Comment by microtonal
2 hours ago
Definitely not bad all the time. For instance, GrapheneOS provides the Auditor app, with which you can verify from another phone or from a server that the OS is not tampered with. It also uses remote attestation.
So, there are certainly useful applications.
I question the usefulness of Auditor. It can flag if a modified version of GrapheneOS has been booted, for example. But flashing a modified version of GrapheneOS requires erasing userdata, which you'd notice the moment all your data isn't there. Unless someone uses an exploit, but Key Attestation cannot detect exploits.
I suppose if you've bought a device with GrapheneOS already installed, you can use it to verify the installation. But that could also be achieved by reflashing a known-good image yourself.
Largely agreed. Though I think there are useful applications: 1. the one you mention; 2. to protect against installation of a malicious image (e.g. because your browser/certificate store compromised); 3. a sophisticated attack where an attacker knows your credentials at some point (e.g. PIN), extract your data when the phone is unattended, flashes a compromised image, and restores the data (with the goal to surveil your phone).
Admittedly, most of these are probably nation state-level attacks, but I think some GrapheneOS users are the target of such attacks. Also, it doesn't hurt to run Auditor after a fresh install to protect against the second scenario. It only takes a minute, better safe than sorry.