3T – Trusted Telecommunication Technologies

is not just another secure phone

It protects your personal privacy in a unique manner taking you to an upscaled level of secure communications.
All is backed by an advanced privately assembled infrastructure dedicated to protect the whole community and to facilitate their connections.

3T-P1

Platform Features

3T is an uncompromising platform in terms of security and privacy. It is also very flexible, so different layers and settings can be selected and configured on demand. This makes it possible to meet the individual security needs of different organizations, further enhancing the private network usability.

DUAL BOOT

Two autonomous environments living in one device – a normal one and a secure one.

PRIVATE INFRASTRUCTURE An advanced privately built infrastructure dedicated to ensure the secure connections within the community.

HARDWARE 3T-P1 comes in a secure shelter with extended privacy controls.

BUILT-IN SECURE APPLICATIONS The device comes with customized applications, that produce a secure environment with extended privacy features.

Dual boot

The solution provides two completely autonomous operating systems. They run on alternate and fully independent environments with separate data storages – a normal one and a secure one. Switching between environments is possible only through a specialized secure application. The dual boot application design disallows remote switches leaving the option entirely on the user’s will.

Secure OS

The Secure OS is customized with the most advanced safety features:

Latest Android distribution with the highest performance privacy-by-design principles implemented. This ensures a highly secure environment that still provides a smooth Android experience.
Automatic VPN protected over the air updates bring the latest advanced data protection and privacy features.
Firewall against tracking, surveillance, spying, penetrating and data thefts.
Only whitelisted secure applications. Both built-in and optional ones.
Full control over installed applications
Secure encrypted communications – voice calls and text messaging.
Secure browsing.
Prevention of metadata collection.
Geolocation tracking resistance.
Secure data exchange within the community.
Always-on VPN for anonymous presence across the internet.
- Integrated firewall.
  - No external traffic and corresponding content can come through outside the tunnel.
  - No data leaks outside the tunnel.
- All the internal traffic is encrypted and inaccessible by third parties.
- Fully forced – can never be avoided or stopped by programs and users neither remotely, nor locally.
Only authentic access is guaranteed by:
- complex pin codes at entering the environment
- separate pin codes when running the different applications
Disabling Wi-Fi and Bluetooth when not in use
Banned access for unauthorized third party usb devices
Secure push notifications
Internal-Operations-Only protocol applied. The OS does not have to use cloud services or to trust third parties. It is maintained entirely internally within the private infrastructure.
Disk encryption protected by secure element authentication and security design
- Secure element provides a strong access protocol based on credentials that are stored and processed inside the chip.

Normal OS

The Normal OS represents a hardened Android for casual use. Although normal it is still provided with an encrypted file system, thus no security compromises are left in it. Android 11 comes with some additional security changes:

Improvements to the BiometricPrompt API
Mobile Driver’s License support
Secure Storage to make it easier for apps to share data blobs
Expanded use of sanitizers to several security-centric components
Improved Call Screening
Introduction of the GnssAntennaInfo class for improved GPS privacy
Secure audio capture from USB device

Hardware

3-T P1 has a secure hardware shelter with extended privacy controls
Privacy Mode with no possibility for remote or software interventions. Physical button disables the camera, location services, microphone, Bluetooth, screen recording, screenshots and activates airplane mode. The Privacy Mode sets up an efficient shield against malicious acts like:
- Hostile surveying by disabling cams
- Wiretapping by disabling mic
- Unasked connecting to the device remotely via Bluetooth

Qualcomm® Snapdragon™ 662 – a secure, robust and power efficient chipset that is designed to provide high performance and high level of user comfort.
- Snapdragon 662 comes with multiple advanced properties in terms of security:
  - Biometric Authentication: Fingerprint, Iris, Voice, Face
  - On-Device: Qualcomm® Mobile Security, Key Provisioning Security, Qualcomm® Processor Security, Qualcomm® Content Protection, Qualcomm® Trusted Execution Environment, Camera Security, Peripheral Security, Crypto Engine, Qualcomm® Malware Protection, Secure Boot, Secure Token
- Qualcomm® Hexagon™ Vector eXtensions significantly increases the processing efficiency
- Qualcomm® Sensing Hub enables voice assistant to be always-on immediately catching any command.
- Authentication and integrity checks at each reboot of the system to intercept any malicious attempts for modifications, replacements and unauthorized executions.
- Widened performance and security of executed operations thanks to the built in Cryptographic accelerators.
- Remarkable AI-driven engine for fast and powerful performance, vast multitasking capabilities and smart intuitive on-device interactions. All running on a major-league fortified and sustainable platform.
- The integrated Qualcomm® FastConnect™ 6100 Mobile Connectivity System makes the Snapdragon 662 to be Wi-Fi 6-ready for powerful connections that include battery-saving benefits and enhanced Bluetooth 5.1 capabilities. Wi-Fi 6 ensures confident connections with the supported cutting-edge WPA-3 security protocol.
- The supported elements of the WPA-3 Wi-Fi Security protocol give robust security across a wide range of environments and applications.

