In some countries people are accussed of having used a smartphone app called “ByLock”. This is the reason for arresting people and denying them a fair trial. The accused must prove their innocence. This is where our detailed forensics analysis reports can help identify those who were mistakenly accused.


Our certified forensics experts provide laboratory services for examination of mobile device, smartphones and computers. To ensure that the reliability of the investigation the procedures follow international standards (ISO9001, ISO17001, ISO27035-27042). We provide examination reports on behalf of lawyers and relatives which are presented to courts around the world. Independent and fair reports can prove the innocence of an accused person.


Sometimes people are accused of having used the smartphone app called “ByLock”. This app was available from 2014 to 2016 on different platforms. This allowed users to install it on iOS and Android based devices.


ByLock is particularly well known now for its association with operatives of the FETÖ movement. Bylock was an application that offered the ability to converse in locked groups whilst messages were encrpyted and stored out of reach from security services. After the servers were hacked in 2015 many user names and ip details were gathered. As connection data from 2014-2016 can be out dated it is often used to justify arrest warrants.



This kind of app features you can also find in apps like Eagle or WhatsApp. Many innocent people around the world use tools like Whatsapp or WeChat. Their intention is not to take control of the world. They just want to converse with friends around the world.
Nevertheless, ByLock is a different level of severity. Terrorist attacks, coups and criminal activities have been directed via ByLock. This fact makes it for security services in different countries a particular object of interest. The diversity of people voluntarily trying to gain fame by claiming they developed ByLock on there own are varied. Some of these people are sick and putting innocent people at risk by telling untrue stories to increase their excitement of being in the focus of the press.

What can ACATO offer with App Forensic Investigations?

When a person is accused of having used ByLock although he has never used such app, our forensic laboratory can investigate the persons devices. This is only possible by providing all the digital devices of a person. Hiding a device from our laboratory can result in a report not gaining the full strength. We expect proof of ownership so that we can reduce the risk that devices are handed over that never belonged to the accused.

Our investigations are conducted on an hourly rate and work is always done on a rolling budget. This is due to the fact that often at the beginning client and lab do not have all the necessary information available and sometimes devices or issues arise that were not known before starting the investigation.

In some cases it is the task to actually find traces of an application that was used and uninstalled to prove the guilt of an individual. This usually is then taken further as the communication threads are analyze to find operatives that are giving orders to the arrested suspect.


Modern chat applications are becoming a command and conquer tool for thieves, break-ins and terrorists. The choice of protected chat platforms is wide. From research and human think paths it is a known fact that people do not tend to move from one app to another all at once. Some people just keep to one app, even if in the press privacy and security level of an app is shown to be a potential risk. People often ignore it as they can not be bothered to change.

This is where criminal investigations into the usage of such apps like ByLock show that a suspect can still use an app that has no updates since 2014. This is the same situation with organisations in different countries who reliy on a locally developed tool as they do not trust apps like Whats app and Facebook messenger as they were developed within the USA. Hence, privacy sensitive people believe that tools from other countries are safer. Even tools like Threema are not 100% safe.

Regarding the task to find criminals or operatives this can mislead security services by relying only on user names that were selected by people who definitely are not going to use their real names. Hence, identification of humans needs to use a totally different approach. The NSA has shown how its meta data can amass knowledge that linked up will shop an individual. The key to success is linking up a variety of small data snippets and letting a profiling tool process it. This eventually delivers accurate data. This is the same concept behind our profiling tool AOC which can identify a person from a list of non person related information.

The trend in app profiling can be related also to other wide ranged investigations that have access to a large data source.


The examination of a device is usually used to prove whether a device was used for criminal activist in connection with the bylock app. This may also require to evaluate and research whether the device was capable to be used with any of the bylock versions (i.e. iOS, android, … ).
In some cases our experts can help to clarify whether a device would have been technically adjusted to bridge platforms using emulators or other tweeking tools, Emulators can simulate an environment even though the hardware is actually running on a non compatible plattform.

These capability reports can be very research intensive as some cases have the problem that a device is not accessable to the laboratory due to the device having been severly damaged (e.g. burnt in house fire, run over by tank, smashed). In accordance with forensic standards the authentizied report can help reduce the backlog at court  and relieve police laboratories from cases which are waisting their resources. Our central reference device database stores many details on smartphones and their chipoff characteristics (e.g. chip, epoxy, OS, plattform, pcb, …).

Our Laboratory can deal with following devices:

– iOS Apple Devices (iPhone, iPad, iPod) and MacOS (MacBooks, iMacs)
– Android smartphones (xPeria, Note, z520) and Tablets (e.g. Galaxy Tab)
– windows Smartphones
– Blackberry devices
– Bada Mobile OS Smartphones and Tizen Tablets
– Cellphones (Nokia, Motorola, …)
– Computers (Windows, Linux, UBunu, …)

Important notice to avoid misinterpretation:

We do not conduct investigations on behalf of the Turkish government or its authorities. We have not been requested by Turkish police to supply services to them. We do not offer services to MIT or General Turkish police units! We operate in compliance with the current export regulations of the EU and Germany.