Initial release of my Auditor app as an independent project: github.com/AndroidHardeni. It's also available on the Play Store as a free app: play.google.com/store/apps/det.
It provides hardware-based integrity and identity verification for a gradually expanding set of supported devices.
Conversation
Replying to
It can be used to verify one of the supported devices from any Android 7+ device running another instance of the app.
It can also be used with my attestation.app service to schedule regular automatic verification. The service can send email alerts if anything goes wrong.
1
At the moment, the service supports sending email alerts if a device fails to provide a valid remote attestation within a configurable time period. In the future, it will support configuring alerts based on selected changes in information provided by hardware or software checks.
1
Every Android device launched with Android 8 or later has support for the minimum set of hardware security features. However, I need at least one person on each device model to use the 'Submit sample data' option in the app menu while using the stock OS with a locked bootloader.
1
1
1
It's harmless to get submissions from devices without the stock OS or without a locked bootloader, but it's not enough to add support for that device model.
I publish the sample attestation certificate chains and a subset of the system properties at github.com/AndroidHardeni.
1
Replying to
Slightly off the main topic, but the way I've read you can detect if an Android phone has a TEE is by first creating a key then calling isInsideSecureHardware on it. Is there a better way to check if a device just has a TEE?
Replying to
"It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) including the verified boot state, operating system variant and operating system version."
2
1
Show replies
Replying to
Just a suggestion instead of providing option if device is supported and not in the interface also add that via google play compatibility matrix if possible. That ways it will be easy going for you too.
1
Replying to
It can be used on any Android 7+ to verify the supported devices so it can't be restricted to only potentially supported devices. It needs to be possible to install it on any potentially supported device (i.e. launched with Android 8 or later) to submit samples from there too.
1
Show replies
Looks promising, add support for MI a1 when you can. Thanks.
1
It wasn't launched with Android 8 and doesn't have the necessary hardware support: twitter.com/DanielMicay/st. It's up to people with other devices launched with Android 8+ to install the app and use the 'Submit sample data' feature. No samples from a device prevents supporting it.
Quote Tweet
Every Android device launched with Android 8 or later has support for the minimum set of hardware security features. However, I need at least one person on each device model to use the 'Submit sample data' option in the app menu while using the stock OS with a locked bootloader.
Show this thread