These GitHub releases are for non-commercial use, buy the app on the Play Store for commercial use or to support the project. The apk uploaded to the Play Store is the same as the one here.
Changes since the 0.7-beta release.
The Copperhead Pixel 2 Auditor uses hardware security features on the Pixel 2 and Pixel 2 XL to validate the integrity of the operating system from another Android device. It will verify that the Pixel 2 (XL) is running either the standard Google Android operating system or CopperheadOS with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) including the verified boot state, operating system variant and operating system version. The initial verification has some security provided by the Pixel 2 intermediate and Google root certificates. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning.
Usage instructions:
The device being verified (Auditee) must be a Pixel 2 or Pixel 2 XL. The device performing verification (Auditor) just needs to be any Android 7.0+ compatible device with a camera.
- press Auditor on the device that will be verifying the Auditee
- press Auditee on the Pixel 2 or Pixel 2 XL that's going to be verified
- point the camera of the Auditee at the QR code on the Auditor to read the challenge
- tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)
- point the camera of the Auditor at the QR code on the Auditee to read the attestation
- view verification of the attestation results
An Auditor can verify any number of different Auditee devices. It shows a fingerprint and the first / last verification time in successful paired attestation results. An Auditee can be verified by any number of Auditors but there will be a different fingerprint for each unique pairing rather than the same fingerprint shown on each Auditor for the same Auditee.