GrapheneOS1d ago

If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this.

Android's documentation and sample libraries are biased towards Google by using them as the only valid root of trust and the API is biased towards stock operating systems but it's better than a centralized API.

https://infosec.exchange/@rene_mobile/116286110700616525

Show threadGrapheneOS1d ago

Apps should only resort to this if they're forced to do it. Root-based attestation provides minimal security and is easy to bypass. It's inherently insecure due to trusting the weakest security systems. A leaked key from the TEE/SE on any device can be used to spoof attestations for any device.

Play Integrity permits a device with years of missing security patches. It isn't a legitimate security feature. It checks for a device in compliance with Google's Android business model, not security.

Show threadGrapheneOS1d ago
Unified Attestation is another anti-competitive system putting companies selling products in control of which devices and operating systems are allowed to be used. As with the Play Integrity API, it's a phony security feature existing solely to get their products permitted while disallowing fair market competition.
Show threadMisha
@GrapheneOS I haven't seen you post about unified attestation for days. I was beginning to worry you'd changed your mind. How am I supposed to know your thoughts on unified attestation if you don't post about it daily?
Mar 25 at 1:20amMastodon for Android
Show threadMisha1d ago
@GrapheneOS The above is a joke, GrapheneOS is an awesome project.
Show threadGrapheneOS1d ago
@migam830 We'll stop posting about it after it's discontinued.