Case Study: Secure Communication Solution For Enterprises

Client: Secure Group, international company focused on digital security, founded in 2009

Business goals: Provision of enterprises with a complex secure communication solution

Product: Secure Phone, a device running a customized operating system designed for encrypted communication and storage of data. The device includes specialized software for secure correspondence, internal management tools, and a number of accompanying services.

Applied technologies:
• Secure Phone: Mobile Device Management, GSON, AOSP, RXJava, RXAndroid, SQLite
• Secure Apps (Chat & Email): Java, message and object encryption protocols, real-time transport protocol, customized libraries
• Back End: Symfony, PHP, MySQL, Docker, Docker Compose, Elastic, Composer
• UI/UX design, Codeception-based testing, Agile management framework

Secure Phone is a mobile device management product, comprising a device with a proprietary operating system based on Android. It was designed as an advanced means of encrypted communication, customized and enhanced to ensure the highest level of layered security. Its under-the-hood complexity is made invisible for end users by familiar user experience that won't take time to get used to.

This solution includes a modified application framework, secure custom libraries, remote control and recovery, partition validation, and end-to-end encryption. Together with a bundle of complementary apps and services — most notably Email, Chat, and Administration System — Secure Phone was designed as a perfect solution to the issue of secure corporate communication and storage of data.

Secure Chat is a communication app that enables encrypted text messaging and file exchange. It is based on Off-The-Record protocol (OTR), which offers the highest level of encryption for instant messaging with temporary per-message keys that can be decrypted on the recipient's device only.

Security is the cornerstone of Secure Chat. Nothing gets logged on the server. No data is stored on the server. Nobody can track the time, the content, and the participants of a conversation. Everything is stored on the devices only, and users are verified via the OTR protocol. Loss of the device is not a problem either, since there is a feature of remote wiping.

Emailing is one of the essentials in communication, and our next task was all about creating a mailing application without vulnerabilities—it had to shield users with an encryption mechanism that would make their activities fully protected from any intruders. Additionally, it had be be as simple and convenient as regular mailing apps.

We took an open-source technology PGP (short for Pretty Good Privacy) for this task. Although it's one of the most advanced encryption standards—intended for use in corporate software solutions—our team had to perform a number of adjustments. We did not want any learning curves or complex installations for end users. This app was designed as a simple and secure out-of-the-box mailing tool within a similarly effective ecosystem.

Secure Administration System is the command center of every corporate Secure ecosystem. It provides flexible remote device management (up to settings and functionalities of every device), server setups, account policies, restrictions and pre-configurations. Essentially, it grants easy, secure, and convenient control over a fleet of devices to keep corporate security in check.

All in all, Secure Phone is a B2B solution with military-grade security created with two goals in mind. First, to deliver maximum privacy and confidentiality, so much valued in the corporate environment. Second, to ensure easy integration with the said environment, where every enterprise that adopts this solution has full control over each of its elements. Feel free to contact us with any questions!