Technology

Secure communication.
Protected sovereignty.
Trusted technology.

Vision

“To build India’s sovereign mobile operating system ecosystem that secures communication, protects digital sovereignty, and empowers governments and enterprises with trusted, indigenous technology.”

OS91 · Platform 1
Hardened AOSP · Deployed
MK-91 · Platform 2
Micro-kernel · In development
Explore architecture
os91-security-audit
$ os91-audit --deep-scan --platform OS91
Initialising security engine v3.1 · OS91 Platform 1
L01 Hardware TEE ATTESTED
L02 Verified boot chain SIGNED
L03 SELinux + AES-256 HARDENED
L04 App isolation + AI ISOLATED
L05 VPN + zero egress VERIFIED
● Threat score: 0.000
Integrity chain: VALID · 312ms
$
Hardware root of trust
Post-quantum encryption
AI threat detection
Zero foreign egress
Platform architecture

Two generations.
One mission.

The mission calls for spanning both hardened AOSP-based platforms and next-generation micro-kernel architecture operating systems. OS91 is deployed today. MK-91 delivers the long-term sovereign architecture.

Mission

“...spanning both hardened AOSP-based platforms and next-generation micro-kernel architecture operating systems, with deep OS-level security, trusted hardware integration, and centralised device management.”

OS91 PRODUCTION Platform 1
Hardened AOSP

GMS-free Android derivative. Five-layer defence-in-depth. Full AOSP API compatibility. Hardware TEE, verified boot, and SELinux hardening baked into every kernel call.

AOSP-based · GMS-free · App-compatible
AES-256 + post-quantum KEM
Trusted hardware integration · EDM91 bundled
Air-gap capable · On-premise · Source NDA
MK-91 ROADMAP Platform 2
Micro-kernel architecture

Next-generation OS where each system service runs in an isolated privilege domain. Formally verifiable kernel TCB. Hardware-enforced memory isolation. Designed for classified and critical national infrastructure.

Privilege-separated service isolation
Formally verifiable kernel TCB
Hardware-enforced memory isolation
Defence-grade classified deployment
Platform architecture
OS91
Platform 1 · Deployed now
PRODUCTION
Hardened AOSP

GMS-free, privacy-first Android derivative with five-layer defence-in-depth architecture. Full AOSP API compatibility. Deep OS-level security baked into every kernel call. Deployable on existing certified hardware.

AOSP-based · GMS-free · App-compatible
SELinux hardening · AES-256 + post-quantum
Trusted hardware integration · EDM91 bundled
Air-gap capable · On-premise · Source NDA
MK‑91
Platform 2 · In development
ROADMAP
Micro-kernel architecture

Next-generation OS architecture where each system service runs in isolated privilege domains. Formal verification possible at the kernel level. Smallest possible attack surface. Designed for classified and critical infrastructure.

Privilege-separated service isolation
Formally verifiable kernel TCB
Hardware-enforced memory isolation
Designed for classified & defence-grade use
Vision

“To build India’s sovereign mobile operating system ecosystem that secures communication, protects digital sovereignty, and empowers governments and enterprises with trusted, indigenous technology.”

OS91 secure mobile platform

Six components.
One sovereign stack.

A tightly integrated combination of secure mobile hardware, hardened operating system, private infrastructure, and policy-driven device management — engineered end-to-end in India to operate without foreign dependency.

01
Secure mobile hardware
+ hardened operating system
Foundation

AOSP-based and completely DeGoogled — no Google Mobile Services. Tamper-proof architecture, secure boot, hardware-backed key storage, trusted manufacturing supply chain.

DeGoogled AOSP Secure boot Root of trust
02
Private application
marketplace
Distribution

Internal app stores tailored to defence, intelligence, and high-security enterprises. Vetted, signed, monitored. Restricted by user, department, or device group. Encrypted delivery pipelines.

Internal store Signed apps Per-user policy
03
Private & on-prem
infrastructure
Sovereignty

All system apps, communication protocols, and backend services on organization-owned servers. Internal communication never touches third-party clouds. Dedicated security layer filters all data flows in real time.

On-premise Air-gap Zero foreign cloud
04
Policy-driven device
management with EDM91
Control plane

Restrict camera, Bluetooth, USB, Wi-Fi, location tracking, and mobile data. Role-based and mission-specific profiles. Remote lock, wipe, and policy push. Configure VPN routing, firewall rules, SIM/network locking.

Role-based Geofencing Real-time push
05
Interception protection
+ data-in-transit security
Encryption

256-bit AES encryption at both transport and payload layers. Private channels with anomaly detection. Suspicious transmissions auto-quarantined. Encryption envelope from device to data centre.

