Notable changes in version 90:
- add support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold with either the stock OS or near future GrapheneOS releases
- add back check for Auditee support for remote verification
- update Android target API level to 36 (Android 16)
- switch transition for QR scanning activity to handle target API level 36 predictive back more smoothly
- properly distinguish unknown vs. invalid values for extended GrapheneOS security information covering auto-reboot, etc.
- fix displaying lowest possible auto-reboot timer supported at a low-level in the OS
- remove unused support for new pairings without StrongBox (secure element keystore as opposed to a less secure Trusted Environment Environment keystore)
- add support for new key attestation root certificate launching in February 2026
- add new protocol version 7 with a new DEFLATE dictionary adding the new attestation root and dropping the non-StrongBox sample
- raise minimum app version for Auditee to 87 which was released over a year ago
- add new far future Let's Encrypt roots to TLS key pinning configuration
- drop obsolete workaround for old Android versions on 6th gen Pixels not declaring attest key support
- drop unsupported legacy devices without Android 13 or later from supported device list
- enable hardware memory tagging for use outside of GrapheneOS in the narrow cases where it's available for apps opting into it (Android 16 Advanced Protection Mode on hardware with support for MTE)
- update ZXing barcode scanning library to 3.5.4
- update CameraX (AndroidX Camera) library to 1.5.1
- update Bouncy Castle library to 1.82
- update Guava library to 33.5.0
- update Material Components library to 1.13.0
- update AndroidX Core library to 1.17.0
- update AndroidX AppCompat library to 1.7.1
- update Gradle to 9.2.1
- update NDK to 29.0.14206865
- update Android Gradle plugin to 8.13.1
- update Kotlin to 2.2.21
- update Android build tools to 36.1.0
A full list of changes from the previous release (version 89) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.
This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.
Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.