One of the features I'm working on adding to Android TEEs for N is an attestation API. It will be implemented in our TEE, Qualcomm's, Trustonic's, etc. However, that will only assure the relying party that the device attesting has an officially-blessed TEE, and that the Android OS that was booted was an officially-blessed image as well. It can't say anything about the state of Android, whether or not it has been compromised in some way that doesn't involve modifying the boot images. The SafetyNet attestation can theoretically provide some level of assurance that the device is not compromised, though at the moment I believe it really only validates that the device is not an emulator and that it hasn't been rooted in an obvious way.
On Fri, Oct 16, 2015 at 2:06 PM Bryan Buckley <[email protected]> wrote: > Trusted Execution Environment's are more common on Android smartphones > than TPMs. Trustonic's TEE has attestation API accessible from the Trusted > Application [pdf > <https://wiki.helsinki.fi/download/attachments/117218151/SP-2013-06-0097.R1_Kostiainen.pdf> > ] > > On Thu, Oct 15, 2015 at 8:26 AM, Karthik k <[email protected]> > wrote: > >> Hey, >> >> I recently read about PC/Desktops which comes with TPM chips which is >> used for >> remote attestation >> <https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation>. >> >> So following are my questions: >> >> 1. Does any Android smartphone comes with TPM chip? >> >> 2. Is there any way for a service provider to check whether the user is >> accessing their service from a compromised Android OS? >> (i.e., Does Android platform provide any mechanism for remote >> attestation?) >> >> >> Thank you, >> Karthik >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to >> [email protected]. >> Visit this group at >> http://groups.google.com/group/android-security-discuss. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- Shawn Willden | Software Engineer | [email protected] | 303-709-2258 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
