Privacy policy

The 'Submit sample data' and 'Enable remote verification' features make HTTPS connections to the https://attestation.app/ server which will be logged by the web server.

The 'Submit sample data' feature will submit a sample attestation and a survey of system properties accessible to every app without permissions.

The 'Enable remote verification' feature will prompt to scan a QR code from an account on https://attestation.app/ and will use that to subscribe to submitting attestations to that account on https://attestation.app/ at the configured rate.

Attestations contain a certificate chain provided by the hardware-based Trusted Execution Environment and/or Secure Element on the device including assorted verifiable system information. The app also collects other supplementary security information which is displayed in the app and service for successful verifications.

A persistent hardware-backed key is generated for each Auditor-Auditee pairing either between two instances of the app or between the app and https://attestation.app/. The ability to use the persistent key to sign verifiably fresh attestations is used as part of performing verification of the integrity and identity of the device. The keys are wiped when the app is uninstalled or app data is cleared via the OS.

The camera permission is used to scan QR codes from the Auditor app on another device or the https://attestation.app/ service. Images captured by the camera are not stored, exported in any way or used for anything else other than decoding QR codes.

Samples submitted with 'Submit sample data' are published in an anonymized form at https://github.com/GrapheneOS/AttestationSamples and elsewhere.

The app and service are both open source and can be audited.

This privacy policy will be updated to explain how permissions and data are used as the Auditor app and https://attestation.app/ service are developed. It will always retain the property of requiring user consent to make network connections or otherwise export any data.