GrapheneOS [Unofficial]

Changes in version 128.0.6613.99.0:

• update to Chromium 128.0.6613.99
• backport upstream implementation of enforcing blob URL partitioning
• enforce dynamic code execution restrictions with seccomp-bpf when JIT is disabled (prevent creating executable anonymous mappings, writable and executable file mappings or marking a non-executable mapping executable)
• explicitly declare queries to Vanadium Config package for both the WebView and browser

A full list of changes from the previous release (version 128.0.6613.88.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 133:

• update max supported version of Play services to 24.34

A full list of changes from the previous release (version 132) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Our 5th release for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is available. Main improvement is replacing Linux 6.1.75 with latest GKI LTS (6.1.95). Remaining gap should go away soon. Pixel Thermometer is now supported for 9 Pro / 9 Pro XL and can be installed via our App Store.

Pixel Thermometer is also supported on the Pixel 8 Pro now too. 9th gen Pixel users are getting it early since we needed another early release to port them to our standard 6.1 GKI LTS branch. With the next official release, 9th gen Pixel should be on the regular release cycle.

Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.

Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger.

Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.

A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/.

The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.

Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.

Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE.

Apps like Signal and SimpleX can't access messages, media and profiles. Telegram has access to all content in private group chats and regular private messages unless people used a secret chat. They can automatically scan it, moderate and provide data to authorities based on it.

Telegram chose to have the technical capability to see all private group chats and regular direct messages. In doing so, they put private user data at risk of seizure by governments. The scramble to try to delete data shows lack of basic threat modelling:

https://x.com/sambendett/status/1827712700299821277

Even Facebook's WhatsApp uses end-to-end encrypted direct messages and group chats and WhatsApp is clearly not a private messaging app. It's not a niche feature. Telegram shouldn't have been heavily marketed as private/encrypted when most user data can be handed to governments.

GrapheneOS support for the Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL is now available via our official site in addition to our staging site.

https://grapheneos.org/install/web

Most users don't have any issues. 2 people reported an occasional Wi-Fi connectivity issue not happening for others.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024080600-redfin (Pixel 4a (5G), Pixel 5)
• 2024080600 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024080500 release:

• full 2024-08-05 security patch level
• rebased onto AP2A.240805.005 Android Open Source Project release
• adevtool: update dependencies
• adevtool: improve code quality
• adevtool: use fastboot packs to extract firmware images to avoid the need to download over-the-air updates, which also removes the dependency on python and python-protobuf for extracting vendor files
• kernel (6.6): update to latest GKI LTS branch revision
• Vanadium: update to version 127.0.6533.103.0
• Camera: update to version 74

Notable changes in version 74:

• only try to enable preview stabilization as part of enabling video stabilization when it's marked as supported by the device to address compatibility issues
• update Kotlin to 2.0.10

A full list of changes from the previous release (version 73) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Changes in version 127.0.6533.103.0:

• update to Chromium 127.0.6533.103.0
• enable -fstack-clash-protection on arm64 with the standard 64kiB stack probes since GrapheneOS raises the secondary stack guard size to 64kiB and Vanadium only currently supports GrapheneOS (AOSP should do this too, but it's not our problem)
• use 64-bit toolchain for generating resource allowlist

A full list of changes from the previous release (version 127.0.6533.84.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

https://arstechnica.com/tech-policy/2024/08/google-loses-dojs-big-monopoly-trial-over-search-business/

Action is still urgently needed to address the highly anti-competitive Google Mobiles Services licensing system and the Play Integrity API which are a major part of Google maintaining their monopolies over search and many parts of the mobile market.

We recently published a detailed thread about this here:

https://grapheneos.social/@GrapheneOS/112878067304840664

We're in contact with the regulators in MULTIPLE countries about this. Don't fall for Google pretending Play Integrity API is security related or that their licensing system is about compatibility.

Android and Chromium would massively benefit from proper collaboration between stakeholders without Google's business model getting in the way. Should be forced to deal with both following the model of the LLVM Foundation and also spin off Google Play into an independent company.

Google is actively cracking down on competition in the mobile space by convincing app developers to use their Play Integrity API. Play Integrity API bans using operating systems not licensing Google's apps/services and agreeing to highly restrictive and anti-competitive terms.

Google's licensing agreement directly bans OEMs from working with GrapheneOS and producing phones with it. Google sabotages their own products such as the Play Store to boost core monopolies. If it was a competitive market, they'd want their apps and services available to any OS.

GrapheneOS has demonstrated Google Play works well as regular sandboxed apps without any special integration into the OS via our sandboxed Google Play feature. Google should be forced to spin off Google Play into an independent company competing with other app stores / services.

