Advice Request Auditor - Hardware-based IDS for Android - What does it do?

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 85179

I use it as it's included in GrapheneOS. But highly recommend for every supported device.

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

See GrapheneOS/Auditor
 

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
603
It checks if your phone has been tampered with from another source. I think it's highly useful for alternative OSs and Android phones that don't have hardware security modules aka TPMs like Pixels with Titan Ms or Samsungs with KNOX or iPhones with Secure Enclave. I don't think it's working with Android 11 anymore. I tried another app called Key Attestation Demo that does the same thing on phone and it says it has no longer access to StrongBox/hardware security module. Whatever Android did, they kicked everyone out of using StrongBox starting with 11 other than OS processes lol. See screenshots.

Seems Google is enforcing a strict whitelist on what certificates can utilize StrongBox now. Almost everything is relegated to Trusted Execution Environment which is still very very secure unless you are subject to an active side channel attack. Long story short, Auditor hasn't been working for me since I updated to Android 11.
 

Attachments

  • Screenshot_20200913-104826.png
    Screenshot_20200913-104826.png
    170.5 KB · Views: 551
  • Screenshot_20200913-104838.png
    Screenshot_20200913-104838.png
    76.4 KB · Views: 561
Last edited:
F

ForgottenSeer 85179

Update for Auditor:

It's also fully compatible with Android 11 as I say before. (Otherwise it wouldn't be included in GrapheneOS - now based on Android 11) :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top