Skip to content

Releases: GrapheneOS/Auditor

85

08 Sep 05:54
@thestinger thestinger
85
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
94f8d76
Compare
Choose a tag to compare
85 Latest
Latest

Notable changes in version 85:

  • make remote verification more prominent by moving it to the main screen from the action menu
  • use correct theme for attestation activity background color
  • add support for Material You
  • update NDK to 27.1.12297006
  • enable generation of v4 APK signatures to replace fs-verity metadata for updates on Android 15 GrapheneOS

A full list of changes from the previous release (version 84) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 5
Loading

84

29 Aug 21:31
@thestinger thestinger
84
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
bc48eef
Compare
Choose a tag to compare
84

Notable changes in version 84:

  • add support for Pixel 9 Pro Fold with either the stock OS or GrapheneOS
  • update Android Gradle plugin to 8.6.0
  • update Kotlin to 2.0.20

A full list of changes from the previous release (version 83) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

83

21 Aug 18:35
@thestinger thestinger
83
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
0e36329
Compare
Choose a tag to compare
83

Notable changes in version 83:

  • add support for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL with either the stock OS or GrapheneOS
  • mark legacy devices which are no longer supported as explicit unsupported
  • update Android Gradle plugin to 8.5.2
  • update Android NDK to 27.0.12077973
  • update Gradle to 8.10
  • update Guava library to 33.3.0

A full list of changes from the previous release (version 82) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

82

27 Jul 16:52
@thestinger thestinger
82
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
7939182
Compare
Choose a tag to compare
82

Notable changes in version 82:

  • update minimum Android version in introduction to 12
  • raise minimum OS version for verification to 12
  • raise minimum patch level for verification to 2021-10-05
  • drop support for device models without Android 12

A full list of changes from the previous release (version 81) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

81

27 Jul 05:38
@thestinger thestinger
81
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
024b19f
Compare
Choose a tag to compare
81

Notable changes in version 81:

  • add dedicated error message explaining how to work around an attestation failure occurring after a system_server crash by rebooting the device
  • reword error message for an invalid number of Auditor app signing keys reported by the attestation data
  • add more info to error messages for package info
  • raise minimum supported Android version to 12 (API level 31) based on it being the oldest release with security support
  • update CameraX library to 1.3.4
  • update Guava library to 33.2.1
  • update AndroidX AppCompat library to 1.7.0
  • update Android Gradle plugin to 8.5.1
  • update Android NDK to 26.3.11579264
  • update Android build tools to 35.0.0
  • update Gradle to 8.9

A full list of changes from the previous release (version 80) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

80

11 May 23:18
@thestinger thestinger
80
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
c1461c9
Compare
Choose a tag to compare
80

Notable changes in version 80:

  • add support for Pixel 8a with either the stock OS or GrapheneOS
  • update Kotlin to 1.9.24
  • update Android Gradle plugin to 8.4.0
  • update Guava library to 33.2.0
  • update AndroidX Core library to 1.13.1
  • update Material Components library to 1.12.0
  • remove redundant style configuration found by lint

A full list of changes from the previous release (version 79) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

79

19 Apr 21:00
@thestinger thestinger
79
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
8f9384d
Compare
Choose a tag to compare
79

Notable changes in version 79:

  • modern Material 3 UI overhaul
  • use edge-to-edge layout
  • update CameraX library to 1.3.3
  • update AndroidX Core library to 1.13.0
  • update Bouncy Castle library to 1.78
  • update Guava library to 33.1.0
  • update ZXing library to 3.5.3
  • update Gradle to 8.7
  • update Android Gradle plugin to 8.3.2
  • update Kotlin to 1.9.23

A full list of changes from the previous release (version 78) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

78

19 Dec 15:29
@thestinger thestinger
78
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
6887c46
Compare
Choose a tag to compare
78

Notable changes in version 78:

  • update CameraX library to 1.3.1
  • update Bouncy Castle library to 1.77
  • update Guava library to 33.0.0
  • update Material Components library to 1.11.0
  • update Gradle to 8.5
  • replace deprecated Gradle functionality

A full list of changes from the previous release (version 77) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

77

13 Nov 01:03
@thestinger thestinger
77
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
1a22849
Compare
Choose a tag to compare
77

Notable changes in version 77:

  • update CameraX library to 1.3.0
  • update Gradle to 8.4
  • update Kotlin to 1.9.20
  • update NDK version to 26.1.10909125 instead of using the older default set by the Android Gradle plugin

A full list of changes from the previous release (version 76) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading

76

12 Oct 16:39
@thestinger thestinger
76
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
63e98d0
Compare
Choose a tag to compare
76

Notable changes in version 76:

  • add support for Pixel 8 and Pixel 8 Pro
  • update Guava library to 32.1.3

A full list of changes from the previous release (version 75) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2
Loading