← S.O.S. demo home
Grant summary →Funding plan →
S.O.S.

S.O.S. — Real-World Test Plan

Validating the system on real devices · 2026

Four tiers move S.O.S. from a proven prototype to a fully validated real-world system. Each tier closes a specific gap between what is simulated today and what is real, with explicit pass/fail criteria. Tier 1 is runnable today with no build. A parallel iOS / iPhone track follows the Android tiers below, with the platform's honest limits called out.

Already real — needs nothing

Cloud backend, dashboard, gateway classification, and the 0–100 Network Integrity scoring are live. The field test reads your phone's true egress IP (server-observed). The logic is proven; the tiers below validate real device-level enforcement and real signal sources.

1

Live network-boundary loop

Today · no build · ~15 min

You need: One Android (or any) phone with a browser · two networks with different public IPs (your Wi-Fi + cellular is enough).

Procedure:
  1. Open sos-scholastic.vercel.app/fieldtest on the phone.
  2. Admin panel → sign in → “Use THIS network as the campus boundary.”
  3. Confirm the device auto-switches to School Mode; tap the “Games” tile (locked).
  4. Drop Wi-Fi → cellular; watch it exit to Personal Mode within ~3s.
  5. On a laptop, open the dashboard → Device Gateway + Logs to see the transitions.

✓ PASS: Device enters School Mode on the registered network with no toggle; flips to off-campus on cellular within ~3s; the dashboard reflects both; the off-campus IP is never stored or shown.

✗ FAIL: State doesn't change on network switch · an off-campus IP appears anywhere · classification is wrong.

Proves: IP-based detection, the network boundary, gateway classification, and the integrity score — on real hardware. Does not prove device-wide blocking (that's Tier 2).

2

Real on-device enforcement (the APK)

Build required

You need: Mac/PC with Flutter SDK + Android Studio · a physical Android phone (7.0+) — emulators are unreliable for VPN filtering · USB cable. Backend is already live.

Procedure:
  1. Build & install: flutter pub get, then flutter run (or flutter build apk and sideload).
  2. Sign in on the phone and accept the one-time system VPN-consent prompt.
  3. From the dashboard, a teacher starts School Mode for the class.
  4. On the phone, open ANY browser and visit a blocked domain (e.g. tiktok.com).
  5. Switch Wi-Fi → LTE and retry; then end the session from the dashboard.

✓ PASS: The blocked domain fails to load device-wide (not just in-app) in School Mode; an allowed domain loads; the block persists after Wi-Fi→LTE; the attempt logs in the dashboard (domain only); ending the session restores access.

✗ FAIL: Blocked domain loads · block lifts when the network changes · filtering only works inside the SOS app.

Proves: The core claim: real on-device DNS enforcement that survives network changes. This is the most convincing single test for investors and schools.

3

Real integrity signals (un-simulate Layers 1 & 2)

Developer · ~1–2 days

You need: Layer 1 (IP intel): an IPinfo or MaxMind account + API key (free tiers exist); any real VPN app on the test phone.
Layer 2 (attestation): a Google Play Console account ($25) + a Google Cloud project with the Play Integrity API enabled; the app signed and on an internal-testing track; a rooted phone or emulator for the fail case.

✓ PASS: L1: with the VPN on, SOS flags the real VPN IP, the score drops, and the device moves to Restricted/Hold per policy; VPN off → Verified. L2: a genuine device returns Play Integrity PASS (no penalty); a rooted/emulated device returns FAIL (score drops). Both reflect on the dashboard.

✗ FAIL: Verdicts don't differentiate real vs. tampered · the VPN isn't detected · integration errors.

Proves: The Network Integrity Engine running on real reputation + attestation data, not toggles.

4

Tamper-proof pilot (the deployable product)

Developer + school IT

You need: A factory-resettable Android device for Android Enterprise / Device Owner enrollment (or an MDM trial) · real auth (Firebase Auth or district SSO) · the school's actual public IP range (CIDR) from their network admin · 2–3 devices + real student/teacher accounts.

Procedure:
  1. Enroll the test device as Device Owner with an always-on, locked VPN.
  2. Attempt to disable the VPN, uninstall the app, and set a private DNS.
  3. Register the school's real CIDR; verify School Mode auto-engages on the school network.
  4. Run the full teacher→device→compliance flow with real accounts.

✓ PASS: The student cannot disable the VPN, uninstall the app, or bypass via private DNS; School Mode auto-engages on the school's real network; admins start/end remotely; compliance reports truthfully.

✗ FAIL: Any bypass succeeds · the app is uninstallable · the VPN can be toggled off.

Proves: The answer to “can't the student just turn it off?” — and the difference between a demo and a school-deployable system.

The iOS / iPhone track

Android lets S.O.S. become Device Owner and run an un-disableable, device-wide filter on a phone the school doesn't own. Apple forbids exactly that on a personal iPhone — by design. So iOS keeps the same network-persistence (switching Wi-Fi → cellular doesn't release the policy), but true tamper-persistence (the student can't turn it off) is reachable only on a school-owned, supervised device. We state that gap honestly — it's a Phase I research result, not a flaw. Full detail in docs/IOS_PATH.md.

