Add device integrity/verification recommendations

config/mkdocs.en.yml

@@ -126,6 +126,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - Advanced:
+      - 'device-integrity.md'
   - About:
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.es.yml

@@ -124,6 +124,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - Advanced:
+      - 'device-integrity.md'
   - Acerca de:
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.fr.yml

@@ -124,6 +124,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - "Advanced":
+      - 'device-integrity.md'
   - "À propos":
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.he.yml

@@ -128,6 +128,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - "Advanced":
+      - 'device-integrity.md'
   - "על אודות":
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.it.yml

@@ -124,6 +124,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - "Advanced":
+      - 'device-integrity.md'
   - Informazioni:
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.nl.yml

@@ -124,6 +124,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - "Advanced":
+      - 'device-integrity.md'
   - Over ons:
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.ru.yml

@@ -126,6 +126,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - Advanced:
+      - 'device-integrity.md'
   - О сайте:
     - 'about/index.md'
     - 'about/criteria.md'

config/mkdocs.zh-Hant.yml

@@ -126,6 +126,8 @@ nav:
       - 'android.md'
       - 'desktop.md'
       - 'router.md'
+    - Advanced:
+      - 'device-integrity.md'
   - 關於:
     - 'about/index.md'
     - 'about/criteria.md'

docs/android.md

@@ -216,40 +216,6 @@ We recommend a wide variety of Android apps throughout this site. The apps liste
 
     When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
 
-### Auditor
-
-!!! recommendation
-
-    ![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right }
-    ![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right }
-
-    **Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
-
-    [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
-    [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
-    [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
-    [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
-    [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
-
-    ??? downloads
-
-        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
-        - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
-        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
-
-Auditor performs attestation and intrusion detection by:
-
-- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*.
-- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
-- The *auditor* records the current state and configuration of the *auditee*.
-- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
-- You will be alerted to the change.
-
-No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
-
-If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
-To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
-
 ### Secure Camera
 
 !!! recommendation

docs/device-integrity.md

@@ -0,0 +1,141 @@
+---
+title: "Device Integrity"
+icon: material/security
+description: These tools can be used to check your devices for compromise.
+cover: device-integrity.webp
+---
+
+These tools can be used to check your devices for indicators of compromise. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
+
+It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
+
+## Disclaimer
+
+If any of these tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise you to contact:
+
+- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty Tech](https://securitylab.amnesty.org/contact-us/)
+- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
+- Local law enforcement
+
+**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
+
+The tools on this page are only capable of detecting indicators of compromise, not removing them. If you are concerned about having been compromised, we advise that you:
+
+- Consider replacing the device completely
+- Consider changing your SIM/eSIM number
+- Not restore from a backup, because that backup may be compromised
+
+## External Verification Tools
+
+External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
+
+!!! danger
+
+    Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
+
+    Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
+
+    Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/).
+
+These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
+
+### Mobile Verification Toolkit
+
+!!! recommendation
+
+    ![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
+
+    **Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
+
+    [:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
+    [:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
+
+    ??? downloads
+
+        - [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
+        - [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
+
+!!! warning
+
+    Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+
+MVT is *most* useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android`` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
+
+### iMazing (iOS)
+
+!!! recommendation
+
+    ![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
+
+    **iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
+
+    [:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
+
+    ??? downloads
+
+        - [:simple-windows11: Windows](https://imazing.com/download)
+        - [:simple-apple: macOS](https://imazing.com/download)
+
+## On-Device Verification
+
+These are apps you can install on your device which check for signs of tampering.
+
+!!! warning
+
+    Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
+
+### Auditor (Android)
+
+!!! recommendation
+
+    ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
+    ![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
+
+    **Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
+
+    [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
+    [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
+    [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
+
+    ??? downloads
+
+        - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
+        - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
+        - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
+
+Auditor performs attestation and intrusion detection by:
+
+- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*.
+- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
+- The *auditor* records the current state and configuration of the *auditee*.
+- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
+- You will be alerted to the change.
+
+No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
+
+If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service.
+To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
+
+### iVerify (iOS)
+
+!!! recommendation
+
+    ![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
+
+    **iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
+
+    [:octicons-home-16: Homepage](https://www.iverify.io/consumer){ .md-button .md-button--primary }
+    [:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
+    [:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
+
+    ??? downloads
+
+        - [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
+
+Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit).
+
+iVerify is **not** an "antivirus" tool, and will not detect non-system-level malware such as malicious custom keyboards or malicious Wi-Fi Sync configurations, for example.

docs/tools.md

@@ -157,6 +157,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 
 - ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us)
 - ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
+
 </div>
 
 [Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services)
@@ -432,7 +433,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 - ![Obtainium logo](assets/img/android/obtainium.svg){ .twemoji } [Obtainium (App Manager)](android.md#obtainium)
 - ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
 - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
-- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
 - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
 - ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
 
@@ -468,3 +468,13 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
 </div>
 
 [Learn more :material-arrow-right-drop-circle:](router.md)
+
+### Device Integrity Verification
+
+<div class="grid cards" markdown>
+
+- ![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](device-integrity.md#auditor)
+
+</div>
+
+[Learn more :material-arrow-right-drop-circle:](device-integrity.md)

includes/strings.en.yml

@@ -33,6 +33,7 @@ nav:
   Internet Browsing: Internet Browsing
   Providers: Providers
   Software: Software
+  Advanced: Advanced
   About: About
   Community: Community
   Online Services: Online Services