Notable changes in version 86:
- remove Auditee self-check to avoid most error reporting on the Auditee side to give the Auditor side including our remote attestation service more visibility into why failures are happening
- drop support for obsolete deny new USB setting which was replaced by our newer generation USB-C port and pogo pins not currently accessible to Auditor (a near future GrapheneOS release will add support for the built-in Auditor app reading the new setting and we'll add support for reporting the full set of modes)
- change the High security level to meaning the combination of a StrongBox Hardware Security Module (Pixel 3 and later) and a pairing-specific attestation signing key (Pixel 6 and later for pairings made since we added support for it in June 2022) instead of displaying it as Very High and display only having StrongBox as Standard since every non-end-of-life Pixel has both features
- extend certificate validity for attestation responses by 5 minutes for a total validity period of 15 minutes due to the existing 5 minute leeway before and after
- drop support for earlier protocol versions and raise minimum Auditor version to 73 where the current protocol version was introduced
- modernize code including very minor performance improvements
- update Gradle to 8.10.1
- update Guava library to 33.3.1
A full list of changes from the previous release (version 85) is available through the Git commit log between the releases.
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.
This app is available through the Play Store with the app.attestation.auditor.play
app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.
Releases of the app signed by GrapheneOS with the app.attestation.auditor
app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.