EnforcementAndroid (Device Owner)iOS — school-owned (supervised)iOS — personal BYOD
Block apps / web on a schedule✓ Family Controls
Survives Wi-Fi → cellular
Device-wide DNS / network filter✓ locked VPNLimited · removable
Student can’t disable it✗ parent/student can revoke
Privacy-safe campus-IP detection✓ works today
1

iOS · Cross-platform field test

Today · no build

You need: Any iPhone with Safari · two networks with different public IPs (Wi-Fi + cellular).

Procedure:
  1. Open sos-scholastic.vercel.app/fieldtest on the iPhone.
  2. Admin panel → sign in → “Use THIS network as the campus boundary.”
  3. Confirm the iPhone auto-switches to School Mode; tap the “Games” tile (locked).
  4. Drop Wi-Fi → cellular; watch it exit to Personal Mode within ~3s.

✓ PASS: The iPhone enters School Mode on the registered network with no toggle, flips to off-campus on cellular within ~3s, and the off-campus IP is never stored — identical to the Android Tier 1.

✗ FAIL: State doesn't change on network switch · an off-campus IP appears anywhere.

Proves: The privacy-preserving campus boundary is already cross-platform — same proof on an iPhone as on Android, with no native iOS code.

2

iOS · Family Controls prototype (the BYOD answer)

TestFlight · ~6–10 wks

You need: Apple Developer Program ($99/yr) · Xcode on a Mac · the Family Controls entitlement (requested from Apple) · a test iPhone · a guardian Apple ID in a Family Sharing group (for the under-18 authorization).

Procedure:
  1. Build the SwiftUI app + a DeviceActivityMonitor extension (ManagedSettings shields).
  2. Parent approves in the existing /parent-consent portal → app requests Family Controls authorization.
  3. A teacher starts a session from the dashboard → school-session shields apply.
  4. Open a restricted app/site (blocked); switch Wi-Fi → cellular and retry; end the session → shields lift.

✓ PASS: Restricted apps/sites are shielded on schedule, the shield persists after Wi-Fi→cellular, ending the session lifts it, and a parent/student revoke is detected and reported as a compliance event (never a fake lock).

✗ FAIL: Shields don't apply · they lift on a network change · a revoke goes undetected.

Proves: School-hours app/web governance on a personal iPhone — network-independent and consent-anchored. The iOS analog of the Android APK, minus tamper-proofing (that's iOS Tier 4).

3

iOS · Real integrity signals (App Attest + filter)

Developer

You need: App Attest (DCAppAttestService) wired to the backend · a Network Extension entitlement (NEDNSProxyProvider / NEFilterDataProvider) · a modified/older build for the fail case.

✓ PASS: A genuine iPhone returns an App Attest PASS (no penalty); a tampered/failed attestation drops the score; the DNS/content filter blocks a restricted domain at the network layer — all reflected on the dashboard.

✗ FAIL: Attestation doesn't differentiate genuine vs. tampered · the filter doesn't block.

Proves: The Integrity Engine's Layer 2 running on real iOS attestation, not a toggle — iOS parity with Android Tier 3.

4

iOS · Supervised tamper-proof (school-owned)

District MDM

You need: School-owned iPhones/iPads in Apple School Manager · a district MDM (Jamf School / Mosyle / Intune — don't build your own) · an always-on locked tunnel config · Managed Device Attestation.

Procedure:
  1. Enroll the device supervised via Automated Device Enrollment (ADE).
  2. Deploy S.O.S. as a managed app with an always-on, locked NEPacketTunnelProvider (device-wide DNS filtering).
  3. Attempt to disable the VPN and remove the management profile.
  4. Register the school's real CIDR; confirm School Mode auto-engages on the school network.

✓ PASS: The student cannot disable the filter or remove the profile; device-wide enforcement holds; admins start/end remotely.

✗ FAIL: Any bypass succeeds · the profile is removable · the tunnel can be toggled off.

Proves: Full Android-parity tamper resistance on iOS — achievable only on school-owned, supervised devices. That ceiling is the honest iOS finding.

iOS sequence

iOS Tier 1 is real on an iPhone today — demo it now. iOS Tier 2 (Family Controls on TestFlight) is the personal-iPhone proof and the right MVP. Reserve iOS Tier 4 for a district running a school-owned 1:1 program — it's the only way iOS reaches Android-level tamper-proofing. The schedule risk is Apple approving the Family Controls distribution entitlement.

What you need — at a glance

RequirementTierWho gets it
Android phone (7.0+), physical1–4You
Wi-Fi + cellular (two public IPs)1–4You
Mac/PC + Flutter + Android Studio2Developer
Rooted phone / emulator (fail case)3Developer
IPinfo / MaxMind API key3Developer (free)
Google Play Console ($25) + Cloud project3Developer
Factory-resettable device for Device Owner / MDM4Developer + you
Real auth + school's CIDR range4Developer + school IT

Recommended sequence

Do Tier 1 yourself today — it's a real, impressive demo for anyone. Then prioritize Tier 2 (the APK): “the site is actually blocked on the real phone, even on cellular” is the most convincing proof point. Save Tier 4 (tamper-proofing) for when a school agrees to pilot — it's the most involved but it's what makes S.O.S. deployable.