{"product_id":11599,"v_id":11599,"product_name":"Cellcrypt Android Mobile Client v 5.0","certification_status":"Certified","certification_date":"2025-12-01T00:00:00Z","tech_type":"Application Software,Network Encryption,VoIP","vendor_id":{"name":"Cellcrypt, Inc.","website":"https://www.cellcrypt.com"},"vendor_poc":"Mark Currie","vendor_phone":"410-850-7305","vendor_email":"mark.currie@cellcrypt.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p>Cellcrypt Android Mobile Client is a secure multimedia application for Android smartphones. It implements end-to-end encryption and authentication of voice, video, text messages and file attachments between two or more users of Cellcrypt Android Mobile Client and other compatible applications. The Cellcrypt system comprises a handset software application (Cellcrypt Android Mobile Client, i.e. the TOE) and the back-end support infrastructure (Cellcrypt Server). The TOE is the handset software application, Cellcrypt Android Mobile Client, on a specific hardware platform <!--StartFragment--><span data-olk-copy-source=\"MessageBody\">described in the Security Target and in the evaluated configuration below.</span>&nbsp;</p>","evaluation_configuration":"<p>The TOE runs on Android 14 and was tested on Samsung Galaxy S23. The evaluated configuration includes the following hardware platforms:</p>\r\n<p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Samsung Galaxy S23 running Android 14.0 on a Qualcomm Snapdragon 8 Gen2 processor with Processor Algorithm Accelerators (PAA).</p>\r\n<p>&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Samsung Galaxy S21 running Android 14.0 on a Qualcomm Snapdragon 888 processor with Processor Algorithm Accelerators (PAA).</p>","security_evaluation_summary":"<p style=\"text-align: justify; margin: 0in; font-size: 12pt; font-family: 'Times New Roman', serif; color: black;\"><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the&nbsp;<em>Protection Profile for Application Software</em>, Version 1.4 with the Functional Package for Transport Layer Security (TLS), Version 2.0 and PP Module for Voice and Video over IP (VVoIP), version 1.0 applied. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all the security functional requirements stated in the CellCrypt Android Mobile Client Security Target. The evaluation was completed in Decemeber 2025</span><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.</span></p>","environmental_strengths":"<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Cryptographic Support</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE implements cryptography to protect data in transit. For data in transit, the TOE implements TLS as a client. The TOE supports TLS connections both with and without mutual authentication. The TOE also implements SRTP to transmit voice and video data.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE implements all cryptography used for these functions using its own implementations of OpenSSL with NIST-approved algorithms. The TOE&rsquo;s DRBG is seeded using entropy from the underlying OS platform.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">For data at rest, the TOE relies on its operational environment to control access to stored credential data.</p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Communications</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 10pt; text-align: justify; line-height: 115%; font-size: 10pt; font-family: 'Times New Roman', serif;\"><span style=\"font-size: 11.0pt; line-height: 115%; font-family: Calibri, sans-serif;\">The TOE transmits voice and video data using a constant bit rate vocoder.</span></p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">User Data Protection</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE relies on platform provided credential storage mechanisms to protect sensitive data at rest.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE enforces the media transmission policies for controlling the transmission of voice and video data to a remote peer.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE relies on network connectivity and the credential repository provided by its host OS platform. All uses of network connectivity are user-initiated.</p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Identification and Authentication</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 10pt; text-align: justify; line-height: 115%; font-size: 10pt; font-family: 'Times New Roman', serif;\"><span style=\"font-size: 11.0pt; line-height: 115%; font-family: Calibri, sans-serif;\">The TOE supports X.509 certificate validation as part of establishing TLS connections. The TOE implements functionality to support various certificate validity checking methods, including the checking of certificate revocation status using OSCP. If the validity status of a certificate cannot be determined, the certificate will be rejected.</span></p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Security Management</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE itself and the configuration settings it uses are stored in locations recommended by the platform vendor. The TOE is launched by the OS user and runs in the session context of that user; there is no interface for a non-administrator to act as an administrator through separate authentication. The TOE&rsquo;s primary management function is to configure the ESC server parameters and set the parameters that are used for the TLS channel (ciphersuites) or the Voice and Video connection channels (vocoder codecs and SRTP parameters).</p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Privacy</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE does not transmit PII.</p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Protection of the TSF</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE enforces various mechanisms to protect itself against unauthorized modification and use. The TOE implements address space layout randomization (ASLR), does not allocate any memory with both write and execute permissions, does not write user-modifiable files to directories that contain executable files, is compiled using stack overflow protection, and is compatible with the security features of its host OS platform.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE contains libraries and invokes system APIs that are well-known and explicitly identified.</p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE has a mechanism to determine its current software version. Software updates to the TOE are acquired through the application&rsquo;s connection to the Controller in the operational environment and subsequently applied using the TOE platform. All updates are digitally signed to guarantee their authenticity and integrity.</p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">TOE Access</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 10pt; text-align: justify; line-height: 115%; font-size: 10pt; font-family: 'Times New Roman', serif;\"><span style=\"font-size: 11.0pt; line-height: 115%; font-family: Calibri, sans-serif;\">The TOE terminates voice and video connections after the configured inactivity time-period elapses.</span></p>\r\n<p style=\"margin: 0in; line-height: normal; break-after: avoid; text-align: justify; font-size: 10pt; font-family: 'Times New Roman', serif;\"><strong><em><span style=\"font-size: 11.0pt; font-family: Calibri, sans-serif;\">Trusted Path/Channels</span></em></strong></p>\r\n<p style=\"margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif;\">The TOE encrypts sensitive data in transit between itself and its operational environment using TLS and SRTP. These interfaces are used to secure all data in transit between the TOE and its operational environment.</p>","features":[{"id":281,"feature_name":"Application Software"},{"id":298,"feature_name":"Certificate Authentication"},{"id":297,"feature_name":"Certificate Validation"},{"id":288,"feature_name":"Credential Storage"},{"id":293,"feature_name":"Cryptographic Key Establishment"},{"id":295,"feature_name":"Cryptographic Signature Generation"},{"id":296,"feature_name":"DRBG"},{"id":294,"feature_name":"Keyed-hash message authentication"},{"id":292,"feature_name":"PBKDF"},{"id":307,"feature_name":"TLS 1.2"},{"id":303,"feature_name":"TLS Client"},{"id":300,"feature_name":"VVoIP"}]}