I question the usefulness of Auditor. It can flag if a modified version of GrapheneOS has been booted, for example. But flashing a modified version of GrapheneOS requires erasing userdata, which you'd notice the moment all your data isn't there. Unless someone uses an exploit, but Key Attestation cannot detect exploits.
replyI suppose if you've bought a device with GrapheneOS already installed, you can use it to verify the installation. But that could also be achieved by reflashing a known-good image yourself.
Largely agreed. Though I think there are useful applications: 1. the one you mention; 2. to protect against installation of a malicious image (e.g. because your browser/certificate store compromised); 3. a sophisticated attack where an attacker knows your credentials at some point (e.g. PIN), extract your data when the phone is unattended, flashes a compromised image, and restores the data (with the goal to surveil your phone).
replyAdmittedly, most of these are probably nation state-level attacks, but I think some GrapheneOS users are the target of such attacks. Also, it doesn't hurt to run Auditor after a fresh install to protect against the second scenario. It only takes a minute, better safe than sorry.