Notable changes in version 70:
- add Pixel 7a support
- disable attest key downgrade support which was used to work around a bug discovered/reported by GrapheneOS causing attest keys becoming unusable after an OS update on the Pixel 6 and Pixel 6 Pro until the release fixing the problem when the existing keys became usable again (attest keys provide explicit support for pinning-based verification and were added largely based on a request made by GrapheneOS, and we were the earliest adopters of the feature)
- raise minimum patch level to 2019-09-05 (this was the initial patch level for Android 10 on Pixels and Android 10 is the minimum OS version)
- drop obsolete verified boot key migration support from when the Pixel 3 and Pixel 3 XL switched to the current approach of calculating the key fingerprint (sha256 hash)
- switch to modern Gradle plugin infrastructure
- update Android Gradle plugin to 8.0.1
- update Gradle to 8.1.1
- update Kotlin to 1.8.21
- update Material library to 1.9.0
A full list of changes from the previous release (version 69) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.
This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.
Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.
Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.
GrapheneOS users must obtain GrapheneOS app updates through our app repository since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.