GrapheneOS/Auditor 1

on GitHub

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

• Google Pixel 2
• Google Pixel 2 XL
• Huawei Honor View 10 (BKL-L04 model only)
• Nokia 6.1
• Samsung Galaxy S9 (SM-G960F and SM-G960U models)
• Samsung Galaxy S9+ (SM-G965F, SM-G965U1 and SM-G965W models)
• Sony Xperia XA2 (H3113, H3123 and H4113 models)
• Sony Xperia XZ1 Compact (G8441 model only)

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) including the verified boot state, operating system variant and operating system version. The initial verification has some security provided by the Google root certificate. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

Usage instructions:

The device being verified (Auditee) must be one of the supported devices. Android developer previews aren't supported since the hardware verified version is set to a placeholder value. The device performing verification (Auditor) just needs to be any Android 7.0+ compatible device with a camera.

1. press Auditor on the device that will be verifying the Auditee
2. press Auditee on the device that's going to be verified
3. point the camera of the Auditee at the QR code on the Auditor to read the challenge
4. tap the QR code on the Auditor to advance ahead (if you do this too early, you can press back)
5. point the camera of the Auditor at the QR code on the Auditee to read the attestation
6. view verification of the attestation results

An Auditor can verify any number of different Auditee devices. It shows a fingerprint and the first / last verification time in successful paired attestation results. An Auditee can be verified by any number of Auditors but there will be a different fingerprint for each unique pairing rather than the same fingerprint shown on each Auditor for the same Auditee.

To set up regularly scheduled remote verification via the remote attestation service:

1. create an account on https://attestation.app/ from a separate device
2. press the menu button in the app
3. press the 'Enable remote verification' action in the menu
4. scan the account QR code displayed on https://attestation.app/
5. configure an alert email address to receive alerts if the device fails to provide valid attestations in time
6. refresh https://attestation.app/ to view the initial attestation result