Releases · GrapheneOS/Auditor

23 Nov 06:18

d9adced

90 Latest

Latest

Notable changes in version 90:

add support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold with either the stock OS or near future GrapheneOS releases
add back check for Auditee support for remote verification
update Android target API level to 36 (Android 16)
switch transition for QR scanning activity to handle target API level 36 predictive back more smoothly
properly distinguish unknown vs. invalid values for extended GrapheneOS security information covering auto-reboot, etc.
fix displaying lowest possible auto-reboot timer supported at a low-level in the OS
remove unused support for new pairings without StrongBox (secure element keystore as opposed to a less secure Trusted Execution Environment keystore)
add support for new key attestation root certificate launching in February 2026
add new protocol version 7 with a new DEFLATE dictionary adding the new attestation root and dropping the non-StrongBox sample
raise minimum app version for Auditee to 87 which was released over a year ago
add new far future Let's Encrypt roots to TLS key pinning configuration
drop obsolete workaround for old Android versions on 6th gen Pixels not declaring attest key support
drop unsupported legacy devices without Android 13 or later from supported device list
enable hardware memory tagging for use outside of GrapheneOS in the narrow cases where it's available for apps opting into it (Android 16 Advanced Protection Mode on hardware with support for MTE)
update ZXing barcode scanning library to 3.5.4
update CameraX (AndroidX Camera) library to 1.5.1
update Bouncy Castle library to 1.82
update Guava library to 33.5.0
update Material Components library to 1.13.0
update AndroidX Core library to 1.17.0
update AndroidX AppCompat library to 1.7.1
update Gradle to 9.2.1
update NDK to 29.0.14206865
update Android Gradle plugin to 8.13.1
update Kotlin to 2.2.21
update Android build tools to 36.1.0

A full list of changes from the previous release (version 89) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

Assets 4

02 May 18:34

thestinger

5a7b87d

Notable changes in version 89:

remove support for checking OEM unlocking state outside GrapheneOS since Android 15 QPR2 removed the system property
add support for GrapheneOS security state manager extension included in the upcoming release of GrapheneOS providing support obtaining additional security state information including the OEM unlocking state, user count, GrapheneOS auto-reboot configuration and GrapheneOS USB-C port and pogo pins control configuration (this requires a signature permission based on the GrapheneOS signing key for Auditor)
raise minimum API level to 33 (Android 13) since Android 13 is the oldest release with security support
raise minimum OS version for verification to Android 13
raise minimum patch level for verification to 2022-08-05 (first release of Android 13)
drop support for devices without official Android 13 support including 3rd generation Pixels and all previously supported non-Pixel devices (non-Pixel devices running the stock OS will be supported via a generic approach in a future release)
drop obsolete first API level check for sample submission (no longer relevant due to Android 8 being launch such a long time ago)
update Guava library to 33.4.8
update Android Gradle plugin to 8.9.2

A full list of changes from the previous release (version 88) is available through the Git commit log between the releases.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 3

11 Apr 00:45

thestinger

a6da63b

Notable changes in version 88:

add support for Pixel 9a with either the stock OS or GrapheneOS
require TLSv1.3 instead of either TLSv1.2 or TLSv1.3
drop legacy USE_FINGERPRINT permission since we dropped Android 9 support a while ago
update Bouncy Castle library to 1.80
update CameraX (AndroidX Camera) library to 1.4.2
update AndroidX Core library to 1.16.0
update Guava library to 33.4.7
update Android NDK to 28.0.13004108
update Android Gradle plugin to 8.9.1
update Kotlin to 2.1.20
update Gradle to 8.13
minor improvements to code quality
exclude unused OSGI manifests to avoid file conflicts

A full list of changes from the previous release (version 87) is available through the Git commit log between the releases.

