Jun 19, 2022
How to fall in love with unconsciousness or how the feeling of beauty helps to move technology forward?! Part one. 🐾
Hi all. My name is Dmitry. And one day I met a girl and fell in love. I tried desperately to get to know her. But nothing worked. And then I decided to show the seriousness of my intentions and my interest by founding a company in her honor. The project was conceived as a start-up for the development of technologies that are really useful for society, which will defend the rights and freedoms, the safety and security of personal data, and the confidentiality of information. But I decided not to stop at one project, but created several at once. I dedicated all the projects to my beloved, although I didn’t even know her in fact. As you can see from the intro image, the girl’s name is Ekaterina! Well, or just — Katya.
At the moment, there are as many as three Katya’s. One of which is responsible for artificial intelligence and machine learning. The other is for next-generation operating systems for desktop and mobile devices. And finally, Katya is a social blockchain platform for communication. But first things came.
Autumn 2019. At that time, I already had a project to create a new decentralized distributed Peer-To-Peer Internet on the blockchain, codenamed REChain. But the creation of Katya as a separate platform completely changed the vision of the project as a whole.
REChain 🪐 — primarily designed as a security and privacy analysis analogue fully focused on the use of platform moments and messages for communication, built on a source code library, including those developed by us, for those who respect freedom and privacy, as well as the safety and security of personal data. 🌤 Our task was to make a tool pleasant and enjoyable to use, with which each of you can communicate, expand content, create workspaces, organize a workflow. 🌈 We strive to show all the world’s giants that it is possible to create cool products that are of great importance for society, for people to interact with each other, without selling advertising, personal data of users, their rights and freedoms! 🦄 At the end of 2021, the number of downloads in the AppStore, Mac AppStore, Google Play Market, and REChain.Store exceeded 13 million downloads. 📡
Mobile Katya ®! 👽 ± Operating System! 📲
In the fall of 2021, we announced that we intend to release our own open source operating system for desktop and mobile systems, where we will also focus on privacy and confidentiality, protection against listening to your calls, intercepting SMS and Internet traffic. Mobile OS development has been in full swing for more than a year. We named it “Mobile Katya” (Katya ® Mobile OS).
Katya ® 👽 Mobile OS or simply Mobile Katya is currently the most secure mobile operating system with support for applications developed for Android. We have decided to focus on research and development of privacy and security technologies, including significant improvements to the sandbox, exploit mitigation, and permission model.
Mobile Katya enhances OS privacy and security from the bottom up. It uses technology to address entire classes of vulnerabilities and makes it much more difficult to exploit the most common sources of vulnerabilities. This improves the security of both the OS and the applications running on it. Application sandboxing and other security boundaries have been strengthened. We are not trying to influence the user experience with privacy and security features, as Apple and Google do. Ideally, features can be designed to always be enabled without affecting the user experience or introducing additional complexities such as configuration options. This is not always possible, and in Mobile Kat we have added various toggles for features such as network permission, sensors permission, restrictions when the device is locked (USB peripherals, camera, quick tiles) etc., as well as more advanced features. privacy and security focused on the user with its own UX.
We also develop various applications and services for our mobile OS with a focus on privacy and security. So, for example, our camera, which shoots even now (before the official release) is better than competitors thanks to neural networks and our algorithms, written on the basis of our Katya 👽 AI 🧠, also allows you to keep users’ personal data safe. We have completely excluded any metadata, and your photos taken with Mobile Katya will not contain any data, such as geolocation, date, time, model, code and device number, OS identifier, and other service metadata, which also can be used against you.
No Google apps or services for default!
Mobile Katya will never include Google Play services or other implementation of Google services, such as microG. It is possible to install Google Play Services as a set of completely sandboxed apps without special privileges through our sandboxed Google Play Compatibility Layer. But at the same time, Google will not have access to your data, your profile will be completely anonymized for it!
Protection against exploitation of unknown vulnerabilities!
