Use cases

Built for these jobs.
Not those.

HardenedOS isn't for everyone. It's for people whose phone is part of a threat surface they have to defend — by law, by contract, or by mortal stakes. Six customer profiles, the threats they're up against, and what HardenedOS actually does about them.

Government & defense

For agencies that need to know which device is in the field.

Every device in your fleet is one device. Hardware attestation tells you which one.

Threat: Foreign signals collection. Compromised supply chains. Classified leakage from devices outside the SCIF.
Answer: Titan-M2-signed attestation on every heartbeat. Tier-locked policy bag enforced at boot. Surveillance ceiling that holds at every tier — even Government.
Maps to: Hardware-rooted security · Government tier

Legal & professional services

For practices where privilege is the product.

Client communications, work-product, e-discovery overreach — your phone shouldn't be the weak link.

Threat: Inadvertent disclosure of privileged comms. Lost devices with case files. Adversary-class access to opposing-counsel devices.
Answer: End-to-end encrypted messengers in the bundled catalog. Storage scopes per matter. Duress PIN that wipes on entry. USB-C data lock when the device is sealed.
Maps to: Per-app permissions · Physical security & duress

Healthcare

For systems where a phone's a liability the day it walks out of the building.

EMR-on-mobile, telehealth, ransomware-on-phone — same threat surface as a workstation, ten times the loss probability.

Threat: HIPAA breaches via mobile. PHI exfiltration through tracker SDKs in consumer apps. Phone-as-vector ransomware on the enterprise network.
Answer: Required-app catalog enforces the EMR client; nothing else has network access without your toggle. Per-app sensor and contact scopes. Audit log to your SIEM.
Maps to: Permission scopes · Corporate tier

Journalism & civil society

For people whose source list is a moral hazard.

Border crossings, IMSI catchers, device seizure under detention — the threat model isn't theoretical.

Threat: Identification of sources via metadata. Forced unlock at borders. Targeted exploit kits. Geolocation via Wi-Fi probes and cellular fingerprints.
Answer: Duress PIN that wipes irreversibly. Per-connection MAC randomization. LTE-only mode that disables 2G fallback. Scrambled-PIN keypad. Auto-reboot to clear keys from RAM.
Maps to: Physical security & duress · Network privacy

Wealth management & family office

For conversations where a misplaced phone moves a market.

UHNWI advisors, private banks, deal teams. Your value is the discretion of your communications.

Threat: Targeted phishing. Executive impersonation via SIM swap. Surveillance during international travel. Trader-floor leakage from a single compromised handset.
Answer: Hardware attestation before sensitive calls. Profile isolation per portfolio. No telemetry, no third-party SDKs, no analytics. App catalog you whitelist.
Maps to: Profiles & identities · White-label option

CISO & security operations

For programs that buy fewer tools and integrate them deeper.

Mobile is the underdefended surface in most enterprises. One platform for OS hardening AND fleet management closes more gaps than two best-of-breed tools.

Threat: BYOD sprawl. MDM stacks that don't talk to the mobile threat-defense stack. Phone-as-pivot during incident response. Audit findings that mobile is "out of scope."
Answer: OS + DPC + admin panel from one vendor with one signing chain. Manifest-pinned signing certs for installed apps. Webhook delivery with HMAC signing into your SIEM. Tenant isolation if you're operating multiple business units.
Maps to: All features · White-label / multi-tenant

Not on this list?

If your threat model fits in a consumer-grade phone, you don't need this.

HardenedOS trades convenience for defense. Some apps don't run as smoothly. Some features are off by default that aren't off on a normal Android. If you're not being targeted — by the kind of adversary who buys exploit kits or has a budget line for cellular surveillance — a stock Pixel and good hygiene is enough.

If you are being targeted, or your role makes you targetable, this is the OS that stops the easy and middle-difficulty paths. The hard path is still hard. That's the deal.

If your team's job is on this list, talk to us.

We'll scope the deployment shape, the tier mix, and whether HardenedOS Cloud or a sovereign instance fits.

Talk to us → Read the features

Built for these jobs.Not those.