Auditor (GrapheneOS variant) uses hardware-backed security to validate OS integrity across devices, confirming stock OS with a locked bootloader and detecting downgrades. It employs Trust On First Use via pinning to establish a trusted device identity and continues to verify identity after initial pairing. With 10,000+ total downloads and -1 in the last 30 days across a roughly 2818‑day lifespan, Auditor targets a disciplined, security-focused audience.
Pros & Cons
Hardware-backed OS integrity verification
Detection of tampering and downgrades
Trust On First Use via pinning for stronger security
Explicit identity verification after initial verification
Limited device compatibility due to hardware security requirements
Narrow feature scope focused on OS integrity rather than broader security monitoring
About Auditor (GrapheneOS variant)
Auditor (GrapheneOS variant) was a tools app developed by GrapheneOS. It was removed from Google Play Dec 6, 2022 and is no longer available for download.
Download Statistics
Auditor (GrapheneOS variant) had been downloaded 22 thousand times before it became unavailable.
User Ratings
Auditor (GrapheneOS variant) was rated 4.85 out of 5 stars, based on 160 ratings.
App Information
Auditor (GrapheneOS variant) was free to download. The APK download size was 2.77 MB. The last available version was 66. The last update was on November 15, 2022.
Technical Requirements
Auditor (GrapheneOS variant) required Android 8.0+ or higher. The app had a content rating of Everyone. The app had been available on Google Play August 2018.
Description
The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. Supported devices:
See the supported device list for a list of devices which can be verified by using them as the Auditee.
It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification.
See the tutorial for detailed usage instructions. This is included as the Help entry in the app menu. The app also provides basic guidance through the process. See the documentation for a more detailed overview.
Recent changes: Notable changes in version 66:
• update CameraX library to 1.3.0-alpha01 • update ZXing library to 3.5.1 • update Kotlin Gradle plugin to 1.7.21 • remove obsolete lint workarounds
See https://github.com/GrapheneOS/Auditor/releases/tag/66 for the release notes.
Get a detailed PDF report for Auditor (GrapheneOS variant) with download trends, rating history,
and key performance statistics — useful for competitive research or tracking your own app.
Learn more
Comments on Auditor (GrapheneOS variant) for Android
★★★★★
One of its kind app that lets you see different security and system parameters, verify device integrity and even integrates with remote attestation.
★★★★★
Must have app if you care about security and your device is supported by this app. Daniel is one of the best security researchers out there. Oh and his GrapheneOS project has this app built in.
★★★★★
It's really nice to have an app to verify that my OS haven't tampered with. The app is easy to use as well. Pretty amazing tech.
★★☆☆☆
I keep finding this on my devices is this part of a hacking app/os? Had a pixel 3 with a completely y different OS....signature at the top of encoding was a reference to hitchickers guide I think "whats the answer to life the universe and everything" and a reference to pie...any help would be appreciated by devlepor please ...grapheneos installed even though I never did it....think I've been hacked ...not sure why but I will find out
Technologies used by Auditor (GrapheneOS variant)
6 permissions·9 libraries
Subscribe to see full permission and library details
Trust & Safety: Requests a focused set of permissions (CAMERA, INTERNET, POST_NOTIFICATIONS, QUERY_ALL_PACKAGES, RECEIVE_BOOT_COMPLETED, USE_BIOMETRIC). The app leverages hardware-backed verification and a pairing workflow to establish trust and identity. While its security posture appears well-aligned with its purpose, users should review the broad QUERY_ALL_PACKAGES permission in context with their privacy preferences.
Each subscription will automatically renew 3 days before the expiration date for
the same time period. Subscriptions can be cancelled at any time before the renewal.