SafetyNet attestation is not meaningfully verified. It's a much different thing than hardware-based attestation. Devices launched with Android 8 or later have the necessary hardware support for hardware-based attestation. SafetyNet doesn't build on it but rather is pure theatre.
Conversation
If you verify solely based on the attestation root of trust, that would mean compromising the hardware keystore on a single device is a full compromise of the entire attestation system. It's not a solution to this problem since you need do pairing for it to provide good security.
1
Even if you had a way to securely bootstrap, vast majority of devices don't have a secure element providing a StrongBox keystore but rather only a TrustZone-based keystore. TrustZone security is not great. Also, checking patch level in the attestation will rule out most devices.
1
See attestation.app/about if you're interested in it. I built github.com/GrapheneOS/Aud and github.com/GrapheneOS/Att to provide a way for users to use hardware-based attestation with Trust-On-First-Use pairing. It does bootstrap with the root, but that's an incredibly weak check.
1
Verification based on the attestation root is essentially only useful for implementing anti-cheat / DRM. It can be fooled by anyone able to compromise a single TEE / SE on any device, including one without updated firmware. Bunch of companies also have access to valid batch keys.
1
I don't see another way of doing it for use cases like this with the current implementation. It would certainly be better than not using any hardware-based attestation at all, but unless the devices are going to have pairing done before being distributed to users it's very weak.
1
Thanks for this thread. What I think I'm hearing is that the sort of attestation that would be a meaningful lower bar for a voting app isn't going to happen any time soon for most Android devices.
1
1
In a less unpopular opinion than I initially expressed, I’d argue that SafetyNet / DeviceCheck may be Good Enough (TM) in practice.
What is an individual jailbreaking/rooting their phone able to achieve?
2
1
You want to know:
. No app is overdrawing the voting app (switching candidates), or otherwise compromising integrity or privacy
. The real app is running on a real phone (not some attacker in the cloud)
Separately, you to authenticate the voter, maybe bind to the phone.
4
If the device was paired using hardware-based attestation when it wasn't compromised, it gives a very strong assurance that it has the latest security patch level and isn't compromised. The inclusion of the patch level is a big deal. Chained trust to the app allows other checks.
1
Even ignoring the bootstrapping issue, I don't think it's good enough for serious voting. Even 0.1% of devices being compromised in a widespread attack is a massive problem. There are other problems beyond the actual security of devices too. Voting has more to it than just this.
The *perception* of security and *trust* in the system matters. The public needs to believe in the system and have a full understanding of why it's trustworthy. Think about a president refusing to give up power because they claim that the election results were compromised.
1
1
1
If you have online voting, it becomes very plausible that it was compromised. Even if you have some incredibly secure system that's formally verified with special software / hardware distributed to every citizen, that's not good enough.
1
1
Show replies