github GrapheneOS/Auditor 0.6-beta

latest releases: 87, 86, 85...
pre-release6 years ago

These GitHub releases are for non-commercial use, buy the app on the Play Store for commercial use. The apk on the Play Store is otherwise identical.

Changes since the 0.5-alpha release.

Copperhead Attestation app for auditing a stock or CopperheadOS Pixel 2 / Pixel 2 XL from another device, building on the bootloader / Trusted Execution Environment verified boot and remote attestation capabilities.

The device being verified (Auditee) must be a Pixel 2 or Pixel 2 XL. The device performing verification (Auditor) just needs to be an Android device meeting the minSdkVersion requirement (currently 24, i.e. Android 7.0+).

The Auditee will fail verification if it isn't running the stock OS or official releases of CopperheadOS with the bootloader locked and no modifications to the OS. It relies on the bootloader and Trusted Execution Environment to provide a signed result of the verified boot state so the OS can't simply provide fake results.

The verification becomes much better after the initial pairing between the Auditee and Auditor. The Auditor pins the certificate chain for the attestation results rather than relying on the Pixel 2 (XL) intermediate + Google root and also verifies the attestation message from the Auditee with the public key from the initial key pair that was attested to be hardware-backed.

Usage instructions:

  1. press Auditor on the device that will be verifying the Auditee
  2. press Auditee on the Pixel 2 or Pixel 2 XL that's going to be verified
  3. point the camera of the Auditee at the QR code on the Auditor to read the challenge
  4. tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)
  5. point the camera of the Auditor at the QR code on the Auditee to read the attestation
  6. view verification of the attestation results

An Auditor can verify any number of different Auditee devices. It shows a fingerprint and the first / last verification time in successful paired attestation results. An Auditee can be verified by any number of Auditors but there will be a different fingerprint for each unique pairing rather than the same fingerprint shown on each Auditor for the same Auditee.

Future security improvements likely require improvements to the hardware/firmware implementation of key attestation and slight extensions to the API.

Don't miss a new Auditor release

NewReleases is sending notifications on new releases.