Infrastructure

Secure Linux-based backend

Linux is a secure OS by design.
Linux systems are hardly infected by viruses.
Linux does not grant full access by default.
Linux incorporates a sequence of built-in security defenses (UEFI Secure Boot, Linux Kernel Lockdown, SELinux, AppArmor MAC)

Private VPN server

Privately hosted VPN eliminates the risks on public VPN servers (especially that you do not need to trust them)
Provides encrypted traffic tunnels even through open public networks
Single sign-on authentication
Less latency compared to a traditional VPN.

DNS-over-HTTPS server

DNS queries over HTTPS protect you from leaking information to your internet provider
Encrypts the DNS traffic
Prevents from man-in-the-middle infiltrations

Private app repository server

Runs a private built-in app repository with a curated selection of apps.
Lineup management
- Arranged list of pre-approved trusted applications.

Applications installation executions

Attestation Server

Provides the relevant backend infrastructure for the auditor app.
Substantial authentication of the remote device and its software.
Remote wipe-out integration supported – can be executed automatically at attestation failure.

Audit Server – a secure and powerful multitasking server with multiple activities in recording and active monitoring.

Automatic audit logs – continuously structuring and recording all events across the infrastructure and on devices. Reporting log data – automatic and on demand.
Automatic executions of testing sessions on schedule. Internal testing system developed in order to frequently perform security checks.
Monitoring and analytics – statistical data over the infrastructure activity is collected, monitored for patterned biases and summarized. Summarizations are automatically sent to responsible administrator users within the community.

MDM (Mobile Device Management) – a secure device management platform for closed private networks that brings multiple safety features:

A security-oriented and customizable device management platform for closed private networks that brings multiple safety features.
- Keeping apps up-to-date remotely (push)
- Collecting log files on the server
- Data passes only through HTTPS protocol, thus cannot be accessed by third parties
- Integration with the attestation service
- Remote wipe-out – a security feature that provides the ability to remotely erase data. It can generally be used if a device has been stolen or lost, ensuring that the information on it can never be accessed by others.
- Remote password change
- VPN management
- Continuous device audit logging
- Trusted CA certificates management
- Wi-Fi management:
  - SSID
  - Security Policy
  - Credentials
- Application Library frequent updates
- Password expiration time.

Built-in Applications

3T
The ultimate security communication channel for voice calls and text messaging
Auditor app
A remote validating service that ensures the integrity and the authenticity of firmware and the entire Operating System
Privacy-oriented browser
The security focused web browsing
Email client
Fully featured, recognized to be especially focused on the security and the privacy in communications
App repository
A custom tailored and reliable source of applications
App locker
Powerful and easy to use app locker for Android with various options for setting passwords on different apps

About the applications

Learn a little more about our applications

Invulnerable communication channel

3T is a customized application that provides users with safe communications achieving the highest possible levels of privacy. This is assured by an advanced cryptographic protocol combining two of the most powerful encryption methods – the Double Ratchet algorithm and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake. The communication channel is arranged on a closed infrastructure. The logistics of the conversations – calls and texts, are processed by private servers and the information is only spread within the community and never outside of it.

Auditor app

OS integrity validation

Through a specialized Auditor app that monitors the device state and its configurations by performing sanity checks on schedule, the remote attestation service significantly upscales the degree of safety and reliability of the communications and the private data storage.

Privacy-oriented browser

Secure web browsing

А privacy and security hardened variant of Chromium. It adopts and effectively integrates the security feature of GrapheneOS thereby providing users with safe browsing across the internet.

Email client

Privacy-focused application

The application comes with some advanced features in regards of safety: Encryption and decryption backed (OpenPGP and S/MIME); Mechanism for recognising and disabling tracking images; Failed authentication warnings; No advertisements , no analytics and no tracking (error reporting is opt-in); No Google backup; No data storage on third party servers; Using open standards (IMAP, SMTP, OpenPGP, S/MIME, etc); Safe message view (styling, scripting and unsafe HTML removed); No special permissions required; Confirm showing images, opening links and attachments to prevent tracking and phishing; Convert messages to a phishing preventing format.

App repository

Reliable source of applications

A private built-in app store that offers only secure and trusted applications.

100% prevention against malicious apps.

Continuous support.

Frequent updates.

App locker

Keeping your apps intangible

Password protected privacy on any application.

Various options for lock up: PIN, password, pattern, knock code.

Prevents unauthorized access.

Provides an additional layer of security on your phone.

Inability for software uninstallation so the protection cannot be just removed.

Integration with the remote wipe-out supported. The service can be performed after predefined number password failures.