Device Agent
Purpose
Abschnitt betitelt „Purpose“This specification defines the Device Guardian Agent: what signals it collects, what OS permissions it requires, how it buffers data locally, and what platform-specific constraints apply.
Audience: Client/agent engineers, security auditors.
In-Scope / Out-of-Scope
Abschnitt betitelt „In-Scope / Out-of-Scope“| In-Scope | Out-of-Scope |
|---|---|
| Signal collection from OS APIs and sensors | Signal classification (see Detection Engine) |
| Permission model per platform | Cloud enrichment processing |
| Local buffering and ring buffer semantics | Event delivery to external systems |
| Platform constraints and limitations | Network firewall / IDS functionality |
Signal Collection
Abschnitt betitelt „Signal Collection“Signal Inventory
Abschnitt betitelt „Signal Inventory“| Signal | Source | Raw/Derived | Leaves Device? | Purpose | Frequency |
|---|---|---|---|---|---|
| Call metadata (number, duration, timestamp) | OS API (CallKit / TelephonyManager) | Raw | Hashes only (SHA-256) | Fraud call detection | Per call event |
| STIR/SHAKEN attestation | OS API | Raw | No | Spoofing detection | Per call event |
| App installation event | OS API (PackageManager / App Store) | Raw | Hashes only (SHA-256) | Malicious app detection | Per install/update |
| App permission requests | OS API | Raw | No | Suspicious permission detection | Per permission request |
| DNS queries | Network stack | Raw | Hashes for TI lookup | Phishing/C2 detection | Continuous |
| TLS certificate info | Network stack | Derived | No | Certificate validation | Per connection |
| Microphone access patterns | Device sensor API | Derived | No | Remote control detection | Continuous |
| Screen activity (lock/unlock, transitions) | Device sensor API | Derived | No | Behavioral analysis | Continuous |
| Motion sensor data | Device sensor API | Derived | No | Remote control detection | Continuous |
| Accessibility events | OS API | Raw | No | Overlay/notification detection | Continuous |
| USB device connections | System API (Desktop only) | Raw | No | USB threat detection | Per connection event |
| Process execution | System API (Desktop only) | Raw | No | Malware/remote access detection | Continuous |
Data Handling Rules
Abschnitt betitelt „Data Handling Rules“- In-RAM processing: Message content, audio, and files are analyzed in volatile RAM and immediately discarded after analysis
- No persistent storage of content: The agent never writes plaintext content, audio, or files to disk
- Ring buffer: Normalized signals are stored in a ring buffer (non-persistent) that auto-overwrites older entries
Current workspace note: the prototype agent currently uses a simple in-memory event store rather than the documented 10,000-entry ring buffer.
Permission Model
Abschnitt betitelt „Permission Model“Android
Abschnitt betitelt „Android“| Permission | Purpose | Optional? |
|---|---|---|
READ_CALL_LOG / READ_PHONE_STATE | Call protection, fraud detection | No (required for call protection) |
PACKAGE_USAGE_STATS | App scanner, sideload detection | No (required for app scanner) |
ACCESSIBILITY_SERVICE | Remote control protection, overlay detection | No (required for remote control protection) |
POST_NOTIFICATIONS | Threat notifications | No |
INTERNET | Cloud enrichment, model updates | No |
Limitations:
- Background services affected by aggressive battery optimization (manufacturer-dependent: Samsung, Xiaomi, Huawei)
- Android 14+: restricted access to non-own app installations
Documented product target: battery-optimization guidance and managed configurations for Android Enterprise. Not confirmed by the current workspace code.
| Permission | Purpose | Optional? |
|---|---|---|
| CallKit Integration | Caller ID + call blocking | No (required for call protection) |
| Notifications | Push alerts | No |
| Network Extension (VPN profile) | Network monitoring, phishing protection | No (required for network protection) |
Limitations:
- iOS sandbox prevents direct access to other apps — app scanner limited to known signatures + URL checking
- CallKit: Caller ID + blocking only, no real-time audio access, no call duration in real-time
- No Accessibility Service equivalent — remote control protection limited to known app detection
Documented product target: iOS CallKit/AppConfig constraints and supervised-device deployment guidance. Not confirmed by the current workspace code.
Windows
Abschnitt betitelt „Windows“| Permission | Purpose | Optional? |
|---|---|---|
| Administrator (installation) | Agent runs as system service | No |
| Network access | DNS monitoring, phishing protection | No |
| Filesystem access | App/file scanning | No |
Limitations:
- No call protection (no native phone function)
- UAC prompts cannot be programmatically blocked
Documented product target: Windows Defender coexistence and enterprise deployment guidance. Not confirmed by the current workspace code.
| Permission | Purpose | Optional? |
|---|---|---|
| System Extension | Network monitoring | No |
| Full Disk Access | File scanning | Optional (enhanced protection) |
| Notifications | Push alerts | No |
Limitations:
- No call protection
- System Extensions require user confirmation in System Settings
- TCC (Transparency, Consent, and Control) requires explicit user grants
Documented product target: universal binaries and PPPC/TCC deployment guidance for managed macOS fleets. Not confirmed by the current workspace code.
| Permission | Purpose | Optional? |
|---|---|---|
| root (installation) | Agent runs as systemd service | No |
| Network access | DNS monitoring | No |
Limitations:
- No call protection
- No push notifications (API/webhook/email only)
- No family management
- Distribution fragmentation
Documented product target: Linux package/distribution support and configuration-management integrations. Not confirmed by the current workspace code.
Minimum Requirements
Abschnitt betitelt „Minimum Requirements“| Platform | Min Version | Memory | Storage | Network |
|---|---|---|---|---|
| Android | 8.0 (API 26) | 128 MB available | 100 MB (agent + models) | Optional (offline mode supported) |
| iOS | 15.0 | 128 MB available | 100 MB | Optional |
| Windows | 10 (1903+) | 256 MB available | 150 MB | Optional |
| macOS | 12.0 (Monterey) | 256 MB available | 150 MB | Optional |
| Linux | Kernel 5.4+ | 128 MB available | 100 MB | Optional |
Security Boundaries
Abschnitt betitelt „Security Boundaries“| Constraint | Description |
|---|---|
| Minimal system rights | Agent accesses only user-explicitly-allowed content |
| No persistent content storage | Plaintext content exists only in RAM during analysis |
| No internet requirement | Cloud queries only for signature updates and escalation. Full local protection without connectivity. |
| Signed model updates | Model packages are cryptographically signed. Signature verified before loading. Rollback protection (agent rejects older versions). |
| Permission denial handling | Each signal source degrades gracefully. Missing permission reduces scope, does not crash agent. |
Failure Modes
Abschnitt betitelt „Failure Modes“| Failure | Impact | Mitigation |
|---|---|---|
| Permission denied (single source) | That signal source unavailable | Graceful degradation. User notified of reduced scope. Other signals continue. |
| All permissions denied | Agent cannot monitor | User shown clear guidance to re-enable. Agent in “dormant” mode. |
| Offline (no internet) | No Cloud Enrichment, no model updates | Local detection continues. Events buffered for later sync. Last-known-good models used. |
| Battery optimization kills service | Agent stops monitoring | Manufacturer-specific workarounds. User guided through battery exemption setup. |
| OS update breaks API | Signal collection fails | Agent self-tests on startup. Failed collectors logged. OTA agent update pushed. |
Related Specifications
Abschnitt betitelt „Related Specifications“- System Overview — Component architecture
- Detection Engine — How collected signals are classified
- Privacy Model — What data leaves the device
- Platform Capabilities — Public capability matrix