Notable changes in version 71:
- simplify error message for enforced StrongBox
- enforce StrongBox for new 7th generation Pixel pairings (was previously not enforced since we weren't able to use StrongBox for the first few months after the launch of the Pixel 7 and Pixel 7 Pro due to a remote key provisioning bug fixed after we reported it)
- enforce attest key for new pairings when supported
- drop already disabled attest key downgrade support (existed to work around a bug in the 6th generation Pixel implementation of attest keys which was fixed after we reported it)
- add new key attestation root certificate
- drop support for builds not using pairing-specific attest keys
- drop legacy per-user encryption enforcement (per-user encryption is the only supported mode on Android 13 and above, which is our focus)
- drop legacy developer preview detection
- simplify multiple aspects of the implementation
- update CameraX library to 1.3.0-alpha07
A full list of changes from the previous release (version 70) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.
This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.
Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.
Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.
GrapheneOS users must obtain GrapheneOS app updates through our app repository since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.