Mobile Katya pays great attention to protecting users from attackers using unknown (0-day) vulnerabilities. Patching vulnerabilities does not protect users until the vulnerability is known to the vendor and a patch has been developed and shipped.
Unknown (0-day) vulnerabilities are used much more widely than many people think, to exploit users not only in targeted attacks, but also in wide deployments. Project Zero maintains a spreadsheet that tracks discovered zero-day exploits. This is just a quick look at what’s going on as it only documents instances where attackers have been caught exploiting users, often because the attacks are not targeted but rather deployed on public websites etc.
The first line of defense is to reduce the attack surface. Removing unnecessary code or an open attack surface completely eliminates many vulnerabilities. Mobile Katya avoids removing any useful features for end users, but we can still disable many features by default and require users to consent to their use in order to exclude them for most of them. So, for example, in Mobile Katya, as well as in Android, the use of kernel profiling support by default is prohibited, since this has been and remains the main source of vulnerabilities in the Linux kernel. Profiling is now only available to developer apps that include developer tools, enable the Android Debug Bridge (ADB), and then use the profiling tools via ADB. It is also only enabled until the next boot.
The next line of defense is to prevent an attacker from exploiting the vulnerability by making it impossible, unreliable, or at least significantly more difficult to exploit. The vast majority of vulnerabilities fall into well-understood classes of bugs and their exploitation can be prevented by preventing bugs with languages/tools or by preventing exploitation with strong exploit mitigations. In many cases, classes of vulnerabilities can be completely eliminated, while in many others they can be significantly more difficult to exploit. Android has done a lot of work in this area, and Katya Mobile has helped push it into and out of the Linux kernel. Fundamental fixes for these problems require a huge amount of resources to develop, and their deployment often comes with high performance, memory, or compatibility costs. Major operating systems generally do not prioritize security over other areas. Mobile Katya is ready to go further, and we offer switches for users to choose the compromises they prefer instead of being forced to. At the same time, weaker and less comprehensive exploit protections can still provide meaningful barriers against attacks if they are designed with a clear threat model. Katya ® 👽 Mobile OS invests heavily in many areas of development of these protections: development/deployment of memory-safe languages/libraries, static/dynamic analysis tools, and many types of mitigation.
The last line of defense is containment through sandboxing at various levels: fine-grained sandboxes around a specific context such as per-site browser renderers, sandboxes around a specific component such as a media codec sandbox, and application/workspace sandboxes. Mobile Katya improves upon all of these sandboxes by strengthening the core and other components, as well as improving sandbox policies.
Preventing an attacker from retaining control of a component or OS/firmware through verified boot and avoiding trust in persistent state also helps mitigate damage after a compromise. Remote code execution vulnerabilities are the most severe and allow an attacker to gain a foothold on a device or even take significant control over it remotely. Local code execution vulnerabilities allow you to exit a sandbox, including an application sandbox or sandbox, after remotely compromising an application renderer or browser, compromising an application’s supply chain, or forcing a user to install malware. There are many other types of vulnerabilities, but most of what we protect against falls into these two broad categories.
Default Privacy!
Katya ® 👽 Mobile OS does not include or use default Google apps and services, nor does it include any other apps/services that do not comply with our privacy and security policies. Google apps and services can be used in Katya Mobile like regular sandboxed apps without any special access or privileges using our Google Play sandboxed feature, but we don’t enable these apps by default to give users a clear choice if they want to use these apps . And if so, in which profiles they want to use them.
We’re changing the default settings to prioritize privacy over small conveniences: personalized keyboard suggestions based on typing history collection are disabled by default, sensitive notifications are hidden by default on the lock screen, and passwords are hidden by default while typing. Some of our changes to reduce the attack surface can also improve privacy by default by not opening unnecessary radios, etc. by default, as well as avoiding the impact of potential privacy bugs on the hardware.
