Notable changes in version 89:

• remove support for checking OEM unlocking state outside GrapheneOS since Android 15 QPR2 removed the system property
• add support for GrapheneOS security state manager extension included in the upcoming release of GrapheneOS providing support obtaining additional security state information including the OEM unlocking state, user count, GrapheneOS auto-reboot configuration and GrapheneOS USB-C port and pogo pins control configuration (this requires a signature permission based on the GrapheneOS signing key for Auditor)
• raise minimum API level to 33 (Android 13) since Android 13 is the oldest release with security support
• raise minimum OS version for verification to Android 13
• raise minimum patch level for verification to 2022-08-05 (first release of Android 13)
• drop support for devices without official Android 13 support including 3rd generation Pixels and all previously supported non-Pixel devices (non-Pixel devices running the stock OS will be supported via a generic approach in a future release)
• drop obsolete first API level check for sample submission (no longer relevant due to Android 8 being launch such a long time ago)
• update Guava library to 33.4.8
• update Android Gradle plugin to 8.9.2

A full list of changes from the previous release (version 88) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device’s Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.