As a general rule, you cannot be certain of the integrity of third-party applications, regardless of the provider’s reputation. App behavior within the mobile ecosystem and the potential for some of its libraries to maliciously abuse standard flows cannot be accurately predicted. Services such as Google Mobile Services (a collection of Google’s apps and APIs baked in every consumer-grade android device) utilize embedded location-tracking functionality, which can be exploited.
Users can take charge of their device through our hardware control feature enabling users to manage hardware components and sensors (Wi-Fi, Bluetooth, Location, and more) reducing the attack surface by switching them on and off depending on their needs.
There are numerous ways to extract data from a mobile device, especially if it is obtained physically. Physical access to a device poses a significant threat as adversaries can files through the USB port using specialized equipment. This method allows attackers to bypass many security measures, gaining access to sensitive information. Especially vulnerable are devices that are protected with simplistic PINs, patterns or passwords (e.g. a 16 digit PIN is cracked in 1 hour)
The device’s USB port is modified to allow users to fully control it, including fully disabling all USB port functions (except for charging). The USB port is disabled on a hardware abstraction level, ensuring that it can not be utilized even by the most sophisticated extraction tools.
Even if users are well protected against over-the-air attacks, they can lose control of their data if an adversary forces them to unlock their phone or if they lose possession of the device. To counter these risks, our solutions offer users and administrators multiple methods to wipe all stored data:
The bootloader of a device is its most basic, low-level software. Its purpose is to check and verify the software running on your device before it boots to ensure its integrity.
If the bootloader is unlocked, various custom ROMs and software not approved the organization could easily be pushed to the phone. Additionally, as mobile devices are PIN or password-protected, unlocking the bootloader opens dangerous attack vectors that can be exploited to bypass the password-authentication process if an attacker gains physical access.
Our OS features not only a locked but an encrypted bootloader, preventing any non- authorized third-party software from being installed on the device. This protects against attacks attempting to install a malicious OS that would gain control over the device, as the encrypted bootloader will refuse to load it.
A common way of adversaries to infiltrate devices is by installing spyware software without the consent or knowledge of the user. Adversaries are able to install malicious software through exploiting native vulnerabilities of smartphones. This software allows them to execute collection attacks to identify and gather information such as sensitive files, user keystrokes, screen activity, browsing history, and more.
For example the Pegasus spyware was installed on consumer smartphones through exploitation of third party or system app vulnerabilities. The spyware allowed the adversary to access devices through zero-click exploitation, where user didn’t even have to click a phishing link.
Secure OS allows users and organizations to forbid the installation of any software outside the app store managed by the MDM, ensuring that no untrusted apps are installed.
Data mining on Android devices, particularly within Google’s ecosystem, involves extensive collection of user data points, including location, search history, app usage, and more. This pervasive data collection raises privacy concerns and exposes users to potential vulnerabilities, especially due to pre-installed bloatware that can introduce security risks.
Secure OS is a completely de-Googled Android Operating System. It relies on in- house developed or open-source technology to deliver necessary mobile microservices such as location, push notifications, time, app updates, and others. Users can easily disabled those services, unlike consumer smartphones.
While having the necessary spyware mitigation mechanisms in place is vital for protecting digital data, having a way to detect if those mechanisms fail is equally important.
Secure OS comes with a software integrity feature that compares the local device policies and installed software (apps and OS) to the policies saved on the server. Any discrepancies are reported, and the user is alerted. With this feature, users and organizations can easily identify if their device has been compromised.
To prevent physical tampering with our encrypted mobile communication devices, we have implemented triple password protection: The storage holding all sensitive information, the OS allowing the phone’s basic functions, and the system communication apps storing your correspondence are separately protected by different passphrases. The passwords securing sensitive data, such as the information in your storage, are highly complex, ensuring that even supercomputers cannot penetrate them
Libraries are sets of prewritten code that applications use to perform their functionalities. As part of the standard application security testing application stores tests all applications submitted to them and provide developers with instructions on fixing vulnerabilities.
However, this model does not consider that in the mobile ecosystem, applications are not isolated from one another. Their libraries and logic coexist with those of other apps. App store’s implied security model overlooks the possibility of different behaviors of various libraries within the same mobile stack, leading to three major threats:
To ensure the security of our device, we have tested all libraries used by our system applications, both in isolation and within the mobile ecosystem. We have also taken rigorous measures to harden library security and introduce a further defense layer through additional device encryption.
A known technique for tracking device location is through utilization of Silent SMS or Silent call attacks. Those techniques are very effective since al smartphone devices have enabled those services, with the capability to execute SMS and calls without notifying the user.
Even if users have disabled their location through their settings or policy, they are still vulnerable to the attack, since the disabling of location services only prevents the API calls to fetch location from executing,.
Instead the Silent SMS and Silent Call attacks help adversaries triangulate the device location by seeing which towers they are pinging on incoming SMS/Call.
Secure OS allows users to disable phone and SMS services on a OS framework level. By disabling those services, they have a guarantee that no SMS or calls will go through, even if initiated by the most sophisticated software.
People face challenges when managing their on-device data due to the lack of control over data when it’s backed up to the cloud. Current solutions either cannot perform a full device backup (third-party cloud apps) or back up everything without giving users full control or transparency over the process (system backup software of consumer-grade smartphones). Many people are opting out of their data backups due to the risks or complexity of it, risking to lose their most valuable digital assets in case of phone malfunction or theft.
Secure OS supports full device backup and restore functionality through its backup manager feature. The device backup is stored on the self-hosted MDM server, fully encrypted with user-generated keys, ensuring that it cannot be decrypted in transit or at rest. Users can easily delete the backup to guarantee confidentiality.