Notable changes in version 56:
- add Android 13 themed icon support
- replace all deprecated Android APIs
- use remote verification executor for disabling remote verification to prevent a theoretical exception from a race condition
- improve feedback about the success or failure of background tasks (clearing pairings, enabling/disabling remote verification, scheduling sample submission)
- update AndroidX appcompat library to 1.5.1
A full list of changes from the previous release (version 55) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.