Windows 11 recently included a basic fastboot driver, removing the need for Windows users to install a fastboot driver to install GrapheneOS.

Our new web installer takes advantage of this and we've now updated the instructions for up-to-date Windows 11:

https://grapheneos.org/install/web#connecting-device

This is one of the benefits of our new web installer. New install process is also quicker and more efficient, reducing the memory and storage requirements below what's currently documented as required. We also overhauled CLI install to do it the same way, which speeds it up too.

Edge supports our web installer, so Windows users can simply use the default browser similar to using Android or ChromeOS. Apple refuses to support WebUSB so macOS users need a non-default browser. Non-ChromeOS desktop Linux still needs udev rules due to handling USB incorrectly.

This is an early August security update release based on the August 2024 security patch backports. This month's release of the Android Open Source Project and stock Pixel OS should be available later today or tomorrow and we'll quickly release an update based on it following this one.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024080500-redfin (Pixel 4a (5G), Pixel 5)
• 2024080500 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024080200 release:

• full 2024-08-01 security patch level
• suppress crash notifications for 2 harmless crashes occuring on service shutdown for the Android Bluetooth service and Pixel wifi_ext service
• enable memory tagging for the Pixel wifi_ext service again
• Settings: disable predictive back gesture in PIN/password input activities to fix an upstream Android vulnerability
• flash-all: remove unnecessary sleep after flashing AVB key
• flash-all: exit on errors
• flash-all.sh: avoid false negative for device model check
• flash-all.bat: pause before exiting after an error
• fastboot: add support for CLI install with the GrapheneOS optimized factory images format already used by the web installer (will reduce memory/storage usage for CLI installs and will reduce storage usage on the update servers by avoiding multiple factory image formats)
• hardened_malloc: update libdivide to 5.1
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.43

Our latest release with prevention for most VPN app DNS leaks is currently available in our Alpha and Beta channels:

https://grapheneos.social/@GrapheneOS/112896412987587996

We need more feedback from testing VPN apps and services with leak blocking toggled on, which GrapheneOS already enables by default.

This new temporary approach should be compatible with any normal VPN apps and services. Only VPN apps which don't provide DNS and depend on sending all DNS requests to the local network will be incompatible but it doesn't really make much sense to support leak blocking for those.

We still want to ship our previous stricter approach, but it causes issues establishing the initial VPN connection with Proton VPN for certain users. This is either an app bug or an OS bug triggered by certain apps. We want to resolve that to ship our stricter approach from May.

The best place to give feedback on releases that are still in the Alpha and Beta channels is our Alpha/Beta testing chat room. You can choose between Discord, Telegram or Matrix and can talk with the users in the room on other platforms from each of them:

https://grapheneos.org/contact#community-chat

Our current approach to DNS leak blocking appears to work well without breaking compatibility.

We've made progress towards fixing a related issue for some VPN apps where rare connections are made to VPN DNS outside of the tunnel.

We can hopefully ship stricter enforcement soon.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024080200-redfin (Pixel 4a (5G), Pixel 5)
• 2024080200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024080100 release:

• prevent VPN apps from having leaks to non-VPN DNS servers while not yet strictly preventing leaks to VPN DNS outside the VPN tunnel due to multiple VPN apps including Proton VPN not connecting reliably with stricter enforcement (in a future release, we can do strict blocking by default with an opt-out toggle and a list of known incompatible apps such as Proton VPN until the compatibility issue is resolved)
• GmsCompatConfig: update to version 126
• GmsCompatConfig: update to version 127
• Camera: update to version 73

Notable changes in version 73:

• enable mirroring images and videos from the front camera by default for fresh installs to match the preview
• avoid trying to use extension modes with unsupported cameras on devices only supporting them with specific cameras to avoid crashes

A full list of changes from the previous release (version 72) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Changes in version 127:

• update max supported version of Play Store to 42.1

A full list of changes from the previous release (version 126) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

We've become aware of another company selling devices with GrapheneOS while spreading harmful misinformation about it to promote insecure products. We're making our usual attempt at resolving things privately. However, we need to quickly address what has been claimed regardless.

Downloading and installing an app followed by entering sensitive data into it or granting it powerful permissions isn't a vulnerability/exploit. Accessibility service access can't be directly requested but rather has to be granted via Settings app in the accessibility section.

Accessibility service access is extremely powerful and essentially gives the same control available to the user to the app. This is explained with clear warnings. It's also not possible to enable it for an app not installed from a modern app store without an extra hidden menu.

Apps not installed through a modern app store have extremely dangerous settings including accessibility service access restricted. Users have to navigate to a semi-hidden menu to enable this. UI doesn't explain how to do it. It's a higher barrier than simply phishing info, etc.

