Pixel stock Android on AVF ( Android 16 )

ChemicalWonka1

I have a question that may seem silly but I think it's pertinent due to the case of Play Integrity API. I saw that the developers of GrapheneOS intend to include a native app in the system for operating system virtualization in Android 16 through the AVF

My question is: Is there any possibility to emulate the Pixel's native Android using this feature?

de0u

ChemicalWonka1 Is there any possibility to emulate the Pixel's native Android using this feature?

I think that would be hard. But regardless I believe that remote attestation would be able to tell the difference between the same Android system image running in a VM versus running on hardware.

ryrona

ChemicalWonka1 No, attestation is specifically designed in a secure way such that you as a remote server can get a signed attestation of in what environment the app is running.

Simplified:

Attestation is built by including a specific hardware component in your device, generally referred to as a security chip. When you power on your device, the signing key and version of the bootloader is sent to the security chip, before the bootloader starts. And then the bootloader sends the signing key and version of the operating system it loads to the security chip, before actually launching the operating system. When an app asks for an attestation, the operating system will send the signing key and version of the loaded app to the security chip too, and any auxiliary data the app itself wants to include, and then ask the security chip to sign it all with the attestation key, and send the signed data back including the certificate of the security chip. The certificate says what device the security chip was installed into, and is signed by the maker of the security chip.

The remote server will thus be able to cryptographically verify that the attestation was signed by a legitimate security chip, and will be able to verify what device type it is, what bootloader is installed and running, what OS is installed and running, and also what specific app is installed and running. If they believe any of those things to not be secure enough, they can deny you service based on this attestation.

A virtual machine would not help. Your operating system would then tell the security chip that the attestation request comes from the virtual machine, and the signed attestation would reveal that. Alternatively, the OS need to lie to the security chip, but if the OS is known to be one that lies about the attestation, it is highly unlikely the OS will be trusted by the service provider, and the bootloader already have told truthfully to the security chip what OS it is that is loaded. Attestation if implemented correctly cannot be fooled.

Play Integrity API at its strongest level is supposed to be correctly implemented attestation. And they have chosen to reject all non-stock OSes.