logoalt Hacker News

microtonalyesterday at 5:25 PM1 replyview on HN

Definitely not bad all the time. For instance, GrapheneOS provides the Auditor app, with which you can verify from another phone or from a server that the OS is not tampered with. It also uses remote attestation.

So, there are certainly useful applications.


Replies

Retr0idyesterday at 5:46 PM

I question the usefulness of Auditor. It can flag if a modified version of GrapheneOS has been booted, for example. But flashing a modified version of GrapheneOS requires erasing userdata, which you'd notice the moment all your data isn't there. Unless someone uses an exploit, but Key Attestation cannot detect exploits.

I suppose if you've bought a device with GrapheneOS already installed, you can use it to verify the installation. But that could also be achieved by reflashing a known-good image yourself.

show 1 reply