Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: A new open-source browser with Android TEE based enforcement for agents (github.com/wootzapp)
1 point by sandGorgon 25 days ago | hide | past | favorite
So we contributed our Android TEE based browser enforcement to the community.

the PR is here - https://github.com/wootzapp/wootz-browser/pull/373.

I’ve been deep in the weeds on our browser, and we just merged something that felt worth sharing with this community.

We got Android’s hardware keystore (TEE / StrongBox) working end-to-end so that client certificates are truly non-exportable. The device generates the key inside the secure enclave, we enroll it, issue a device identity cert, and from then on the browser can only present that cert for mTLS handshakes. No chance of stealing or exporting the private key.

The idea is simple: if you want to enforce zero-trust access at the browser level, you need strong device identity. Passwords and tokens leak, but hardware-backed certs with attestation give you a much higher bar. We had to solve for Android quirks, avoid the trap of server-supplied keys, and make sure auto-selection doesn’t leak certs to the wrong sites.

It’s live in our Wootz.app browser



Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: