 I work as a developer for the Calsus Institute, which is a non-profit education organization in the USA. We work on a lot of projects. Calix versus Mark-10 is an Android-based smartphone operating system that forces on the privacy and security. In today's talk, I will go through how we have implemented operable device security levels so that a user can choose what kind of security he wants the device to be. Just a quick talk to Google. First of all, we will go through what security levels are and what we have implemented in Calix. Then I will go through the pregnancy of development so that how somebody else can just choose what kind of work they want to implement for their own Android-based operating system if they wish to. Then we will go through some of the blind features that we are currently working on. So security levels, worker security levels, and what do we need them for? I think the question with the contact of people that is diverse also, why do I need to be concerned about the security and why should I even be concerned about the security? The very simple answer to that is that not everyone is familiar with the best and the features that are on their device every time. It takes quite a lot of time to find the very best possible combination of the settings that you may want the device to be in. Switching between those combinations takes quite a lot of different times. You may want different modifications for your work. You may want different modifications for your personal life. You may want different modifications to be in-based, not in-based. They don't depend upon work. You cannot be with your own people. There is the part of the expert opinion because not everyone is familiar with what a particular setting is doing. Sorry for that. The expert opinion is always helpful because not everyone is familiar with what kind of settings are doing things in the background. You are not quite sure if that setting is doing what you are thinking is doing in the background. Security levels offer pre-configured security choices. As for your requirement, they are configured by the expert between the developers because they are developing those features and it restricts you from the user's action and options depending upon the use case. What you are seeing in the image is from the door browser. They have security levels implemented including there. As you can see, there are three modes, standard, safer and safest. Depending upon the case, the security level is enforced on the web browser. The standard mode, everything is enabled. You can improve the safer, which is also dangerous. Website features cost a lot of money and use functionality when they can just go into safe which is able to communicate with others. It is much more restrictive. While there are a lot of other browsers who are also into the various security levels, there has been no such implementation when it comes to these platforms which will use much of the kinds during your daily lives. That's why we actually invented it and inspired from the door browser we actually implemented security levels in KaliSource. We also invented three security levels which are standard, safer and safest. These security levels are shown in the user when they boot their device preloaded in KaliSource for the very first time. So it's present in the setup result that asks to set up password, security levels and everything else. The options that are shown for the first time are standard, safer and safest. All these options are currently in development which means that we are improving it as user feedback comes in. There are different things that you can not show. It's pretty good. But the standard mode is the recommended mode for everyone which means that all it contains are default features which are configured for a normal everyday user for their everyday lives. Then there is the second level which is the safer. Safer builds are not standard but what it does is that it sets a time on for the Wi-Fi activated for starters which means that they automatically get turned off when they are not being used for a certain period of time which means that they do a certain time out as well but default. Which means that if you leave home with your Wi-Fi enabled and it's time to use while you are in transit or something it gets on when you've turned off so it gets cool with it. We also set the device to reboot automatically after a certain period of time of non-uses which means that it utilizes at your position where you just work on it somewhere after a certain period of time and it's likely to use it after a certain period of time with the paint on lock, your fingerprint place on lock, those kind of things will work. The safer mode also requires a work profile. Work profiles are a certain encapsulated profiles in which you can install your applications you wish to limit the access to the system which means that applications which are installed in this work profile will not have access to your data which contains, let's say, your private images, your other applications, their data. And finally the safer mode also enforces forward as the for this one VPN which in the work profile which means that all the network communication that is being made within that work profile is going over towards forward VPN it's encrypted, no one knows what you are doing other than yourself. And finally, the safer mode, safer mode, those are all safer but it's much restricted there is also the fact that safest you cannot remove from the device without finding the phone device. What safest does is that it disables USB data signaling so if your device is going to be seen, it will not be charged no data can be shared from it there is also the fact that a lot of device issues come when you install applications from unknown sources normally, from the internet somewhere. So safest mode also restricts the user to install applications from unknown sources. It also disables 3D button features which means that no ADB access you cannot connect to the PC that disables those specific features to extract some of your data from the device. And finally, it also disables JavaScript data from here. Now, I will go through how we actually want to develop this this is, this might show a better mode of code, that's Java and Cognitive but it's real simple one. But before going into that there was some prerequisites that were required to develop the very first one is the palace which is our work profile manager application work profile to deploy it, you usually need a dedicated application to develop palace which is work profile manager application. It allows user to provision and manage work profile and go play on their device without connecting to the internet or asking your company to do it manually. It is very simple and return for placing a material and put it through your coffee which is this primitive guidelines from Google for the Android. It is also compatible with both ASP and cradle build system that any developer can simply pull in your repository and start working with it in the Android studio or any idea of their choices. Next is the other options. As I mentioned earlier in the simplest mode the debugging is just like simple and if you want to correct