AES-256 Dual-layer encrypt Auto-quarantine
06
Malicious app +
malware protection
Threat defence

Every app monitored at install and runtime for behavioural anomalies. Unauthorized scripts, sideloaded APKs, and unknown binaries blocked. App interactions with hardware restricted by policy and real-time analysis.

Runtime monitor APK blocking Behavioural AI
Source: OS91 Datasheet · A Deep-Tech Approach to National-Scale Mobile Security
Closed-loop architecture

Mobile to data centre.
Fully encrypted security perimeter.

All inbound and outbound communications are protected by 256-bit AES encryption at both the transport and payload layers. The encryption envelope extends across the entire environment — from mobile hardware to organisation-owned server endpoints.

SECURE OS91 FLOW DIAGRAM
Encrypted channels · Sovereign jurisdiction · Zero foreign egress
●OS91 9:41 tee.attested vpn.tunnel.up selinux.enforce aes-256.payload attest.boot.v847 END-TO-END ENCRYPTED PERIMETER · v2.4 Edge → Carrier → DMZ → Core → DMZ → Carrier → Edge · zero trust at every hop SOVEREIGN JURISDICTION · INDIA PROD · LIVE OS91 EDGE Hardened AOSP · TEE-attested DEVICE TELEMETRY tx: 1.2 KB/s rx: 3.8 KB/s latency: 12ms CARRIER · 5G In-country only DMZ FIREWALL deep packet inspection SOVEREIGN CORE eu-noida-1 · meghraj EDM91 NODE A primary · active EDM91 NODE B replica · standby DATABASE AES-256 at rest TEE-AS v2.4 42k attests/s ATTESTATION device verify REAL-TIME METRICS ● live devices.online 5,248 +12 last 24h sessions/sec 1,847 peak 2,394 threats.blocked 14 last 24h foreign.egress 0 always sessions · 60min window DMZ FIREWALL egress filter CARRIER · 5G In-country only OS91 EDGE Hardened AOSP · TEE-attested DEVICE TELEMETRY tx: 0.8 KB/s rx: 2.4 KB/s latency: 14ms AES-256 AES-256 AES-256 AES-256 AES-256 AES-256 CONTINUOUS THREAT INTELLIGENCE behavioural.anomaly 0.000 malware.signature 0 hits unauthorised.script 0 detected geofence.breach 2 alerts post.quantum.kem enabled attestation.fail 0 / 5,248 SYSTEMS NOMINAL last scan: 4ms ago LEGEND encrypted channel sovereign boundary live · attested data packet monitored anomaly CLASSIFICATION: RESTRICTED
Edge devices
Secure OS91 phones over private BTS — encrypted at hardware level.
Private core
EDM servers + database hosted on organisation-owned infrastructure.
Perimeter
Dual firewalls + anomaly detection. Sovereign jurisdiction throughout.
256-bit
AES encryption
0
Foreign cloud touch
100%
On-prem hosted
Firewall layers
AOSP without GMS

No Google. No GMS.
No compromise.

Stock Android ships with 47 Google background services phoning home. OS91 removes every one of them — and replaces each with a sovereign, auditable alternative.

Stock Android + GMS
47 background services · Foreign infrastructure
Google Play Services (GMS) ~200MB background
Firebase Cloud Messaging US data routing
Google SafetyNet / Play Integrity External attestation
Google Analytics & Crash Reporting Behavioural telemetry
Widevine DRM (foreign) Closed source
Google Location Services Persistent location egress
OS91
0 foreign services · All data in India
Sovereign App Runtime (GMS-free) India-hosted
e91 Push Notification Gateway On-premise or MeghRaj
Hardware-backed boot attestation Kernel-level, local
Zero telemetry by architecture No callbacks anywhere
AES-XTS + post-quantum KEM Source-auditable
NAVIC-integrated location stack No foreign GNSS egress
Data sovereignty
Stock Android
8%
OS91
100%
Attack surface
Stock Android
High
OS91
Min.
Source auditability
Stock Android
30%
OS91
100%
Attribute Stock Android+GMS OS91
Foreign cloud dependencies 47 services 0
Data residency US / global India only
Background telemetry Continuous None by architecture
Boot chain verification Google-signed Hardware-backed local
Push notifications Firebase (Google US) e91 Gateway (on-premise)
Maps & location Google Maps (foreign) BharatMaps / NAVIC
DRM & content protection Widevine (closed) e91 DRM (open, auditable)
Source code access Partial AOSP only Full access under NDA (GOI/def)
Air-gap capable No (requires Google connectivity) Yes — full functionality offline
Security architecture

Five layers of
defence-in-depth.

