RAW Secure Phone to keep your communication and data safe
Our goal was to provide a highly secure smartphone operating system that is immune to attacks and disclosure, eavesdropping, and takeover or alteration of data.
There was also a need to design and implement:
- web panel - where secure apps can be added to the store and the user is able to manage permissions or check information on, e.g., potential malicious activity,
- app store - a space where users can download secure approved applications, just like with a regular smartphone.
Challenges we faced
From the very beginning, the main challenge in the project was its core - building the smartphone operating system. . That required a fresh, innovative approach as well as a great deal of creating brand new stuff. First, we wanted to monitor and have control over what the outgoing network traffic looks like. We'll focus on this aspect as an example, although the project consisted of many tiny puzzles, which we resolved with great satisfaction.
Packet inspection - how we approached that
One of the business requirements was full packet inspection - not only verification of the IPs or URLs our phone connects to, but that we can look at packets and filter them on a regular basis according to the applied rules. We wanted this to be the last line of defense to detect malware communication with command and control suspicious servers.
That is not a problem that can be googled and solved. Instead, it covers many areas, from the analysis and classification of packets to how the traffic in the Linux system behaves (because it is practically identical to the Android).
We started from the inside - analyzing the packets because we decided this is probably the most challenging thing we are to do here. Then we moved on to handling and capturing.
We developed technology that allows us to monitor, select, and examine data packets to protect the smartphone against malware. We intercept the packets, notify the user, and that's it. It is not possible to be protected against tracking or other cyberattacks on ordinary phones in such a thorough, precise way.
For more technical details, go to How to improve the security of a mobile application in Android based on nDPI library implementation?
Time and material in R&D project - managing the budget and work planning
With each project, we put ourselves in our client's shoes. We know that with large budgets and completely new, innovative products, extra care in planning is a must. That is why we do our best to be as transparent and respectful as possible to the client's needs. We remain flexible and adjust our workflow on the go, but we still do some big room planning.
In this case, we approached planning at two levels:
- budget control - we always wanted to be sure that we would be able to deliver a product that meets the requirements in the assumed budget,
- time monitoring - we set deadlines and flexibly arranged our work to deliver everything on time.
In our big room planning (for a month or a quarter, not only for the next sprint), we assumed that we had a specific time and budget to use. This big picture, sketched in a master Excel sheet, included the user stories we estimated - how long they will take and when they have to be delivered. Then, the user stories were assigned to sprints and our people.
After each sprint, we were able to verify whether our estimates were correct and how we were doing in general. Based on that, we planned and verified the next sprints, communicating with the client on an ongoing basis.
We became so skilled in this that in the end, it turned out that the total error was only ... 25 hours, which is incredibly few. Throughout the project, the client had full access to hourly reports and our progress, knowing exactly what was happening in the project and budget.
Since RAW Cyber was an R&D project which aimed at designing something brand new, this method proved correct and beneficial for both parties.
Our workflow
A 15-people team was formed with 7 experts from the Order Group:
- 3 Engineers/Developers,
- Tech Lead/Analyst,
- Manual Tester,
- Project Manager,
- UX/UI Designer.
We started preliminary work in June 2018, and we were operating in Scrum since May 2020. The project was completed in September 2021, but further development is to start this year.
We worked in 3-week sessions, and we communicated with each other every day on Slack or Google Meet. In addition, the project was coordinated on YouTrack.
Thanks to Scrum, we were able to plan and track our progress as well as rely on each other. Transparency and predictability enabled us to complete a challenging R&D project on time and with a positive, robust outcome.