Chain of Trust

Open Source,
Fully Verifiable.

We're not asking you to "trust us". You can verify yourself that the mobile app you use and the server that processes your data are byte-for-byte identical to the code you see on GitHub.

1. Enclave Attestation

To prove the code running on our servers has not been altered, we use Remote Attestation technology.

Step: PCR Values

When the code on GitHub is built, it produces a unique fingerprint called "PCR0". If a single character changes in the code, this fingerprint becomes entirely different.

Step: Hardware Proof

AWS Nitro hardware scans the running code and signs an "Attestation Document" with its own digital signature underneath.

How can you check it yourself?

  1. 1Clone our GitHub repo and build your own image via the Dockerfile.
  2. 2Note the PCR0 value produced by the build.
  3. 3Download the live Attestation Document and compare its PCR0 value with yours. If they match, the code is identical.

Binding Proof: Public Key Binding

But what if someone showed you an old document belonging to a different Enclave? This is where Public Key Binding kicks in.

The Enclave generates a new key for every session and sends it to AWS Nitro to be "sealed inside the Attestation Document".

Your phone compares the key inside the document with the binding key sent to it. If the seal doesn't match, it cuts the connection instantly.

2. Android Code Transparency

On Android, VerifyBlind uses a Deterministic Build infrastructure. We prove that the code of the app on your phone is byte-for-byte identical to the code in the open-source repository.

Offline Cryptographic Seal

The Android package built on GitHub is sealed with a 3072-bit transparency signature in our isolated environment before being uploaded to Google Play. If the code is tampered with, the seal is broken instantly.

Byte-for-Byte Output Comparison

You can verify the chain of trust yourself by comparing the build hashes in GitHub Action reports against the hashes of the files on your phone.

# To verify the code on your phone:
$ java -jar bundletool.jar check-transparency --mode=connected_device --package-name=com.verifyblind.mobile
Code transparency verified: code related file contents match the code transparency file.
# VerifyBlind Transparency Key:
A9 89 BA D4 84 4E 36 AC D2 E4 76 8C 86 B4 59 A2 87 7D F7 90...

3. iOS Code Verification

On iOS, Apple's FairPlay encryption prevents reproducing and byte-comparing the binary from the device (a platform constraint for all Apple apps). Instead, we prove that the version distributed via Apple (App Store/TestFlight) was built from the open source on GitHub, using a cryptographic build provenance.

Signed Provenance (Sigstore)

Each release is signed with Sigstore/cosign as it is produced in the GitHub Actions workflow; this signature binds the distributed build to the exact commit and workflow it came from. You can verify it offline on your Mac with verify-ios.sh.

Apple Signature + App Attest

Stock iOS only runs the Apple-signed copy; additionally, the app's authenticity is proven to our server on every registration via Apple App Attest. Together these three links establish the 'running app = published code' chain.

# To bind the Apple build to the source (Mac):
$ ./verify-ios.sh
Build provenance verified: Sigstore attestation matches the published source commit.
# Verified provenance:
commit: a1b2c3d4 · workflow: ios-prod.yml@refs/tags/build-N