Assets 3

27 Oct 11:57

thestinger

1e6c1b4

Notable changes in version 87:

update Android SDK to 35 (Android 15)
update target SDK to 35 (Android 15)
use new attestation.app API with /auditor/ prefix and JSON response for verify API
remove subscribe key for attestation.app account after successful verification
update Gradle to 8.10.2
update Android Gradle plugin to 8.7.1
update Kotlin to 2.0.21
update Android NDK to 27.2.12479018
minor performance and robustness improvements

A full list of changes from the previous release (version 86) is available through the Git commit log between the releases.

Assets 3

29 Sep 00:47

thestinger

55e6458

Notable changes in version 86:

remove Auditee self-check to avoid most error reporting on the Auditee side to give the Auditor side including our remote attestation service more visibility into why failures are happening
drop support for obsolete deny new USB setting which was replaced by our newer generation USB-C port and pogo pins not currently accessible to Auditor (a near future GrapheneOS release will add support for the built-in Auditor app reading the new setting and we'll add support for reporting the full set of modes)
change the High security level to meaning the combination of a StrongBox Hardware Security Module (Pixel 3 and later) and a pairing-specific attestation signing key (Pixel 6 and later for pairings made since we added support for it in June 2022) instead of displaying it as Very High and display only having StrongBox as Standard since every non-end-of-life Pixel has both features
extend certificate validity for attestation responses by 5 minutes for a total validity period of 15 minutes due to the existing 5 minute leeway before and after
drop support for earlier protocol versions and raise minimum Auditor version to 73 where the current protocol version was introduced
modernize code including very minor performance improvements
update Gradle to 8.10.1
update Guava library to 33.3.1

A full list of changes from the previous release (version 85) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 2

08 Sep 05:54

thestinger

94f8d76

Notable changes in version 85:

make remote verification more prominent by moving it to the main screen from the action menu
use correct theme for attestation activity background color
add support for Material You
update NDK to 27.1.12297006
enable generation of v4 APK signatures to replace fs-verity metadata for updates on Android 15 GrapheneOS

A full list of changes from the previous release (version 84) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 2

29 Aug 21:31

thestinger

bc48eef

Notable changes in version 84:

add support for Pixel 9 Pro Fold with either the stock OS or GrapheneOS
update Android Gradle plugin to 8.6.0
update Kotlin to 2.0.20

A full list of changes from the previous release (version 83) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Assets 2

21 Aug 18:35

thestinger

0e36329

Notable changes in version 83:

add support for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL with either the stock OS or GrapheneOS
mark legacy devices which are no longer supported as explicit unsupported
update Android Gradle plugin to 8.5.2
update Android NDK to 27.0.12077973
update Gradle to 8.10
update Guava library to 33.3.0

A full list of changes from the previous release (version 82) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 2

27 Jul 16:52

thestinger

7939182

Notable changes in version 82:

update minimum Android version in introduction to 12
raise minimum OS version for verification to 12
raise minimum patch level for verification to 2021-10-05
drop support for device models without Android 12

A full list of changes from the previous release (version 81) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 2

27 Jul 05:38

thestinger

024b19f

Notable changes in version 81:

add dedicated error message explaining how to work around an attestation failure occurring after a system_server crash by rebooting the device
reword error message for an invalid number of Auditor app signing keys reported by the attestation data
add more info to error messages for package info
raise minimum supported Android version to 12 (API level 31) based on it being the oldest release with security support
update CameraX library to 1.3.4
update Guava library to 33.2.1
update AndroidX AppCompat library to 1.7.0
update Android Gradle plugin to 8.5.1
update Android NDK to 26.3.11579264
update Android build tools to 35.0.0
update Gradle to 8.9

A full list of changes from the previous release (version 80) is available through the Git commit log between the releases.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

Assets 2

Uh oh!

Releases: GrapheneOS/Auditor

90

Uh oh!

89

Uh oh!

88

Uh oh!

87

Uh oh!

86

Uh oh!

85

Uh oh!

84

Uh oh!

83

Uh oh!

82

Uh oh!

81

Uh oh!