Notable changes in version 48:
- extend the attestation reference implementation library with a way to precisely detect the key description extension
- prevent bypass for the initial verification inherited from Android's key attestation reference implementation (our pinning approach prevents these issues after pairing) by checking that only the first and second certificates have a key description extension and if the second certificate has a key description extension it needs to be a valid attest key with a matching security level, challenge and the attest key purpose
- enforce that the redundant data provided by the key description for the attest key matches the key that it's signing since despite the lack of a clear security benefit we might as well check that all the data fields have the expected values
- remove unused code and improve code quality
- update Material to 1.6.0
- update CameraX to 1.2.0-alpha01
- update Android gradle plugin to 7.2.1
A full list of changes from the previous release (version 47) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.