Skip to content

Releases: GrapheneOS/Auditor

60

05 Oct 23:11
@thestinger thestinger
60
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
5f7424d
Compare
Choose a tag to compare
60

Notable changes in version 60:

  • exclude unused Bouncy Castle library property files added in 1.72 to massively reduce APK size
  • drop support for earlier protocol versions (Auditor version 47 is now the minimum supported version)

A full list of changes from the previous release (version 59) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

59

29 Sep 19:26
@thestinger thestinger
59
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
c5c5ab2
Compare
Choose a tag to compare
59

Notable changes in version 59:

  • update CameraX library to 1.2.0-beta02
  • update Bouncy Castle library to 1.72
  • update Android Gradle plugin to 7.3.0
  • update Kotlin Gradle plugin to 1.7.10
  • move away from deprecated package attribute

A full list of changes from the previous release (version 58) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

58

15 Sep 11:12
@thestinger thestinger
58
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
6040403
Compare
Choose a tag to compare
58

Notable changes in version 58:

  • reschedule remote verify job when job configuration is different than expected
  • restore remote verify job after boot if missing or mismatched in addition to on app launch
  • make initial one-time remote verify job expedited and max priority
  • set estimated network bytes for remote verify and submit sample jobs

A full list of changes from the previous release (version 57) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

57

13 Sep 01:33
@thestinger thestinger
57
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
b50a1ee
Compare
Choose a tag to compare
57

Notable changes in version 57:

  • fix getApplicationInfo compatibility wrapper

A full list of changes from the previous release (version 56) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

56

13 Sep 01:09
@thestinger thestinger
56
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
ee842c4
Compare
Choose a tag to compare
56

Notable changes in version 56:

  • add Android 13 themed icon support
  • replace all deprecated Android APIs
  • use remote verification executor for disabling remote verification to prevent a theoretical exception from a race condition
  • improve feedback about the success or failure of background tasks (clearing pairings, enabling/disabling remote verification, scheduling sample submission)
  • update AndroidX appcompat library to 1.5.1

A full list of changes from the previous release (version 55) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

55

01 Sep 10:53
@thestinger thestinger
55
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
88adc30
Compare
Choose a tag to compare
55

Notable changes in version 55:

  • build with API 33 SDK
  • replace an API call deprecated in API 33
  • raise target API level to 33
  • add support for requesting notification permission only when needed
  • update CameraX library to 1.2.0-beta01
  • update AndroidX appcompat library to 1.5.0
  • update Bouncy Castle library to 1.71.1
  • update Gradle to 7.5.1
  • update Android Gradle plugin to 7.2.2

A full list of changes from the previous release (version 54) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

54

31 Jul 09:25
@thestinger thestinger
54
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
111c9ac
Compare
Choose a tag to compare
54

Notable changes in version 54:

  • update CameraX to 1.2.0-alpha04

A full list of changes from the previous release (version 53) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

53

28 Jul 07:36
@thestinger thestinger
53
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
07e791b
Compare
Choose a tag to compare
53

Notable changes in version 53:

  • add Google Pixel 6a support for both the stock OS and the near future GrapheneOS releases
  • update Android build tools to 33.0.0

A full list of changes from the previous release (version 52) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

52

16 Jul 22:10
@thestinger thestinger
52
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
17f15c5
Compare
Choose a tag to compare
52

Notable changes in version 52:

  • update CameraX to 1.2.0-alpha03
  • update Kotlin Gradle plugin to 1.7.10
  • update Gradle to 7.5

A full list of changes from the previous release (version 51) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2

51

07 Jun 21:08
@thestinger thestinger
51
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
GPG key ID: F9E712E59AF5F22A
Learn about vigilant mode.
d87a509
Compare
Choose a tag to compare
51

Notable changes in version 51:

  • implement attest key downgrade support to work around bug with the current Pixel 6 / Pixel 6 Pro implementation of the bleeding edge attest key feature (see commit message for technical details)
  • switch to jdk18on variant of Bouncy Castle

A full list of changes from the previous release (version 50) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.

Assets 2