Auditor
4.5star
90 reviews
10K+
Downloads
Everyone
info
About this app
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:
See the supported device list for a list of devices which can be verified by using them as the Auditee.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.
See the supported device list for a list of devices which can be verified by using them as the Auditee.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.
Updated on
Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region and age. The developer provided this information and may update it over time.
No data shared with third parties
Learn more about how developers declare sharing
No data collected
Learn more about how developers declare collection
Committed to follow the Play Families policy
Ratings and reviews
4.5
85 reviews
Meredith Swilling
- Flag inappropriate
- Show review history
4 January 2025
I'm not going to pretend to understand exactly how this works, but the developer's documentation on the tech is really interesting. I like that the app actually looks pretty nice. My only nitpicks are that the great documentation is not inside the app, but on an external site; there is no screen that shows when the last remote attestation was sent; and that names of most of the options in the three dot menu don't make immediately obvious what they do for your threat model.
4 people found this review helpful
Thomas Whitington
- Flag inappropriate
19 February 2023
It's mostly over my head, but it's pretty awesome to check my graphene OS on my new pixel is legitimate. It's a super easy app to use. Highly recommended!
18 people found this review helpful
Raven
- Flag inappropriate
8 November 2022
Brilliant app that allows folks to have an out-of-band verification mechanism that their device is running an unmodified OS.
17 people found this review helpful
What's new
Notable changes in version 88:
• add support for Pixel 9a with either the stock OS or GrapheneOS
• require TLSv1.3 instead of either TLSv1.2 or TLSv1.3
• drop legacy USE_FINGERPRINT permission since we dropped Android 9 support a while ago
• update Bouncy Castle library to 1.80
• update CameraX (AndroidX Camera) library to 1.4.2
• update other dependencies
• minor improvements to code quality
See https://github.com/GrapheneOS/Auditor/releases/tag/88 for the full release notes.
• add support for Pixel 9a with either the stock OS or GrapheneOS
• require TLSv1.3 instead of either TLSv1.2 or TLSv1.3
• drop legacy USE_FINGERPRINT permission since we dropped Android 9 support a while ago
• update Bouncy Castle library to 1.80
• update CameraX (AndroidX Camera) library to 1.4.2
• update other dependencies
• minor improvements to code quality
See https://github.com/GrapheneOS/Auditor/releases/tag/88 for the full release notes.
App support
About the developer
GrapheneOS Foundation
contact@grapheneos.org
198 Bain Ave
Toronto, ON M4K 1G1
Canada
+1 647-760-4804
