I’ve been using/promoting FindMyPhone for this application, because it is the only currently available solution I’ve found that doesn’t have a serious trust problem. It avoids the issue by not having a server-side component - the whole setup is a little daemon (GPLv2) running on the phone that responds to user-chosen code-words by ringing and/or replying with its current GPS coordinates.
This CM one is the first “service” type I’ve felt remotely comfortable about, assuming their cryptographic client-side key required to perform action assurance survives scrutiny.
