Securing high-stakes exams on student-owned devices at UQ College 

The challenge: securing high stakes examinations

UQ College teaches and assesses international students who have already met the academic entry requirements for their chosen university degree course but have not yet demonstrated the required level of academic English language proficiency for admittance.  

The assessments designed and delivered by UQ College can decide students’ futures as meeting English language requirements are a pre-requisite for entry into their degree courses. Not meeting requirements can mean a longer study period or a return home. UQ College is essentially a gatekeeper for the university in terms of which international students can be admitted, and which cannot.

That responsibility makes exam integrity non-negotiable, and not only for the students' sake - upholding the reputation of the university is critical. UQ College requires robust evidence to support the decisions made about whether a student has met the required level of language proficiency to start their degree course. The College must also be able to demonstrate that the assessments are valid, fair and reliable and of course, secure.  

To achieve this, the College follows a rigorous process of developing and validating the high stakes assessments needed for the task. There are a significant amount of work and a high level of expertise required to take a test task produced to meet task specifications through the stages of editing, field trialling, trial data analysis, potential re-editing and re-trialling, before finally calibrating, equating, benchmarking and then using that task in a live testing round.  

UQ College needs to ensure that after investing that much time, expertise and money into the development and validation process, that their product is secure and maintains the academic integrity of that intellectual property.

A bypass that changed everything overnight

Since 2018, the centre had secured its digital assessments using a freely available and much used secure exam browser. This tool had served them well, including through the COVID pandemic. However, this tool was never designed as a lockdown solution for student-owned devices but was intended for use in centrally monitored computer labs.  

That limitation eventually proved critical. In early 2025, the College discovered use of a paid online cheating service which enabled the establishment of a remote connection before the exam session began, placing a second person inside the test environment before their lockdown tool could detect them. When you’re testing academic language proficiency, it is far easier to find a capable and willing English speaker to sit an exam for you than for example, trying to find someone with the knowledge to take a specialist mathematics or psychology exam.  

The College was fortunate to detect this very small but still very serious breach immediately, however, this incident revealed that a tool that had worked well for years was no longer fit for purpose.  The College had just four months, between May and September 2025 to find, test and implement a replacement system before the next round of live testing started in December.  

The complications of BYOD with an international student population

UQ College operates a Bring Your Own Device (BYOD) policy. Computer labs simply cannot accommodate the volume of students the college tests. But BYOD comes with its own complications, particularly when the student population is largely international.  

Many of the English language students operate non-English systems, a persistent source of friction with the previous lockdown tool. The College also recognized that there is free software which international students may have on their devices, and which a secure browser may falsely identify as a security threat. Freeware such as ‘360 Security’, is commonly found on student’s devices and can cause incompatibility when running assessments inside a lockdown browser environment.

To deliver their English language assessments, the College uses Concerto, an open-source adaptive assessment platform. Starting in 2018, the English language assessment team have customized Concerto extensively to fit the specific psychometric and logistical requirements of their assessment context. Switching to a commercial platform was just not a viable option. What they needed was an exam security platform that could work with the systems they had already built.  

The solution: preventing the bypass, not chasing it  

Schoolyear was recommended to UQ College by another Australian university. The College’s software engineering team, who had been closely involved in building the Concerto infrastructure environment, joined an early meeting with Schoolyear and it took only fifteen minutes to confirm that the design and approach taken by Schoolyear would enable the College to overcome the identified security issue.  

Schoolyear was the right fit for UQ College because it was purpose-built for BYOD. The bypass that had broken the College’s previous lockdown browser worked precisely because students were on their own devices: they could install software on those devices freely, before any exam session began.  

Schoolyear's onboarding flow closes that window entirely. When the Schoolyear browser is launched, all other applications on the student's device are forced to stop running. This means there is no opportunity to start any new process because students are already inside the secured environment.

Implementation: managing BYOD at scale  

Integrating Schoolyear with the customized assessment platform required close collaboration between the college’s software engineering team and Schoolyear's technical team. The result is a straightforward experience for students: they navigate to their exam in their course LMS, click a pre-configured button, and the Schoolyear onboarding flow begins, which ends by opening the exam inside the secure environment.  

Device compatibility, a persistent headache under the previous browser, has largely been resolved. Since they started using Schoolyear, UQ College has not had any particular software that has caused a conflict and stops a device from working. The issues that had caused problems with some student devices have not resurfaced.  

A small number of devices are still flagged by Schoolyear as being unsuitable, typically those that have been heavily modified by students who game or code. To handle these cases, the College maintains a pool of backup laptops.  

Before each live assessment round, the college runs a series of practice assessments. One purpose of these sessions is to catch any device issues early, before they can disrupt the real exams. Any technical problems, whether compatibility issues or a battery that can no longer hold a charge, are identified and resolved in advance.  

The result: stable exams on any device, for any student  

Three full rounds of live testing have now run using Schoolyear. These high-stakes digital assessments are run on student-owned devices, including many with non-English operating systems which had previously caused issues. The compatibility problems and security vulnerabilities that had been identified under the previous system have not resurfaced. For an institution that cannot afford a single compromised exam, it is this high level of reliability which matters most.  

Invigilators, who previously had to manage device issues themselves, have reported that they are now more able to focus on other aspects of exam classroom security.