Q&A Auditor - Hardware-based IDS for Android - What does it do?

SecurityNightmares

Level 36
Verified
Jan 9, 2020
2,554
I use it as it's included in GrapheneOS. But highly recommend for every supported device.

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

See GrapheneOS/Auditor
 

SpiderWeb

Level 4
Aug 21, 2020
189
It checks if your phone has been tampered with from another source. I think it's highly useful for alternative OSs and Android phones that don't have hardware security modules aka TPMs like Pixels with Titan Ms or Samsungs with KNOX or iPhones with Secure Enclave. I don't think it's working with Android 11 anymore. I tried another app called Key Attestation Demo that does the same thing on phone and it says it has no longer access to StrongBox/hardware security module. Whatever Android did, they kicked everyone out of using StrongBox starting with 11 other than OS processes lol. See screenshots.

Seems Google is enforcing a strict whitelist on what certificates can utilize StrongBox now. Almost everything is relegated to Trusted Execution Environment which is still very very secure unless you are subject to an active side channel attack. Long story short, Auditor hasn't been working for me since I updated to Android 11.
 

Attachments

  • Screenshot_20200913-104826.png
    Screenshot_20200913-104826.png
    170.5 KB · Views: 218
  • Screenshot_20200913-104838.png
    Screenshot_20200913-104838.png
    76.4 KB · Views: 219
Last edited:

SecurityNightmares

Level 36
Verified
Jan 9, 2020
2,554
Update for Auditor:

It's also fully compatible with Android 11 as I say before. (Otherwise it wouldn't be included in GrapheneOS - now based on Android 11) :)
 
Top