Security

ATLAS is designed for operational security. All your data is encrypted and stays on your device.

Data Encryption

All sensitive data is encrypted at rest using AES-256-GCM:

Projects, cards, notes, and POIs
GPS coordinates
Situational awareness data
Exported mission bundles (password-protected)

Keys are stored in the Android Keystore (hardware-backed when available).

What We Don’t Collect

ATLAS does NOT transmit operational data to our servers:

GPS locations
Card data or reads
Project files
Notes or POIs
Any captured data

All operational data stays on your device.

Device Recommendations

Warning: We do not recommend running ATLAS on rooted devices.

Rooted devices have weakened security boundaries that can expose your operational data. Android’s security model relies on app isolation that root access bypasses.

Android Version Requirements

ATLAS requires Android 12+ (API 31+). We intentionally do not support end-of-life Android versions:

Version	Status
Android 15	Supported
Android 14	Supported
Android 13	Supported
Android 12	Supported (minimum)
Android 11 and below	Not supported

Why we don’t support older versions:

No security patches — Android 11 and below no longer receive security updates from Google
Increased attack surface — Older versions lack modern permission APIs and security mitigations
Operational risk — Running security-sensitive data on unsupported OS versions is an unacceptable risk for professional operations

If your device cannot run Android 12+, upgrade to a supported device before using ATLAS.

Recommended Device Setup

Unrooted device — GrapheneOS recommended for enhanced security
Full disk encryption — Enable in Android settings
Strong PIN or passphrase — Avoid biometrics (courts can compel fingerprint/face unlock, but not PIN disclosure)
Up-to-date OS — Latest security patches
Dedicated device — Separate from personal use if possible

Screenshot Protection

By default, ATLAS blocks screenshots and screen recording to prevent accidental data exposure.

To toggle: Settings → Security & Privacy → Allow Screenshots

When enabled, a warning is displayed reminding you that sensitive data may be captured.

App Protection

ATLAS actively monitors its own integrity and will alert you to potential security issues.

Tampering Detection

The app continuously verifies it hasn’t been modified:

Check	Description
App Integrity	Validates the app’s signature hasn’t been modified or repackaged
Debugger Detection	Identifies if debugging tools are attached
Debug Mode	Detects if app is running in debug configuration
Instrumentation	Detects hooking tools (Frida, Xposed, etc.)
Root Detection	Warns when running on rooted devices

If tampering is detected, ATLAS will:

Display a clear warning in the Security Status screen
Mark security status as Compromised (critical issues) or Warning (rooted device)

Security Status Screen

Check your device’s security posture anytime:

Settings → Security & Privacy → Security Status

This screen shows:

Overall Security Level — Secure, Warning, or Compromised
Encryption Status — Secure storage, key initialization, hardware-backed status
Tampering Detection — Results of all integrity checks
Security Policy — Summary of implemented protections

Operational Security Tips

Before the Engagement

Verify screenshot protection is enabled
Verify device encryption is on
Clear any sensitive data from previous engagements

During the Engagement

Set an active project to tag data automatically
Use GPS tagging for all card reads
Take notes while details are fresh

After the Engagement

Export project data for reporting
Securely delete local data when complete

Data Deletion

To permanently delete data:

Open the item (project, card, note)
Long-press and select Delete
Confirm deletion

Deleted data is removed from the database and cannot be recovered.

For full device wipe: Use Android’s factory reset.

Reporting Security Issues

Found a security vulnerability? Contact us at [email protected]