the lines you might notice that there are quite a lot of useful features in the debugging options which are habitality to do the last debugging. Example would be an OEM debugging which can remove the operating system installed on the device and replace it with a custom OS. The other one would be taking bugger code so that you can remove the developer which apps are crashing, which apps are not working and whatever issues you are facing on the device. There is also the Wi-Fi non-processing Mac optimization so that you can change the MAC address whenever it is connected to your Wi-Fi and much more. Considering the different features this one what we did was we added some of this important options outside of the developer options so that even if it is different which is not simple a user can use those features without any issues. So what we did was we added a new screen for other options within the settings application this contains those much frequently used options. These options also still maintain the security requirements for certain switches such as taking bugger code which is a surefire way to collect what is going on in your device and you may not want anyone to access it so it still asks you your password whenever you want to collect a bugger code. The same goes for the OEM unlocking because the operating system gets changed so whenever you turn it on it still asks your password before letting you do this. Now going to development how this was done whenever a user puts their device for the first time they go into setup wizard a setup wizard that asks the user what kind of profile level they want the device to be in that the setup wizard propagates these two values which is the word profile manager application word profile values handles all the settings that we want to apply to the device that this is a few words with the Android Studio and any other user so that any developer can access it alone change their settings they want their operating system to be in and just apply a good word Then finally when this is finished finished whatever it wants to do maybe you want to open another application before letting you do the device you can do that it simply guides users back to the launcher to which they then start using the device Now looking into the code this is the code in the setup wizard we generally refer this as the colleague level security level is already here and the jump string we use there is a string that contains three values from 0 to 1 this one is security level the security level simply puts a value let's say the user selects security level would 1 then it will forward this as an intent to the device it turns out a way to reach an application or anyone can communicate with another application so it's a security whatever so it basically files another intent which is as a function managed device from the system source that's the component name which is the value then they can so developers can set things in the extra provisioning bundle then if they want they can skip the application string which will simply smooth animation that can be shown by the values in the processing in the background now when the value is small this won't create a metric it's wider here values intercepts the intent that was sent by the setup wizard there are three modes that can list the intercepts if you get provisioning mode it is asked so the system asks if what provisioning mode the device is going to be in it will simply tell that whatever setup wizard sent it simply gives the possible extra from the setup wizard's intent and it simply puts it's act so it does not just add things special when the provisioning mode is squared then there is the action and then policy compliance and action provisioning successful so there can be two things one setup wizard finishes it launches values then action and policy compliance part is followed in that part we can run whatever code we want to run after the release setup wizard has finished so what we do is take the complete provisioning method in which we set up various restrictions such as launching or for example this on VPN we restrict the installation of applications and other things and on the action provisioning successful that's all different cases we simply for that method again do set different settings as required for the cases now I'll just go through the applied features usually what we are working on at the moment so by default Android only allows one work profile or device which means that if there is already a work profile you cannot deploy more work profiles this is a limitation on the protocol source project on which it is based on so we are also working on implementing multiple work profiles so that users can deploy more profiles as per their requirement they can deploy a work profile for personal users they can deploy a work profile for work, VPN, no VPN and use cases they want considering work profiles allows you to just turn off entire set of applications this is quite useful for users who have different use cases for different kind of time there is also the fact that you can use different VPNs in the different profiles you can use separate applications you can separate passwords and passwords whatever you wish for that there is the voice editor that we are already working on voice editor it simply streams the updates from the KXOS service to your KXOS devices there is no download part so there is no requirement for spaces they are using the update engine APIs from the movie so it just simply streams the updates this also return coffee and maternity and it's really simple there are just simply two streams one was this one on the screen and the second one is the settings part which allows you to change the update channel on complicated notifications and other settings as required again this is also compatible with both ASP and firmware system which means that any developer tends to be blown and start working with it as they want we are also planning to fetch the system updates from OATOM so that for much better privacy and security processes there are other features that are small but we are also working on them are examples such as gallery help line links so we want to by default open the help line in the door browser so that no one knows what help line you contacted or queried for using the data we also want to allow user to check whenever your device comes online it thinks a certain server to know that the internet is working right so we also want to integrate a server selection for this connectivity check so that you can use whatever server you wish for you think is much better for your purposes for the server selection we also we also replace the proprietary services we are also trying to move this traffic over there is another feature that we are working on is resetting the device after a number of failed attempts so that means that somebody is trying to break into the device and address also a drop of four or five times it automatically gets reset we are also discussing more features that we are trying to do and that's all that's all from my side if you wish to go more or join the community that's all from my side thank you my colleague will ask you some questions if you may have