Accessibility services are required by many users and the feature can't simply be removed. It's possible to disable this and other dangerous features for end users via a device management app. This is the right approach if you have a userbase you want to protect from themselves.

If you purchase a device with GrapheneOS, we strongly recommend booting it into recovery and wiping data before using it. Next, verify it's running genuine GrapheneOS:

https://grapheneos.org/install/web#verifying-installation

Due to complete verified boot, wiping provides the same assurance as a fresh install.

Our web installer is very easy to use. If you're able to use a web browser and follow basic instructions, you have the skill set required to install it:

https://grapheneos.org/install/web

However, if you do buy a device with GrapheneOS, you can verify it's the real deal without malware.

Simply going to a mainstream local business and purchasing a device to install GrapheneOS is the most secure way to obtain a device.

Consider the risk of buying a device from a company marketing to cryptocurrency users, and at least follow our wiping and verification advice.

Purchasing a device with malware installed is something we defend against. We provide a way to block this through verified boot and the verification process recommended on the site. Can't prevent something like replacing battery with one including a standalone tracking device...

We're going to be making another attempt at shipping DNS leak prevention for third party VPN apps. The last attempt resolved a lot of the compatibility issues with the previous approach, so we've made some progress. We don't what's wrong with Proton VPN and certain other apps.

This release is only for the Alpha channel to replace the previous release.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024080100-redfin (Pixel 4a (5G), Pixel 5)
• 2024080100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024073100 release:

• revert VPN DNS leak protection again since it's still partially incompatible with Proton VPN and certain other apps for unknown reasons, although we did avoid a lot of the compatibility issues from last time

We're included a less strict variation of our previous VPN DNS leak prevention for third party VPN apps. The new approach only aims to prevent leaks in apps handling DNS configuration correctly. It should avoid causing the compatibility issues which blocked us shipping it before.

We shipped a stricter approach in our 2024050900 release but compatibility issues were reporting during Beta testing so it didn't reach the Stable channel. It was reverted in 2024051500. Proton VPN may now be compatible with it but not all apps will be so we can't be that strict.

The hardest part of shipping privacy and security improvements is often fully preserving compatibility with the massive number of Android apps. We try to avoid needing toggles to work around compatibility issues, but we make an exception for apps with memory corruption bugs.

Our changes to this resolved most of the compatibility issues with obscure VPN apps. However, Proton VPN is still partially incompatible and doesn't work properly for all users with this leak blocking in place. We aren't sure how to move forward yet. Other apps are compatible.

This release was only pushed out to the Alpha channel.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024073100-redfin (Pixel 4a (5G), Pixel 5)
• 2024073100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024072800 release:

• add back our change to prevent app-based VPN implementations from leaking DNS requests when the VPN is down/connecting but without enforcement for VPN apps without DNS configured to avoid breaking compatibility in rare cases (our previous implementation in 2024050900 had to be reverted before it reached Stable)
• kernel (6.6): update to latest GKI LTS branch revision
• Camera: update to version 72
• Vanadium: update to version 127.0.6533.84.0

Changes in version 126:

• add stub for BluetoothLeAdvertiser.startAdvertisingSet()

A full list of changes from the previous release (version 125) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

The article unfortunately leaves out most of the points we made in the thread.

GrapheneOS supports hardware-based attestation and it's entirely possible for Google to allow it as part of the Play Integrity API. They choose to ban using GrapheneOS.

Play Integrity API has no minimum security patch level and nearly all these apps use weak software-based checks that are easily bypassed by attackers. The hardware-based checks rely on trusting every key distributed to every certified Android device, which are often leaked.

Hardware-based attestation can be used for security purposes such as verifying device integrity with a pinning-based approach without the weakness of being vulnerable to leaked keys from the whole Android ecosystem since specific per-app keys in the secure element can be pinned.

Play Integrity API is claimed to be based on devices complying with the Compatibility Test Suite and Compatibility Definition Document. We have irrefutable proof that the majority of certified Android devices do not comply with the CTS/CDD. Play Integrity API is based on lies.

Essentially every non-Pixel device has important CTS failures not caused by CTS bugs. OEMs are cheating to obtain certification. Google claims GrapheneOS can't be permitted because we don't have a certification where they freely allow cheating and don't ban non-compliant devices.

Since Play Integrity doesn't even have a minimum security patch level, it permits a device with multiple years of missing patches. Hardware attestation was required on all devices launched with Android 8 or later, but they don't enforce it to permit non-compliant devices.

The reality is that the Play Integrity API permits devices from companies partnered with Google with privileged Google Play integration when they're running the stock OS. It's easy to bypass, but they'll make changes to block it being done at scale long term such as if we did it.

