Notable changes in version 47:
- migrate to using attest key when it's supported by the device (6th gen Pixels) for pairings not already using it to provide forward compatibility with remote provisioning in Android 13 (will not upgrade pre-v46 Pixel 6 / Pixel 6 Pro pairings to the new higher security pinning provided by attest key mode since the pinning is still based on the initial verification)
- only check attestation chain expiry for pairing to prepare for short-lived remote provisioning chains since the attest key feature will still have the same attestation chain for each verification to support pinning just as it works now before remotely provisioned chains are being used anywhere
- add back timestamp verification for our own signing key certificate since this workaround for a 3rd generation Pixel secure element bug no longer appears to be required on those devices
- increase permitted clock skew to 5 minutes from 1 minute to avoid most errors from clocks not being synced
- avoid starting camera focus timer if camera service failure occurred
- fix back gesture and activity resuming for the Auditee error page
- improve message for cert chain length mismatch
A full list of changes from the previous release (version 46) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.