Notable changes in version 46:
- add support for the Android 12 attest key feature to add a pairing-specific hardware attestation signing key in between our generated keys and the batch key for significantly improved security from attestation key pinning (GrapheneOS proposed the concept used by the attest key feature several years back for use by Auditor and Android ended up implementing it as a standard feature)
- enable attest key support for new pairings with an Auditee supporting it in the hardware keystore including the Pixel 6 and later (migrating to it for existing pairings will be a future improvement)
- display attest key use as part of the security level with the combination of StrongBox and attest key considered to be a Very High security level instead of only High for StrongBox alone
- add error handling/reporting for OS/hardware camera issues
- add support for 3rd generation key attestation root for future devices
- increase Auditor protocol to version 3 with a new DEFLATE dictionary including the new attestation root and an updated sample attestation chain to improve compression for easier to scan QR codes
- add exception messages to sample submission and remote attestation failure notifications
- update CameraX to 1.1.0-rc01 providing various improvements which are partially documented in their release notes
- update ZXing (barcode library) to 3.5.0 providing significant improvements for barcode decoding including fixes for many edge cases discovered through fuzzing where unexpected exceptions were thrown (many of these would have been serious security bugs instead of unexpected exceptions if ZXing was written in C rather than memory safe Java code)
- update Kotlin Gradle plugin to 1.6.21
- update Android Gradle plugin to 7.2.0
A full list of changes from the previous release (version 45) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.