S.O.S. — Scholastic Operating System

Schools struggle to manage student-owned devices without invading privacy, requiring separate hardware, or deploying expensive enterprise management systems. Personal phones are the #1 classroom distraction, yet every existing answer forces a bad trade: confiscate the device, buy a second one, or enroll a child's personal phone into surveillance-grade IT management.

S.O.S. is a Network Integrity and Gateway Enforcement System. It creates a secure, school-controlled learning environment on the student's own device during school hours — and a fully private personal environment the rest of the time. A teacher starts a class session; every enrolled device switches to School Mode (approved apps, blocked distractions, muted notifications). The bell rings; the device is the student's again, and S.O.S. stops looking.

S.O.S. is one cross-platform system — a native client for both Android and iPhoneover a single backend, dashboard, and integrity engine. Android enforces tamper-proof even on a student's personal phone; iPhone delivers the same school-hours governance through Apple's consent-based Family Controls, with full parity on school-owned devices — so no student is excluded by the device they carry.

Every device is continuously scored 0–100 by a multi-layer Network Integrity Engine — IP reputation (VPN/proxy/TOR/datacenter via a commercial feed), device attestation (Android Play Integrity; root/emulator/tamper detection), network-behavior analysis, and school-gateway verification — and classified Verified / Trusted / Suspicious / Restricted. Schools set the enforcement action per band (monitor → warn → restrict → hold → block).

Critically, S.O.S. governs at the device level, not the network level. A trusted school gateway (or teacher) captures the enrolled device into a School session; the policy then attaches to the device, so switching off school Wi-Fi to cellular, a hotspot, or a VPN does not release it — those become logged bypass attempts that lower the device's integrity score. Only a valid condition (scheduled dismissal, teacher/admin end, override, emergency) releases the session. This is the structural answer to "can't the student just switch networks?"

• On-device enforcement (VPN-layer filtering) — blocks survive Wi-Fi → cellular switches and work without proxying any traffic through school or vendor servers.
• Time-boxed control — school authority is architecturally limited to school mode; there is no code path that observes personal use.
• Privacy by design — the system collects five data points (device ID, mode, compliance, mode changes, blocked-domain names) and is incapable of collecting more; the server discards anything else.
• Campus-aware device gateway — devices detect campus by IP (egress address within the school's registered network ranges, not Wi-Fi-name or location sniffing) and are provisioned without IT involvement; staff can reach every enrolled screen instantly with a district-wide emergency broadcast, in either mode.

Working MVP, demonstrated and operational — now with live single-device network-boundary activation. A real phone reads its actual egress IP, automatically detects the school network by IP range (no toggle, no teacher), and changes behavior at the boundary — proving the real-world device loop, not just a simulation. Plus: teacher dashboard with remote session control, JSON policy engine, compliance tracking, a privacy-enforcing event pipeline, the campus-aware Device Gateway with emergency broadcast, and a native Android implementation (Flutter + Kotlin VPN-layer DNS filtering and network-callback campus detection) ready for device pilots.

Live demo: sos-scholastic.vercel.app — dashboard teacher@demo.sos / demo1234; device simulator at /device; live single-device field test at /fieldtest (run it on a phone).

Funding is requested to move from working prototype to district-ready product across four workstreams:

1. Pilot deployments — device provisioning (Android Enterprise / Device Owner), classroom pilots, teacher onboarding.
2. Security validation — independent penetration testing, anti-circumvention hardening (DoH/DoT, VPN watchdog), iOS pathway (Family Controls for personal iPhones; supervised MDM for school-owned).
3. District testing — multi-school tenancy, SIS roster integration, parent transparency portal, outcome measurement.
4. Production infrastructure & compliance — SOC 2 alignment, FERPA/COPPA counsel review, state student-privacy certifications, data-retention automation.