Auditor (GrapheneOS variant)
Validate device security with hardware-based integrity and identity verification
Daniel Micay · app.attestation.auditor
UpdatedFeb 12, 2024
PublishedFeb 12, 2024
Packageapp.attestation.auditor
MD540325528f07482e5065ef68b1e4b114c
SHA1 (signer)FB:6A:EF:9D:0C:B6:4C:59:32:F7:89:D5:AC:52:48:E1:24:FA:04:6D
Signed byCN=Daniel Micay
Architecturesx86, x86-64, armeabi-v7a, arm64-v8a
Malware scanTRUSTED
Websitehttps://attestation.app/
Contact[email protected]
Privacy policyView
What's new
Notable changes in version 66:
• update CameraX library to 1.3.0-alpha01
• update ZXing library to 3.5.1
• update Kotlin Gradle plugin to 1.7.21
• remove obsolete lint workarounds
See https://github.com/GrapheneOS/Auditor/releases/tag/66 for the release notes.
• update CameraX library to 1.3.0-alpha01
• update ZXing library to 3.5.1
• update Kotlin Gradle plugin to 1.7.21
• remove obsolete lint workarounds
See https://github.com/GrapheneOS/Auditor/releases/tag/66 for the release notes.
Description
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:
See
for a list of devices which can be verified by using them as the Auditee.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See
for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See
for a more detailed overview.
See
for a list of devices which can be verified by using them as the Auditee.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See
for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See
for a more detailed overview.
Required features
- Camera android.hardware.camera
- Faketouch android.hardware.faketouch
Permissions (8)
Auditor (GrapheneOS variant) requests the following Android permissions:
- Access Network State android.permission.ACCESS_NETWORK_STATE
- Camera android.permission.CAMERA
- Internet android.permission.INTERNET
- Post Notifications android.permission.POST_NOTIFICATIONS
- Query All Packages android.permission.QUERY_ALL_PACKAGES
- Receive Boot Completed android.permission.RECEIVE_BOOT_COMPLETED
- Use Biometric android.permission.USE_BIOMETRIC
- App Attestation Auditor Dynamic Receiver Not Exported Permission app.attestation.auditor.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
