Privacy policy

The 'Submit sample data' and 'Enable remote verification' features make HTTPS connections to the server which will be logged by the web server.

The 'Submit sample data' feature will submit a sample attestation and a survey of system properties accessible to every app without permissions.

The 'Enable remote verification' feature will prompt to scan a QR code from an account on and will use that to subscribe to submitting attestations to that account on at the configured rate.

Attestations contain a certificate chain provided by the hardware-based Trusted Execution Environment and/or Secure Element on the device including assorted verifiable system information. The app also collects other supplementary security information which is displayed in the app and service for successful verifications.

A persistent hardware-backed key is generated for each Auditor-Auditee pairing either between two instances of the app or between the app and The ability to use the persistent key to sign verifiably fresh attestations is used as part of performing verification of the integrity and identity of the device. The keys are wiped when the app is uninstalled or app data is cleared via the OS.

The camera permission is used to scan QR codes from the Auditor app on another device or the service. Images captured by the camera are not stored, exported in any way or used for anything else other than decoding QR codes.

Samples submitted with 'Submit sample data' are published in an anonymized form at and elsewhere.

The app and service are both open source and can be audited.

This privacy policy will be updated to explain how permissions and data are used as the Auditor app and service are developed. It will always retain the property of requiring user consent to make network connections or otherwise export any data.