RAW Cyber - Secure Brand New Mobile Operating System

With RAW Cyber, we wanted to create a first-class secure smartphone that is accessible and easy to use. See how we succeeded (because, well, we did).

Table of contents
  • The Brief / Challenges
  • Our Solution
  • Results
Estimate your project!
Client
RAW Sp. z o.o
Team Size
9 people
Project Duration
3 years until now
Technologies used
C/C++, Nginx/Gunicorn, CopperheadOS, Biocoded
Technologies:
Services provided:

THE BRIEF / CHALLENGES

The Client

RAW CYBER is a Polish company that provides services, training, and software in the field of cybersecurity and business intelligence. When performing security risk assessments for companies, they took a closer look at smartphones and their potential vulnerability to malicious attacks or data leakage. All of that made them think. It seemed that there was a great need to design a smartphone with a military-class security-level operating system. And, since they walk the talk, RAW Cyber started working on that. With us on their side.

What did RAW Cyber need?

RAW Cyber noticed that smartphones are becoming all-around devices we most often reach for, no matter the circumstances. Unfortunately, that is why we also hold a lot of sensitive data inside them, which makes smartphones both valuable and vulnerable. So they set out to create a safe Android-based phone that would not be subject to user tracking.

The objective was to design a custom smartphone operating system that would be extremely secure and still have standard smartphone features. In addition to that, RAW Cyber imagined an entire ecosystem of secure mobile applications that would be served from the internal app store.

Why did they choose us?

RAW Cyber describes it this way:

The Order Group was recommended to us by a colleague who has already worked with them on several projects. We were looking for a company that we could entrust to handle a project that is mainly R&D but also is to become up and running, so it requires UI / UX design, mobile and web application development, custom operating system development, and testing. A lot of competencies, and they had them all.

So we were to deliver a comprehensive project, the result of which was to create an entirely new solution on the market - an ultra-safe smartphone. Some of the tech needed was totally new to us, and in some, we had quite a background. Nevertheless, the whole project turned out to be a great adventure - R&D in full swing.

RawCyber-Client-2.jpg

OUR SOLUTION

RAW Secure Phone to keep your communication and data safe

Our goal was to provide a highly secure smartphone operating system that is immune to attacks and disclosure, eavesdropping, and takeover or alteration of data.

There was also a need to design and implement:

  • web panel - where secure apps can be added to the store and the user is able to manage permissions or check information on, e.g., potential malicious activity,
  • app store - a space where users can download secure approved applications, just like with a regular smartphone.

Challenges we faced

From the very beginning, the main challenge in the project was its core - building the smartphone operating system. . That required a fresh, innovative approach as well as a great deal of creating brand new stuff. First, we wanted to monitor and have control over what the outgoing network traffic looks like. We'll focus on this aspect as an example, although the project consisted of many tiny puzzles, which we resolved with great satisfaction.

Packet inspection - how we approached that

One of the business requirements was full packet inspection - not only verification of the IPs or URLs our phone connects to, but that we can look at packets and filter them on a regular basis according to the applied rules. We wanted this to be the last line of defense to detect malware communication with command and control suspicious servers.

That is not a problem that can be googled and solved. Instead, it covers many areas, from the analysis and classification of packets to how the traffic in the Linux system behaves (because it is practically identical to the Android).

We started from the inside - analyzing the packets because we decided this is probably the most challenging thing we are to do here. Then we moved on to handling and capturing.

We developed technology that allows us to monitor, select, and examine data packets to protect the smartphone against malware. We intercept the packets, notify the user, and that's it. It is not possible to be protected against tracking or other cyberattacks on ordinary phones in such a thorough, precise way.

For more technical details, go to How to improve the security of a mobile application in Android based on nDPI library implementation?

Time and material in R&D project - managing the budget and work planning

With each project, we put ourselves in our client's shoes. We know that with large budgets and completely new, innovative products, extra care in planning is a must. That is why we do our best to be as transparent and respectful as possible to the client's needs. We remain flexible and adjust our workflow on the go, but we still do some big room planning.

In this case, we approached planning at two levels:

  • budget control - we always wanted to be sure that we would be able to deliver a product that meets the requirements in the assumed budget,
  • time monitoring - we set deadlines and flexibly arranged our work to deliver everything on time.

In our big room planning (for a month or a quarter, not only for the next sprint), we assumed that we had a specific time and budget to use. This big picture, sketched in a master Excel sheet, included the user stories we estimated - how long they will take and when they have to be delivered. Then, the user stories were assigned to sprints and our people.

After each sprint, we were able to verify whether our estimates were correct and how we were doing in general. Based on that, we planned and verified the next sprints, communicating with the client on an ongoing basis.

We became so skilled in this that in the end, it turned out that the total error was only ... 25 hours, which is incredibly few. Throughout the project, the client had full access to hourly reports and our progress, knowing exactly what was happening in the project and budget.

Since RAW Cyber was an R&D project which aimed at designing something brand new, this method proved correct and beneficial for both parties.

Our workflow

A 15-people team was formed with 7 experts from the Order Group:

  • 3 Engineers/Developers,
  • Tech Lead/Analyst,
  • Manual Tester,
  • Project Manager,
  • UX/UI Designer.

We started preliminary work in June 2018, and we were operating in Scrum since May 2020. The project was completed in September 2021, but further development is to start this year.

We worked in 3-week sessions, and we communicated with each other every day on Slack or Google Meet. In addition, the project was coordinated on YouTrack.

Thanks to Scrum, we were able to plan and track our progress as well as rely on each other. Transparency and predictability enabled us to complete a challenging R&D project on time and with a positive, robust outcome.

Raw Cyber Gallery - 2022 04

RESULTS

We love it when R&D projects end up with a measurable result - a product that can actually be used. In this challenge, we succeeded in:

  • developing the end-to-end solution in technologies that were entirely new to our team,
  • carrying out the development process and introducing the Scrum methodology customized to the R&D nature of the project,
  • meeting and satisfying client needs - as RAW Cyber said about us:

Together we created a RAW Secure Phone - smartphone based on the Android CopperheadOS (Google Pixel) system with various security layers, thanks to which, to make the long story short, the user should be confident about the data contained in the phone. The project is dedicated to business owners as well as individual non-business customers.

They are not afraid of challenges.
Arrow to navigate
Maciej Łata
Project Manager, RAW Sp. z o.o.
Build your mobile app with a high-class specialists!
Contact us!