  • Air-gapped / disconnected: a server and clients on an isolated network with no internet path, configured entirely from local data packages and offline imagery. Common for classified enclaves and for anyone who treats cloud dependency as a liability rather than a feature.
  • Containerized: Docker deployments for repeatable stand-up and teardown.

The honest planning question is not "cloud or on-prem." It is "what happens to my picture when the link to higher goes dark," and the answer should be designed in, not discovered in the field.

Data packages: the turnkey way to move config and content

A data package (also called a Mission Package) is just a ZIP file with a manifest and a simple folder structure. When a client is told about a data package, it fetches it, unpacks it, and auto-parses the contents onto the map. They are how you move almost anything reusable into a fleet of devices without touching each one by hand.

Inside the ZIP, a MANIFEST/manifest.xml file (a MissionPackageManifest of version 2) declares a UID, a human-readable name, and a list of contents. The contents can include client certificates (placed under a cert/ path so ATAK imports them into its certificate database automatically), a preference file that configures the server connection (the cot_streams block, with a connectString like TAKSERVER:8089:ssl), imagery and overlays, CoT objects, and photos. A manifest flag like onReceiveDelete controls whether the package deletes itself after import, which matters for one-time enrollment.

The highest-leverage use is the enrollment data package: a single ZIP that, when a new user imports it, configures their server connection, installs the trust store, and enrolls them for a client certificate. A server can be set to push data packages automatically on certificate enrollment or on first connection, so a device walks onto the network already configured. That is how you onboard a fleet in minutes instead of standing over each handset.

Imagery sources: online tiles, offline caches, and overlays

ATAK is only as useful as the map under your markers, and it accepts a wide range of imagery so you are not locked to one provider.

  • Online map sources: standard web tiles via XYZ, WMS (Web Map Service), and WMTS (Web Map Tile Service), declared in a small custom-map-source XML that points at a tile URL.
  • Offline / cached imagery: MBTiles and other tiled formats packaged for use with no connection, the backbone of air-gapped and field operations.
  • Overlays: KML and KMZ for vector overlays and ground imagery, GeoPDF for georeferenced documents, and GRG (Gridded Reference Graphic) overlays for building and objective labeling.
  • Elevation: DTED (Digital Terrain Elevation Data) for terrain analysis, line-of-sight, and viewshed work.

The point that trips up newcomers: imagery and the network are separate problems. You can run fully offline with cached MBTiles and a mesh, or fully online with streaming WMTS, or any blend. Decide your imagery strategy against your worst expected connectivity, not your best.

Federation: stitching servers across networks, agencies, and borders

A single server gives one organization a shared picture. Federation is how two or more servers share selected data across network, agency, or national boundaries while each side keeps control of its own data.

Modern federation runs through a Federation Hub, a separate component from the core server, in a hub-and-spoke topology: instead of every server connecting directly to every other, servers connect to the hub, which handles connection management, trust, and policy-based data brokering. Federation comes in V1 and V2 flavors (different ports, V2 being current), and authentication is either mutual client certificates or JWT (JSON Web Token) token federation. Crucially, federation is policy-filtered and directional: you choose what data crosses, and you can make a link unidirectional or bidirectional. A supervisory cell can receive everything while sharing nothing back, or two coalition partners can exchange a deliberately narrowed slice.

For cross-domain and red/black separation, federation links can pass through XML guards and data diodes so that information crosses a security boundary under control rather than by accident. The server also supports mission federation with disruption tolerance, meaning a federated mission can survive a flaky link and reconcile when the connection returns. Federation is where TAK stops being a team tool and becomes a coalition tool, and it is also where the hard policy questions live.

Plugins: the extensibility model, and a smarter alternative

ATAK's reach comes from plugins: companion modules that add hardware integration, new data types, or mission-specific tools to the core map. They are built against a published SDK distributed as AAR files, and they are version-locked, a plugin must match the exact ATAK build it runs on, which is the single most common source of "why won't this load" frustration. The core app is government-managed, but the plugin API is public, so anyone can build.

Typical plugin categories: video (RTSP and RTSPS streams onto the map), UAS control and feed integration, sensor and radio bridges, mesh forwarders, CBRN and specialized analysis tools, and imagery providers.

There is a quieter, more durable integration path that experienced builders prefer: emit CoT to the server directly instead of writing a brittle, version-locked plugin. Because GeoChat and tracks are just CoT, a system can connect to the server, speak CoT, and appear inside everyone's ATAK without shipping a plugin that breaks on the next client update. The rule of thumb: use a plugin when you must touch the device or its hardware, and use server-side CoT when you are moving data. The second path ages far better.

