Auditor is finally going to be using the StrongBox Keymaster by default for new pairings:
github.com/GrapheneOS/Aud
Existing pairings will continue using the traditional TEE-based keymaster for compatibility due to verified boot key fingerprint and certificate chain pinning.
Conversation
This Tweet was deleted by the Tweet author. Learn more
Replying to
Yes, it will be part of Auditor version 11 which is currently in development.
This Tweet was deleted by the Tweet author. Learn more
Replying to
No, not at the moment. Auditor is included in GrapheneOS and is available through the Play Store for the stock OS:
play.google.com/store/apps/det
Most alternative operating systems cannot be supported because they poke too many holes in the security model and disable verified boot.
1
Replying to
The releases are also available via github.com/GrapheneOS/Aud. I don't have much reason to put it in an F-Droid repository at the moment. F-Droid is free to distribute the official releases through their official repository. It wouldn't make sense to distribute third party builds.
1
Replying to
Auditor chains trust from hardware through the OS to the app via key attestation. That means the official attestation.app server and app releases only consider the official releases of the app to be a valid Auditee. Similarly, third party builds wouldn't trust each other.
Replying to
So, unless they're willing to redistribute the official builds, it wouldn't make sense to have it in the standard F-Droid repository. I'm not particularly in having my own repository for it since having it included in GrapheneOS and on the Play Store covers nearly all use cases.