Skip to content

@thestinger thestinger released this May 19, 2021

Full list of changes from the previous release (version 26). Notable changes:

  • modernize UI (dark mode, etc.)
  • modernize implementation
  • update dependencies

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Google Pixel 4a (5G)
  • Google Pixel 5
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 3
26

@thestinger thestinger released this Mar 19, 2021

Full list of changes from the previous release (version 25). Notable changes:

  • replace fingerprint support with generic biometrics support (fingerprint, face, iris, etc.)
  • drop support for Auditor app versions below 22
  • update dependencies

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Google Pixel 4a (5G)
  • Google Pixel 5
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 3
25

@thestinger thestinger released this Feb 14, 2021

Full list of changes from the previous release (version 24). Notable changes:

  • display extended patch level information

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Google Pixel 4a (5G)
  • Google Pixel 5
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 3
24

@thestinger thestinger released this Feb 12, 2021

Full list of changes from the previous release (version 23). Notable changes:

  • update dependencies
  • add support for the Google Pixel 4a (5G)
  • add support for the Google Pixel 5
  • drop support for Android versions older than 8.0

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Google Pixel 4a (5G)
  • Google Pixel 5
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
23

@thestinger thestinger released this Dec 8, 2020

Full list of changes from the previous release (version 22). Notable changes:

  • improve some error messages by including relevant details about why the failure occurred
  • remove obsolete RSA 2048 backup pin from TLS pinning configuration
  • update dependencies
  • drop unmaintained support for CalyxOS

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
22

@thestinger thestinger released this Oct 31, 2020

Full list of changes from the previous release (version 21). Notable changes:

  • add support for the new key attestation root via a new version of the Auditor protocol
  • add Pixel 4a support for both the stock OS and GrapheneOS

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Google Pixel 4a
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
21

@thestinger thestinger released this Oct 1, 2020

Full list of changes from the previous release (version 20). Notable changes:

  • rely on challenge rather than Not Before / Not After dates in the attestation certificate to work around secure element time sync issues

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
20

@thestinger thestinger released this Sep 28, 2020

Full list of changes from the previous release (version 19). Notable changes:

  • add TLS certificate pins for future root certificate and intermediates
  • add API 30+ permission for querying all other packages which is needed by the code checking for non-system device manager apps

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
19

@thestinger thestinger released this Sep 12, 2020

Full list of changes from the previous release (version 18). Notable changes:

  • workaround for StrongBox issue discovered on Android 11 Pixels
  • update target SDK version to 30 (Android 11)
  • update dependencies

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3
18

@thestinger thestinger released this Jun 22, 2020

Full list of changes from the previous release (version 17). Notable changes:

  • add support for Google Pixel 4
  • add support for Google Pixel 4 XL
  • add support for GrapheneOS on Google Pixel 4
  • add support for GrapheneOS on Google Pixel 4 XL
  • improve compatibility of checking if there are (biometric) fingerprints registered

This release will be bundled with the next release of GrapheneOS and is also being pushed out via the Play Store.


The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

  • BlackBerry Key2 (BBF100-1 and BBF100-6 models)
  • BQ Aquaris X2 Pro
  • Google Pixel 2
  • Google Pixel 2 XL
  • Google Pixel 3
  • Google Pixel 3 XL
  • Google Pixel 3a
  • Google Pixel 3a XL
  • Google Pixel 4
  • Google Pixel 4 XL
  • Huawei Honor 7A Pro (AUM-L29 model)
  • Honor 9 Lite (LLD-L31 model)
  • Huawei Honor 10 (COL-L29 model)
  • Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
  • Huawei Mate 10 (ALP-L29 model)
  • Huawei Mate 20 lite (SNE-LX1 model)
  • Huawei Mate 20 Pro (LYA-L29 model)
  • Huawei P smart 2019 (POT-LX3 model)
  • Huawei P20 (EML-L09 model)
  • Huawei P20 Pro (CLT-L29 model)
  • Huawei Y7 2019 (DUB-LX3 model)
  • Huawei Y9 2019 (JKM-LX3 model)
  • HTC EXODUS 1
  • HTC U12+
  • LG Stylo 5 (LM-Q720 model)
  • LG Q Stylo 4 (LG-Q710AL model)
  • Motorola moto g⁷
  • Motorola One Vision
  • Nokia 3.1
  • Nokia 6.1
  • Nokia 6.1 Plus
  • Nokia 7.1
  • Nokia 7 Plus
  • OnePlus 6 (A6003 model)
  • OnePlus 6T (A6013 model)
  • OnePlus 7 Pro (GM1913 model)
  • Oppo R15 Pro (CPH1831 model)
  • Oppo A7 (CPH1903 model)
  • Oppo A5s (CPH1909 model)
  • Realme C2 (RMX1941 model)
  • Samsung Galaxy A70 (SM-A705FN model)
  • Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
  • Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
  • Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
  • Samsung Galaxy J7 (SM-J737T1 model)
  • Samsung Galaxy M20 (SM-M205F model)
  • Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
  • Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
  • Samsung Galaxy Note 10+ (SM-N975U model)
  • Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
  • Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
  • Samsung Galaxy S10e (SM-G970F model)
  • Samsung Galaxy S10+ (SM-G975F model)
  • Samsung Galaxy Tab A 10.1 (SM-T510 model)
  • Samsung Galaxy Tab S4 (SM-T835 model)
  • Sony Xperia XA2 (H3113, H3123 and H4113 models)
  • Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
  • Sony Xperia XZ1 Compact (G8441 model)
  • Sony Xperia XZ2 (H8216 model)
  • Sony Xperia XZ2 Compact (H8314 and H8324 models)
  • T-Mobile REVVL 2
  • Vivo 1807
  • Xiaomi Mi A2
  • Xiaomi Mi A2 Lite
  • Xiaomi Mi 9
  • Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

Assets 3