Auditor - hardware-based intrusion detection

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:

* BlackBerry Key2 (BBF100-1 and BBF100-6 models)
* BQ Aquaris X2 Pro
* Google Pixel 2
* Google Pixel 2 XL
* Google Pixel 3
* Google Pixel 3 XL
* Google Pixel 3a
* Google Pixel 3a XL
* Huawei Honor 7A Pro (AUM-L29 model)
* Honor 9 Lite (LLD-L31 model)
* Huawei Honor 10 (COL-L29 model)
* Huawei Honor View 10 (BKL-L04 and BKL-L09 models)
* Huawei Mate 10 (ALP-L29 model)
* Huawei Mate 20 lite (SNE-LX1 model)
* Huawei Mate 20 Pro (LYA-L29 model)
* Huawei P smart 2019 (POT-LX3 model)
* Huawei P20 (EML-L09 model)
* Huawei P20 Pro (CLT-L29 model)
* Huawei Y7 2019 (DUB-LX3 model)
* Huawei Y9 2019 (JKM-LX3 model)
* HTC EXODUS 1
* HTC U12+
* LG Stylo 5 (LM-Q720 model)
* LG Q Stylo 4 (LG-Q710AL model)
* Motorola moto g⁷
* Motorola One Vision
* Nokia 3.1
* Nokia 6.1
* Nokia 6.1 Plus
* Nokia 7.1
* Nokia 7 Plus
* OnePlus 6 (A6003 model)
* OnePlus 6T (A6013 model)
* OnePlus 7 Pro (GM1913 model)
* Oppo R15 Pro (CPH1831 model)
* Oppo A7 (CPH1903 model)
* Oppo A5s (CPH1909 model)
* Realme C2 (RMX1941 model)
* Samsung Galaxy A70 (SM-A705FN model)
* Samsung Galaxy Amp Prime 3 (SM-J337AZ model)
* Samsung Galaxy J2 Core (SM-J260A, SM-J260F and SM-J260T1 models)
* Samsung Galaxy J3 2018 (SM-J337A and SM-J337T models)
* Samsung Galaxy J7 (SM-J737T1 model)
* Samsung Galaxy M20 (SM-M205F model)
* Samsung Galaxy Note 9 (SM-N960F and SM-N960U models)
* Samsung Galaxy Note 10 (SM-N970F and SM-N970U models)
* Samsung Galaxy Note 10+ (SM-N975U model)
* Samsung Galaxy S9 (SM-G960F, SM-G960U, SM-G960U1, SM-G960W and SM-G9600 models)
* Samsung Galaxy S9+ (SM-G965F, SM-G965U, SM-G965U1 and SM-G965W models)
* Samsung Galaxy S10e (SM-G970F model)
* Samsung Galaxy S10+ (SM-G975F model)
* Samsung Galaxy Tab A 10.1 (SM-T510 model)
* Samsung Galaxy Tab S4 (SM-T835 model)
* Sony Xperia XA2 (H3113, H3123 and H4113 models)
* Sony Xperia XZ1 / XZ1 Compact (G8341 and G8342 models)
* Sony Xperia XZ1 Compact (G8441 model)
* Sony Xperia XZ2 (H8216 model)
* Sony Xperia XZ2 Compact (H8314 and H8324 models)
* T-Mobile REVVL 2
* Vivo 1807
* Xiaomi Mi A2
* Xiaomi Mi A2 Lite
* Xiaomi Mi 9
* Xiaomi POCOPHONE F1

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.

See https://attestation.app/tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See https://attestation.app/about for a more detailed overview.

* https://github.com/GrapheneOS/Auditor
* https://github.com/GrapheneOS/AttestationServer
* https://github.com/GrapheneOS/AttestationSamples

Category : Tools

Reviews (30)

tim. m. May 24, 2022

Awesome to verify your phones core os hasn't changed. Now that I have 2 Android phones I can verify from a secure OS Graphene OS

Dan. K. May 23, 2022

Smooth, easy to use, reliable, privacy preserving, free and open-source.

