Mastodawn

If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this.

Android's documentation and sample libraries are biased towards Google by using them as the only valid root of trust and the API is biased towards stock operating systems but it's better than a centralized API.

https://infosec.exchange/@rene_mobile/116286110700616525

Show thread

GrapheneOS 1d ago

Apps should only resort to this if they're forced to do it. Root-based attestation provides minimal security and is easy to bypass. It's inherently insecure due to trusting the weakest security systems. A leaked key from the TEE/SE on any device can be used to spoof attestations for any device.

Play Integrity permits a device with years of missing security patches. It isn't a legitimate security feature. It checks for a device in compliance with Google's Android business model, not security.

Show thread

GrapheneOS 1d ago

Unified Attestation is another anti-competitive system putting companies selling products in control of which devices and operating systems are allowed to be used. As with the Play Integrity API, it's a phony security feature existing solely to get their products permitted while disallowing fair market competition.

Show thread

GrapheneOS 1d ago

Android's hardware attestation API is problematic for a free and open market because it supports root-based attestation. However, it does at least support choosing arbitrary trusted roots and arbitrary trusted operating systems. It isn't locked to Google's roots or stock OSes they certify.

Show thread

GrapheneOS 1d ago

We made a proposal to Google for pinning-based attestation support for Android hardware attestation and they ended up implementing it. It can be used in combination with root-based attestation or without it. It doesn't have the anti-competitive properties and provides far more actual security value.

Show thread

GrapheneOS 1d ago

Root-based attestation trusts the whole hardware attestation ecosystem. Leaked keys from any device can be used to bypass it. Pinning-based attestation starts trust from first use and then provides a high level of security based on the security of the device's early boot chain and secure element.

Show thread

GrapheneOS 1d ago

Root-based attestation is mainly used to disallow an arbitary device, OS or modified app for control rather than security. Pinning-based attestation lacks those negatives and can be very secure. It can be bootstrapped by root-based attestation but it works without it and it's not the only approach.

Show thread

opinonToo

@GrapheneOS do you have links to more information on pinning-based attestation? It is important to point app devs to it in order to avoid attestation by play integrity api.