We want to add support for submitting attestations via an account on a server. It will be implemented at https://github.com/GrapheneOS/AttestationServer, which is also where we already implement support for submitting samples. Devices paired with the account should be nicely listed out via a web interface. They have a nice provable unique identifier via the fingerprint of the hardware-backed key generated by the app already, which is not overly persistent/identifying like a serialno / IMEI.
The way it will work is the server will send an email alert if the device fails verification, fails to report in for a configured time period or falls behind on security patches.
For example, a device could be set to send an attestation weekly with alerts after 2 weeks of it not reporting in. The app can handle sending the attestations with a periodic JobScheduler
job.
There's currently hardware attestation for the OS version and OS patch level. There's not much that can be done with the OS version automatically, but the OS patch level is incredibly useful for automatic alerts since devices shouldn't be falling far behind. Even if it's because the vendor isn't releasing updates rather than an attacker with root holding back upgrades, it's something a company probably wants to know about their fleet of devices.
A good default for Pixels would be alerts when a device is more than 1 months behind, i.e. when the 2018-05-05 patch level is released, it should be on at least 2018-04-05. Some devices would need more lenience if they take 2 months for non-AOSP fixes which is expected to be the case for some devices (i.e. enforcing 2018-04-01 patch level instead). The reality is that many don't get proper monthly security updates so non-Pixels may need a more conservative default like 3+ months. As long as it only warns once or twice, it should be okay.
It could eventually support other kinds of alerts like sending a Signal message.
By default, we'll use the same kind of information as the Auditor app, i.e. nothing sensitive like identifiers persisting past the Auditor app being uninstalled or having data cleared. It would make sense to offer the option of sending persistent identifiers for enterprise use though, and GrapheneOS might be able to use ID attestation if it bundles the app to actually have devices prove their IMEI / serialno. Can't see a reason anyone would want that for personal use though so perhaps it should only be exposed when using the Auditor app with our planned device manager. It's unclear how closely they should be paired together.