Jur. A. Mar 3, 2022

This is what I use to confirm the device's authenticity and ensure that the operating system hasn't been tampered with or downgraded via verified boot. You should do the same.

Jun. O. Apr 5, 2022

Highly secure intrusion defection system for my Pixels. Amazingly high quality and it's open source. Encourage even businesses to implement this app for their Android endpoints.

Rob. N. Mar 2, 2022

When most security software is snake oil, it's surprising to find something that actually does something useful. Apps like these are unicorns.

Gra. J. Feb 25, 2022

Brilliant app that I recommend to anyone with compatible devices. Works well on the stock OS.

Tom. P. May 27, 2022

Love the ability to verify the integrity of my devices

My. A. Aug 20, 2021

I was able to detect a counterfeit/tampered phone. It will be great to put an error code instead of a crash of the app. By the way, i test on an other phone, when the attestation result is '' orange'' what does it mean? If HSM strongbox is written its mean it's the fully secure one? Thanks for your app and your time.

Isa. B. Mar 5, 2022

Fantastic app to ensure the integrity of your OS and particularly useful when used post installation of and in conjunction with GrapheneOS. Highly recommended for security conscious users.

Dan. S. Dec 3, 2021

Excellent app. Has always worked flawlessly for me and gives peace of mind my device is reasonably secure.

AY. May 5, 2022

YOU ALREADY KNOW THAT YO BOI IS GONNA LOVE THIS. HANDS DOWN BEST APP EVER. GrapheneOS never fails to amaze.

Jac. R. May 4, 2022

Really useful to detect any intrusion, simple and efficient.

Zet. I. Jul 1, 2020

This is an excellent app to ensure your Android is running code as expected. I use it on all my Android devices. Excellent work

Ani. Jun 29, 2020

Even though I am on stock android pixel 3, it says attestation error... How from user point of view I get more readable info? Tried responding to the developer contact mail with details, delivery failed...

Luk. C. Jan 3, 2020

What a brilliant idea... I did the reading and like the premise, alas my Xiaomi Mi Mix 2 isn't on the supported list... Keep thinking sideways my friend... Respect.

M. R. Mar 2, 2022

Works great. Thank you GOS team.

Adr. K. Aug 5, 2019

Must have app if you care about security and your device is supported by this app. Daniel is one of the best security researchers out there. Oh and his GrapheneOS project has this app built in.

A. G. u. Nov 6, 2018

Great app, does exactly what described, respect to Daniel for taking the time to build something like this on the side.

Bri. G. Jan 15, 2021

Would've like to try. Great idea. But have Moto G Stylus. Not supported.

Mic. Mar 13, 2020

Confirmed that my device does not have TEE. This new SafetyNet update is really worrisome for root users.

Ind. S. Mar 29, 2022

Security application from GrapheneOS. Verify integrity of installation.

Lor. G. Mar 6, 2022

Love it for for security

Dan. T. Nov 25, 2019

Works as intended and easy to use.

Pra. K. Sep 23, 2019

Seems a great app. How to run this app on Nokia 8.1...?not yet supporting to Nokia 8.1...

Chr. C. Apr 25, 2022

amazing software. thank you for giving me the reassurance i require.

Nit. k. Jan 24, 2020

Error device doesnot supporthardware based attestation

-An. Mar 4, 2022

Gives a peace of mind.

bee. j. Aug 7, 2021

Works as described useful tool

Ton. M. May 27, 2019

Daniel Micay is the saviour of the Information Age. He shall become legendary.

A. G. u. Aug 12, 2018

Daniel Micay the author of this application is one of the only sound minds in the mobile security world to date. He cuts any unnecessary fat and always gets right to the meat. He and his application take a real step towards supplementing safteynet features by putting the power in the user and their peers hands. 10/10 recommend every Android user have this app.