By default, we also use Katya ® 👽 Mobile OS servers for the following services instead of Google servers:
- Check connection
- Provision of attestation key
- Download GNSS Almanac (PSDS)
- Network time
We provide a switch to switch back to Google’s servers to test connectivity, prepare an attestation key, and download the GNSS almanac, and add proper support for disconnecting network time connections. This, in combination with other switches, makes the device with Mobile Katya on board look like an AOSP device. This is especially important for verifying connectivity, as other connections are routed through the VPN, which is essential for LAN integration in practice.
Support for longer passwords!
Katya ® 👽 Mobile OS supports longer passwords by default: 64 characters instead of 16 characters. This avoids having to use Device Manager to enable this feature. This feature allows users to use Diceware passwords if they don’t want to depend on the security of the item, which provides very aggressive throttling and offers a high level of security even for a random 6 digit PIN.
Automatic reboot!
Option to enable automatic reboot of the device if no profile has been unlocked within a configured time period to completely put the device into a rest and full lock state again.
More secure fingerprint unlock!
Katya ® 👽 Mobile OS improves the security of the fingerprint unlock feature by only allowing 5 attempts, rather than implementing a 30 second delay between every 5 failed attempts for a total of 20 attempts as implemented by Google. Not only does this reduce potential hacking attempts, but it also makes it easy to turn off fingerprint unlock without intentionally unlocking 5 times with another finger! 🤓
Mobile Katya also adds support for using the fingerprint reader only for app authentication and unlocking storage hardware keys by disabling unlock support. This feature already existed for the standard Android Face Unlock feature.
Improved user profiles!
User profiles are isolated workspaces with their own application instances, application data, and profile data (contacts, media store, home directory, and so on). Apps cannot see other apps in other user profiles and can only interact with apps in the same user profile (with mutual consent from the other app). Each user profile has its own encryption keys depending on the lock method. They are great for Katya ® 👽 Mobile OS with lots of room for improvement. Mobile Katya provides improvements to the functionality of user profiles and is working on further improvements to make switching between them and monitoring other profiles much more convenient.
More user profiles!
Katya ® 👽 Mobile OS raises the secondary user profile limit to 16 (15 + guest) instead of 4 (3 + guest) for Google Android to make this feature more flexible.
Ending sessions!
Mobile Katya also provides support for logging out of user profiles without having to use Device Manager, which controls the device to use this feature. Logging out makes the profiles inactive, so none of the installed apps can run. It also removes the disk encryption keys from memory and hardware registers, restoring the user profile to a resting state.
Disable app installation!
Katya ® 👽 Mobile OS adds a switch in user management settings to disable installation of additional user applications. You can install the apps you want to use as an additional user and then disable the ability to install other apps as that user in the owner profile. Android supports this as a standard device management feature, but doesn’t make it available to the user owning their own device.
Mobile Katya Application Repository!
Katya ® 👽 Mobile OS includes our own app store client, codenamed Aurora Store 📺, focused on security, minimalism and usability. Our app store is currently being used to distribute our own apps and the Google Play mirror for isolated download functionality of all apps that are available in the Google Play Market. In the future, it will be used for the possible distribution of builds of Katya ® 👽 Mobile OS, as well as open source applications developed from outside, with protection applied.
App for attestation service!
Our attestation service application provides strong hardware authentication and firmware/software integrity on the device. It uses a strict pairing-based approach that also provides device authentication based on the hardware key generated for each pairing. Software checks are on top, and trust is firmly tied to the hardware.
Mobile Katya will become available for each of you exactly on November 19, 2023 (Exactly on this day, since this date is the birthday of the same Katya, after whom our OS was named!)! 🦄
👻 The operating system will be available for a number of mobile devices, you can download the system itself directly from our website, and install it in a few simple steps! We are currently working on new features! We periodically shoot short videos about our mobile OS, which we share on our social networks, as well as on our distributed decentralized blockchain matrix network called Katya ® 👽 AI 🧠 REChain 🪐 Blockchain Node Network in the #Chatting matrix space at #chatting:matrix.katya.wtf 🌍!
Sincerely,
Dmitry Sorokin,
403 Gone
REChain, Inc
Katya AI, Systems
Katya, Inc
Katya Systems, LLC
REChain Network Solutions