It does not matter if these devices have years of missing security patches. It doesn't matter if the companies skipped or improperly implemented mandatory security features despite that being required by CDD compliance. Failing even very important CTS tests doesn't matter either.

Google can either permit GrapheneOS in the Play Integrity API in the near future via the approach documented at https://grapheneos.org/articles/attestation-compatibility-guide or we'll be taking legal action against them and their partners. We've started the process of talking to regulators and they're interested.

We're not going to give Google veto power over what we're allowed to do in GrapheneOS. We comply with CTS and CDD except when it limits our ability to provide our users with privacy and security. Google wants to be in charge of which privacy/security features can be added. Nope.

Google's behavior in the mobile space is highly anti-competitive. Google should be forbidden from including Google Mobile Services with privileged access unavailable to regular apps and services. GrapheneOS sandboxed Google Play proves that hardly anything even needs to change.

Google should also be forbidden from participating in blocking using alternate hardware/firmware/software. They've abused their market position to reinforce their monopolies. They've used security as an excuse despite what they're doing having no relevance to it and REDUCING it.

Google is forbidding people from using a growing number of apps and services on an objectively far more private and secure OS that's holding up much better against multiple commercial exploit developers:

https://grapheneos.social/@GrapheneOS/112826067364945164

They're holding back security, not protecting it.

We've put a lot of effort into collaborating with Google to improve privacy and security for all Android users. Their business team has repeatedly vetoed even considering giving us partner access. They rolled back us being granted security partner access by the security team.

As with how they handle giving out partner access, the Play Integrity API serves the interests of Google's business model. They have no valid excuse for not allowing GrapheneOS to pass device and strong integrity. If app developers want to ban it, they can still do it themselves.

After our security partner access was revoked, we stopped most of our work on improving Android security. We continued reporting vulnerabilities upstream. However, we're going to stop reporting most vulnerabilities until GrapheneOS is no longer blocked by the Play Integrity API.

This year, we reported multiple serious vulnerabilities to Android used by widely used commercial exploit tools:

https://source.android.com/docs/security/overview/acknowledgements

If Google wants more of that in the future, they can use hardware attestation to permit GrapheneOS for their device/strong integrity checks.

Authy's response about their usage of the Play Integrity API shows their service is highly insecure and depends on having client side validation. Play Integrity is thoroughly insecure and easily bypassed, so it's unfortunate that according to Authy their security depends on it.

If Authy insists on using it, they should use the standard Android hardware attestation API to permit using GrapheneOS too. It's easy to do:

https://grapheneos.org/articles/attestation-compatibility-guide

Banning 250k+ people with the most secure smartphones from using your app is anti-security, not pro-security.

It's very unfortunate when new apps adopt the Play Integrity API and stop working. Authy isn't a very good choice for 2FA but many people use it and it's a problem for us for a widely used app to be incompatible. A single widely used app losing compatibility is a big deal to us.

Our greatly improved web installer is now available through our official site:

https://grapheneos.org/install/web

For everything other than legacy extended support releases for 4th generation Pixels, it uses a new installation process. Main benefit is higher tolerance for bad USB support.

The new installation process uses our optimized factory images format. Main benefit is avoiding rebooting fastbootd mode, which will improve portability to systems with USB connectivity issues. It also greatly reduces memory/storage usage by streaming images from the zip.

It's hard to determine exactly how much memory and storage is required so we haven't adjusted the prerequisites section from 2GB free memory and 32GB free storage yet. It never needed anywhere close to 32GB but sites can only use a fraction of free storage via a complex formula.

Notable changes in version 72:

• use default CameraX camera selection to avoid compatibility issues with some multi-camera setups
• avoid video recording not working after audio permission change
• use CameraX to determine the video timer instead of a separate timer which can get slightly out of sync
• animate the start of video recording
• dynamically show/hide EIS settings based on current configuration

A full list of changes from the previous release (version 71) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

We've developed a new factory images format optimized for web installation which avoids the need for fastbootd mode and greatly reduces memory/storage usage. The new approach is compatible with 5th gen Pixels and later. It's deployed on our staging site:

https://staging.grapheneos.org/install/web

We'd appreciate help with testing the new web installer on our staging site. It should reduce issues caused by low quality USB connections/drivers by avoiding switching to a different mode. It should also eliminate the need to install a fastboot driver on up-to-date Windows 11.

We'll wait for feedback from people using it successfully across different operating systems and devices.

Sections for working around Debian, Ubuntu and Windows USB deficiencies should be unnecessary other than the legacy extended support devices so we'll likely remove those.