OS91 Platform 1 · Hardened AOSP architecture

OS91’s security is not a feature — it’s the architecture itself. Every layer is independently verified and depends on the integrity of the layer beneath it. A failure or compromise at any layer is contained and cannot propagate upward.

DEFENCE-IN-DEPTH ARCHITECTURE Each layer cryptographically verified by the layer beneath it · No exceptions CHAIN OF TRUST L05 Network Layer · Always-on VPN Kernel-enforced VPN tunnel · Zero foreign egress · Real-time anomaly detection TUNNELLED vpn.tunnel.up foreign.egress: 0 latency: 12ms throughput: 128 MB/s connections: 5,248 L04 App Isolation · On-Device AI Per-app sandbox · Behavioural threat model · Zero cross-app data leakage ISOLATED sandboxes apps.monitored: 147 anomaly.score: 0.000 malware.flag: 0 runtime.scans: 42k/s L03 OS Kernel · AES-256 · SELinux MAC SELinux mandatory access · Post-quantum KEM · FIPS 140-3 validated cryptography HARDENED selinux.enforce aes-256.payload: active pq.kem: enabled policy.violations: 0 syscalls: audited L02 Verified Boot Chain Cryptographic chain · dm-verity · Anti-rollback · Each stage signed and verified SIGNED boot.chain.verified image.hash: SHA-256 ✓ rollback.blocked: v847 tampering.detected: none L01 Hardware TEE · Root of Trust Hardware enclave · Secure key storage · Biometric binding · Tamper-proof from silicon up ATTESTED tee.attested key.storage: hw-backed enclave: isolated biometric: bound tamper.score: 0.000 SILICON · IMMUTABLE
Layer 01 & 02 — OS and boot

The foundation
of trust.

Security in OS91 doesn’t start when the OS loads — it starts before a single line of OS code executes. The boot chain is cryptographically verified at every stage. If any stage is tampered with, the device refuses to boot. No exceptions.

VERIFIED BOOT CHAIN · L01 → L02 Cryptographic verification at every stage · Tampering blocks boot STAGE 01 ROOT HSM Hardware Root • HSM key storage • Secure enclave • Tamper-proof root.hash: 0x4f7a...c3e1 attest: verified ● VERIFIES STAGE 02 SIGNED ROM Bootloader • Crypto verify • Signature check • Anti-rollback sig.check: passed ● v.lock: v847 VERIFIES STAGE 03 VERIFIED OS91 Kernel • dm-verity FS • SELinux MAC • Hardened syscalls img.hash: SHA-256 ✓ selinux: enforce VERIFIES STAGE 04 SEALED System Image • Apps + system • Vendor partition • Read-only mount fs.verity: all blocks ✓ mount: read-only ! TAMPERING DETECTED → BOOT BLOCKED If any stage fails verification, the device refuses to boot. Forensic logs are written to the secure enclave. CURRENT all clear
Layers 06 — 10

Encryption, isolation, perimeter.
Defence at every layer.

06 · Encryption

Data protected at every layer.

AES-XTS encryption at rest. Post-quantum KEM in transit. FIPS 140-3 validated cryptographic primitives. Hardware-backed key storage in TEE.

AES-256-XTS at rest
Post-quantum KEM
FIPS 140-3 validated
Hardware-backed keys
07 · App security

Every app is contained.

Isolated app sandboxes with mandatory access controls. On-device AI behavioural monitoring. No cross-app data leakage. Real-time runtime analysis.

Per-app sandboxes
SELinux MAC enforced
On-device AI scanning
Sideload prevention
08-10 · Network & HW

Protected at the perimeter too.

Always-on VPN with traffic inspection. Zero foreign egress enforced at kernel. Hardware tamper detection. Trusted boot chain from silicon up.

Always-on VPN
Zero foreign egress
Tamper-proof hardware
Verified silicon-up boot
Platform specifications

Full-stack specifications.

Hardware
ARM · RISC-V · x86
Custom chipset porting available. Works with existing fleet or certified secure hardware.
Deployment
On-premise · Customer cloud
Air-gapped supported. No third-party cloud dependency.
Encryption
AES-256 · AES-XTS · Post-quantum
Hardware-backed key storage. Keys never exposed to software layer.
Audit
Full source · CERT-In ready
Independent audit fully supported. GOI source code access under mutual NDA.
See it in action

Evaluate the full stack
within your infrastructure.

Structured pilots with full technical access, source code review, and a dedicated engineer — no cost, no obligation.

Download technical brief