About
The Auditor app uses hardware-based security features to validate the identity of a device along with authenticity and integrity of the operating system. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. A downgrade to a previous version will also be detected. It builds upon the hardware-based verification of the operating system by chaining verification to the app to perform software-based sanity checks and gather additional information about device state and configuration beyond what the hardware can attest to directly.
The foundation of the Auditor app is generating a persistent key in the hardware-backed keystore for verifying the identity of the device and providing assurance that the operating system hasn't been tampered with or downgraded via verified boot. It performs a pairing process between the device performing verification (Auditor) and the device being verified (Auditee) to implement a Trust On First Use (TOFU) model. The device performing verification can either be another Android device running the app in the Auditor mode or the https://attestation.app/ service for automated verification on a regular schedule with support for email alerts. See the tutorial for usage instructions. The protocol used for both local and remote attestation is documented in the source code.
Verified boot validates the integrity and authenticity of firmware and the entire operating system (both the kernel and userspace) from an immutable hardware root of trust. The results are passed along to the hardware-backed keystore and used to protect the keys.
The key attestation feature provided by the hardware-backed keystore provides direct support for attesting to device properties and bootstrapping the Trust On First Use model of the Auditor app with a basic initial verification chained up to a known root certificate. The latest version of key attestation provides a signed result with the verified boot state, verified boot key, a hash of all data protected by verified boot and the version of the operating system partitions among other properties. It also has support for chaining trust to the application performing the attestation checks, which is used by the Auditor app for bootstrapping checks at the software layer.
Devices shipping with Android 9 or later may ship a StrongBox Keymaster implementation, allowing the Auditor app to keep the keys used by the attestation protocol in the dedicated Hardware Security Module (HSM) (such as the Titan M in Pixel phones) rather than using the Trusted Execution Environment (TEE) on the main processor. This can provide substantial attack surface reduction.
Security enhancements offered by future generations of hardware and future Android releases will be closely tracked by these projects. The core workflow and feature set is already implemented but the foundation will be regularly improved along with major improvements to the user interface and documentation. The app and service are designed to be forwards and backwards compatible via a versioned protocol to permit substantial changes down the road.
Device support
Any device with Android 10 or higher can run the Auditor app and use it to verify other devices. However, only devices launched with Android 8.0 or later have the necessary hardware support for being verified. Each device model also needs to be explicitly integrated into the app. The following devices are currently supported by the most recent stable release:
- BlackBerry Key2 (BBF100-1 and BBF100-6 models)
- BQ Aquaris X2 Pro
- Google Pixel 2
- Google Pixel 2 XL
- Google Pixel 3
- Google Pixel 3 XL
- Google Pixel 3a
- Google Pixel 3a XL
- Google Pixel 4
- Google Pixel 4 XL
- Google Pixel 4a
- Google Pixel 4a (5G)
- Google Pixel 5
- Google Pixel 5a
- Google Pixel 6
- Google Pixel 6 Pro
- Google Pixel 6a
- Google Pixel 7
- Google Pixel 7 Pro
- Google Pixel 7a
- Huawei Honor 7A Pro (AUM-L29 model)
- Honor 9 Lite (LLD-L31 model)
- Huawei Honor 10 (COL-L29 model)
- Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
- Huawei Mate 10 (ALP-L29 model)
- Huawei Mate 20 lite (SNE-LX1 model)
- Huawei Mate 20 Pro (LYA-L29 model)
- Huawei P smart 2019 (POT-LX3 model)
- Huawei P20 (EML-L09 model)
- Huawei P20 Pro (CLT-L29 model)
- Huawei Y7 2019 (DUB-LX3 model)
- Huawei Y9 2019 (JKM-LX3 model)
- HTC EXODUS 1
- HTC U12+
- LG Stylo 5 (LM-Q720 model)
- LG Q Stylo 4 (LG-Q710AL model)
- Motorola moto g⁷
- Motorola One Vision
- Nokia 3.1
- Nokia 6.1
- Nokia 6.1 Plus
- Nokia 7.1
- Nokia 7 Plus
- OnePlus 6 (A6003 model)
- OnePlus 6T (A6013 model)
- OnePlus 7 Pro (GM1913 model)
- Oppo R15 Pro (CPH1831 model)
- Oppo A7 (CPH1903 model)
- Oppo A5s (CPH1909 model)
- Realme C2 (RMX1941 model)
- Samsung Galaxy A70 (SM-A705FN model)
- Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
- Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
- Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
- Samsung Galaxy J7 (SM-J737T1 model)
- Samsung Galaxy M20 (SM-M205F model)
- Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
- Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
- Samsung Galaxy Note 10+ (SM-N975U model)
- Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
- Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
- Samsung Galaxy S10e (SM-G970F model)
- Samsung Galaxy S10+ (SM-G975F model)
- Samsung Galaxy Tab A 10.1 (SM-T510 model)
- Samsung Galaxy Tab S4 (SM-T835 model)
- Sony Xperia XA2 (H3113, H3123 and H4113 models)
- Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
- Sony Xperia XZ1 Compact (G8441 model)
- Sony Xperia XZ2 (H8216 model)
- Sony Xperia XZ2 Compact (H8314 and H8324 models)
- T-Mobile REVVL 2
- Vivo 1807
- Xiaomi Mi A2
- Xiaomi Mi A2 Lite
- Xiaomi Mi 9
- Xiaomi POCOPHONE F1
The following devices provide an HSM with StrongBox support used by Auditor:
- Google Pixel 3
- Google Pixel 3 XL
- Google Pixel 3a
- Google Pixel 3a XL
- Google Pixel 4
- Google Pixel 4 XL
- Google Pixel 4a
- Google Pixel 4a (5G)
- Google Pixel 5
- Google Pixel 5a
- Google Pixel 6
- Google Pixel 6 Pro
- Google Pixel 6a
- Google Pixel 7
- Google Pixel 7 Pro
- Google Pixel 7a
- Samsung Galaxy Note 10 (SM-N970U model)
- Samsung Galaxy Note 10+ (SM-N975U model)
The following devices support the attest key feature for generating a pairing specific attestation signing key:
- Google Pixel 6
- Google Pixel 6 Pro
- Google Pixel 6a
- Google Pixel 7
- Google Pixel 7 Pro
- Google Pixel 7a
The Auditor app also has support for verifying alternative operating systems on devices supporting it. It can verify GrapheneOS running on the following devices:
- Google Pixel 2
- Google Pixel 2 XL
- Google Pixel 3
- Google Pixel 3 XL
- Google Pixel 3a
- Google Pixel 3a XL
- Google Pixel 4
- Google Pixel 4 XL
- Google Pixel 4a
- Google Pixel 4a (5G)
- Google Pixel 5
- Google Pixel 5a
- Google Pixel 6
- Google Pixel 6 Pro
- Google Pixel 6a
- Google Pixel 7
- Google Pixel 7 Pro
Alternative operating systems need their verified boot key included in the Auditor app and Attestation Server. The app and service display the name of the operating system being verified on the device. Unfortunately, most alternative operating systems lack support for full verified boot and most devices don't support using verified boot with a custom key. The app also depends on the OS preserving the core security model for extensions beyond the baseline hardware-based attestation support.
GrapheneOS is a hardened mobile OS with Android app compatibility focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model. GrapheneOS also maintains all the standard baseline security features. Releases are available on the GrapheneOS releases page and can be used with the Auditor app and server.