CONOPS and CONUSE: fitting ATAK to how people actually work

Two acronyms get thrown around when ATAK shows up in planning, and they are not the same thing.

CONOPS (Concept of Operations) describes how a force intends to accomplish a mission: the scheme, the phases, the roles, the desired end state. ATAK supports a CONOPS by carrying the shared picture that the scheme depends on, who is where, what has been found, what the plan looks like on the map.

CONUSE (Concept of Use), sometimes written CONEMP for Concept of Employment, describes how a specific capability or piece of kit will be used inside that operation: who carries it, on what device, over what comms, configured how. A serious ATAK rollout writes a CONUSE because the decisions that make or break it, EUD choice, mesh versus cellular, federation policy, plugin set, data-package onboarding, are CONUSE decisions, not afterthoughts.

The practical lesson: ATAK is not a capability you "install." It is a capability you employ, and the difference is a written CONUSE that survives contact with reality.

The advanced layer, briefly

For readers who want the next level of detail, a few things worth carrying:

  • CoT schema: an event carries uid, type (affiliation and dimension grammar), time, start, and stale; a point carries lat, lon, and hae (height above ellipsoid); a detail block carries everything else, including the contact callsign and GeoChat content. Stale time is what keeps a dead track from lingering on the map forever.
  • Identity and trust: clients authenticate to the server with TLS client certificates, usually delivered and enrolled through a data package. The server's Marti API handles device profiles, mission management, and data-package distribution.
  • Ports cheat sheet: 8089 (SSL CoT streaming), 8087 (TCP), 8443 (admin console), 8446 (cert enrollment and WebTAK), and the 9000-series for federation (9001 server-to-hub, 9101 V1, 9102 V2 hub, 9103 token federation).
  • Groups and data scoping: the in/out/both role model is the primary tool for keeping feeds separated without proliferating servers.

That is enough to read a server config without flinching and to ask a vendor the right questions.

Where Empyrean fits

ATAK is the picture in a lot of hands across military and civilian operations, which makes it a natural place for a fusion and decision layer to show up rather than replace. Our approach is integration-pattern, not lock-in: a system that already speaks CoT can put fused tracks, alerts, and decision products onto an ATAK map the operator already trusts, over the comms they already carry. We are detailing that integration pattern in a dedicated capability recipe, with a short walkthrough video, so this page stays about ATAK itself rather than about us. For how the pieces connect on the Empyrean side, see the ATAK Integration & Deployment recipe.

Related reading

Related topics

ATAK FAQStraight answers to the most common ATAK questions: what it is, whether it is free, how it works without cell service, what a TAK server and a data package are, what federation does, and how systems integrate.What is a Common Operational Picture?A technical reference on the Common Operational Picture (COP): what it is, why most COPs fail operators, the difference between a display and a decision surface, multi-domain integration, MIL-STD-2525 symbology, edge deployment, and what a fused COP actually requires.Common Operational Picture FAQQuick-reference answers on the Common Operational Picture: COP software, multi-domain COP, MIL-STD-2525 symbology, edge deployment, sensor fusion integration, data normalization, and the difference between a COP, CTP, and tactical display.What is Intelligence Fusion?A technical reference on intelligence fusion: the JDL/DFIG data-fusion model from signal to decision, the difference between data, sensor, information, multi-INT, and all-source fusion, the intelligence disciplines (GEOINT, SIGINT, MASINT, OSINT, HUMINT, FININT), the JADC2 and Multi-Domain Operations doctrine it serves, and what fusion looks like for civilian and dual-use operators who never use the word JADC2.Would the Real Common Operating Picture (COP) Please Stand UpThe doctrinal COP promises a single fused display of relevant information shared across echelons. Reality delivers PowerPoint slides, uncorrelated sensor feeds, and TAK maps with six icons for one drone. Here's what a real COP requires: fusion, policy, edge deployment, and echelon-aware translation.TAK Server on AWS: From Zero to Operational in Under Ten MinutesA practical guide to deploying, hardening, and securing your own TAK Server on AWS using CloudFormation - from zero to operational with TLS certificates, Docker, and security best practices for the person who manages everything else too.
Empyrean Defense

Want to see this in action?

Request a demo or explore the platform capabilities.

Request a DemoExplore Capabilities