Skip to content
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ALP-L29 add ALP-L29 sample Oct 6, 2018
AUM-L29 add AUM-L29 sample Jan 6, 2019
Aquaris X2 Pro
BBF100-6 whitelist a few more non-runtime properties Nov 21, 2018
BKL-L04 explain legacy samples in detail Apr 23, 2019
BKL-L09 add BKL-L09 sample Oct 6, 2018
CLT-L29 add CLT-L29 sample Nov 7, 2018
COL-L29 add COL-L29 sample Nov 9, 2018
EXODUS 1 whitelist a few more non-runtime properties Nov 21, 2018
G8341 whitelist a few more non-runtime properties Nov 21, 2018
G8342 whitelist a few more non-runtime properties Nov 21, 2018
G8441 use new G8441 sample Apr 23, 2019
H3113 explain legacy samples in detail Apr 23, 2019
H3123
H4113
H8216 whitelist a few more non-runtime properties Nov 21, 2018
H8314 whitelist a few more non-runtime properties Nov 21, 2018
H8324 add H8324 sample Apr 23, 2019
HTC 2Q55100 whitelist a few more non-runtime properties Nov 21, 2018
LYA-L29 add LYA-L29 sample Dec 2, 2018
MI 9
Mi A2 Lite whitelist a few more non-runtime properties Nov 21, 2018
Mi A2 whitelist a few more non-runtime properties Nov 21, 2018
Nokia 6.1 whitelist a few more non-runtime properties Nov 21, 2018
Nokia 7 plus whitelist a few more non-runtime properties Nov 21, 2018
ONEPLUS A6003 whitelist a few more non-runtime properties Nov 21, 2018
POCOPHONE F1 add POCOPHONE F1 sample Nov 25, 2018
Pixel 2 XL whitelist a few more non-runtime properties Nov 21, 2018
Pixel 2 whitelist a few more non-runtime properties Nov 21, 2018
Pixel 3 XL
Pixel 3 whitelist a few more non-runtime properties Nov 21, 2018
Pixel 3a add Pixel 3a sample May 16, 2019
SM-G960F use new SM-G960F sample Apr 23, 2019
SM-G960U explain legacy samples in detail Apr 23, 2019
SM-G960U1 add SM-G960U1 sample May 12, 2019
SM-G960W add SM-G960W sample Dec 2, 2018
SM-G965F use new SM-G965F sample Nov 12, 2018
SM-G965U whitelist a few more non-runtime properties Nov 21, 2018
SM-G965U1 use new SM-G965U1 sample Apr 23, 2019
SM-G965W explain legacy samples in detail Apr 23, 2019
SM-N960F add SM-N960F sample Nov 18, 2018
SM-N960U whitelist a few more non-runtime properties Nov 21, 2018
.gitignore ignore captured.prop Aug 15, 2018
LICENSE use CC0 license for this collection of data Apr 7, 2018
README.md explain legacy samples in detail Apr 23, 2019
filter_prop.sh

README.md

This repository contains sample Android key attestation certificate chains in directories named after the ro.product.model value for the devices where they were generated.

Each of these is a valid certificate chain up to the key attestation root. The devices are running the stock OS with the bootloader locked and verified boot enforcing integrity, which can be confirmed from the metadata in the initial attestation certificate.

The challenge string is set to sample (UTF-8 encoded) rather than the usual random challenge. These are collected with the Auditor app so the app id in the certificate is app.attestation.auditor and the fingerprint is for the release signing key. Older samples are marked with an empty LEGACY file in the directory and use a legacy app id and signing key. The legacy H3113 sample is even older and predates the sample gathering code in the Auditor app. It was generated using ad hoc code in a debug build so it has a different key, random 32 byte challenge string and quick expiry date.

The collection of data published here is public domain / CC0 licensed and is crowdsourced.

Contributing

This project and the apps / services using it depend on data submissions being made from a variety of Android devices.

To help out by contributing data, you'll need any Android device launched with Android 8.0 or later. A device upgraded to Android 8.0 from an earlier version isn't enough. Data submitted from devices running an aftermarket OS is okay but we need at least one submission from a device variant where the device has the stock OS and the bootloader locked. It's easy to tell if the device is running the stock OS from the certificate chain so there's no harm in submissions where the OS has been modified.

To submit data, install the Auditor app (which is available free for non-commercial usage on GitHub), press the menu button in the action bar and press 'Submit sample data' which will submit a sample certificate chain and system properties accessible to the app to https://attestation.app/. The system properties will only be published in a heavily filtered form without properties that aren't constant across devices of that model.

You can’t perform that action at this time.