GrapheneOS [Unofficial]

1712 readers
2 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
101
 
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024072800-redfin (Pixel 4a (5G), Pixel 5)
  • 2024072800 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024071600 release:

  • avoid isolating eUICC LPA (eSIM activation) app from third party apps to allow carrier activation apps to work (we still block communication with Google Play to avoid sending telemetry data to Google services when sandboxed Google Play is installed)
  • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device)
  • Settings: don't allow disabling user installed apps when uninstall is disallowed
  • Settings: drop code for supporting the legacy Settings UI
  • Sandboxed Google Play compatibility layer: avoid infinite wait for GmsCompatConfig update when call to App Store fails
  • enforce stack clash protection for x86_64
  • enforce minimum 64kiB stack guard size for arm64 due to the standard stack probe size of 64kiB
  • future proof our Bionic libc changes for dynamic 64k pages (hardened_malloc still doesn't support it)
  • flash-all: remove unnecessary reboot after flashing Android Verified Boot (AVB) key
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.222
  • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.163
  • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.92
  • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.42
  • adevtool: update to latest carrier settings
  • App Store: update to version 24
  • Camera: update to version 69
  • Camera: update to version 70
  • Camera: update to version 71
  • Auditor: update to version 81
  • Auditor: update to version 82
  • Vanadium: update to version 127.0.6533.64.0
  • Vanadium: update to version 127.0.6533.64.1
  • GmsCompatConfig: update to version 124
  • GmsCompatConfig: update to version 125
  • fastboot: add support for generating web installer optimized factory images zip for an improved web install approach not requiring fastbootd
  • integrate generating web installation optimized factory images zip into release signing script
  • split script/release.sh to remove dependency on build output and the OS source tree (see the new instructions for signing releases)
  • rename script/release.sh to script/generate-release.sh
  • add script/generate-releases.sh wrapper script
102
 
 

Changes in version 125:

  • update max supported version of Play Store to 42.0

A full list of changes from the previous release (version 124) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

103
 
 

Notable changes in version 82:

  • update minimum Android version in introduction to 12
  • raise minimum OS version for verification to 12
  • raise minimum patch level for verification to 2021-10-05
  • drop support for device models without Android 12

A full list of changes from the previous release (version 81) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

104
 
 

Changes in version 127.0.6533.64.1:

  • enable per-site isolation for sandboxed iframes instead of per-origin isolation
  • avoid rare uncaught exception from attempting to load content filters from the Vanadium Config app when native code isn't loaded yet

A full list of changes from the previous release (version 127.0.6533.64.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

105
 
 

Notable changes in version 81:

  • add dedicated error message explaining how to work around an attestation failure occurring after a system_server crash by rebooting the device
  • reword error message for an invalid number of Auditor app signing keys reported by the attestation data
  • add more info to error messages for package info
  • raise minimum supported Android version to 12 (API level 31) based on it being the oldest release with security support
  • update CameraX library to 1.3.4
  • update Guava library to 33.2.1
  • update AndroidX AppCompat library to 1.7.0
  • update Android Gradle plugin to 8.5.1
  • update Android NDK to 26.3.11579264
  • update Android build tools to 35.0.0
  • update Gradle to 8.9

A full list of changes from the previous release (version 80) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

106
 
 

Chromium has merged the WebAssembly interpreter submitted by a Microsoft Edge engineer:

https://chromium-review.googlesource.com/c/v8/v8/+/5509903

Once this reaches a Chromium stable release, Vanadium will support WebAssembly by default instead of requiring turning on JS JIT via drop-down site settings.

Chromium has a V8 Optimizer toggle for disabling the 2 optimized tiers of the Just-In-Time (JIT) compiler to greatly reduce attack surface. However, it doesn't disable baseline JIT and therefore still does dynamic native code generation. They did this to avoid breaking Wasm.

In Vanadium, our JIT toggle fully disables the JIT and therefore currently loses Wasm support. An increasing number of sites are depending on Wasm with no fallback to JavaScript. Most of these sites perform perfectly fine with only the fast V8 interpreter and no JIT compilation.

Vanadium has JIT compilation disabled by default as part of the security focus. This Wasm interpreter will be a nice usability improvement for sites depending on it with no fallback code since users won't need to toggle on the JIT compiler for the site unless it performs badly.

107
 
 

Changes in version 127.0.6533.64.0:

  • update to Chromium 127.0.6533.64
  • enable visited link partitioning

A full list of changes from the previous release (version 126.0.6478.186.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

108
 
 

Notable changes in version 71:

  • only allow toggling include audio while recording when it was initially enabled, since CameraX doesn't currently support enabling it if it didn't start out enabled

A full list of changes from the previous release (version 70) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

109
 
 

Notable changes in version 70:

  • downgrade Android Gradle plugin from 8.5.1 to 8.5.0 to work around a CameraX extensions library minification issue

A full list of changes from the previous release (version 69) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

110
 
 

Notable changes in version 69:

  • add support for saving video as previewed for portrait mode (mirror mode)
  • avoid in-app gallery resetting to first image on configuration changes such as rotation
  • add double-tap to zoom for the in-app gallery
  • add support for for toggling audio while video recording is ongoing
  • change rendering approach for the QR scanning overlay for improved compatibility
  • migrate to official CameraX APIs for EIS
  • update CameraX to 1.4.0-beta02
  • update AndroidX Core to 1.13.1
  • update AndroidX AppCompat library to 1.7.0
  • update Material Components library to 1.12.0
  • update Android Gradle plugin to 8.5.1
  • update Android NDK to 26.3.11579264
  • update Android build tools to 35.0.0
  • update Gradle to 8.9
  • update Kotlin to 2.0.0

A full list of changes from the previous release (version 68) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS app repository and on GitHub. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

111
 
 

Changes in version 124:

  • update max supported version of Play Store to 41.9

A full list of changes from the previous release (version 123) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

112
 
 

Here's the Cellebrite Premium 7.69.5 iOS Support Matrix from July 2024.

404media recently published an article based on the same April 2024 docs we received in April and published in May. Many tech news sites including 9to5Mac made incorrect assumptions treating that as current.

Here's the Cellebrite Premium 7.69.5 Android Support Matrix from July 2024 for Pixels. They're still unable to exploit locked GrapheneOS devices unless they're missing patches from 2022. A locked GrapheneOS device also automatically gets back to BFU from AFU after 18h by default.

GrapheneOS is defending against these tools with generic exploit protections rather than by patching specific vulnerabilities. Until recently, it's likely that it was our generic memory corruption exploit mitigations including hardened_malloc which was successfully stopping this.

In February 2024, we added a new feature for disabling the USB-C port at a hardware level. In March 2024, we set the default mode to "Charging-only when locked, except before first unlock". In June 2024, we increased the default security level to "Charging-only when locked".

Later in June 2024, we extended our software-level USB protection, merged it into the newer hardware-level protection feature and extended the hardware-level protection to pogo pins on the Pixel Tablet. There's extremely strong protection against these USB-based attacks now.

Here's the Cellebrite Premium 7.69.5 Android Support Matrix from July 2024 for overall Android devices. Other than the Titan M2 on the Pixel 6 and later not being successfully yet to bypass brute force protection, it's largely just based on what they've had time to support.

In January 2024, we reported several vulnerabilities being exploited by the XRY tool from MSAB to get data from Android devices including stock OS Pixels. In April 2024, Pixels shipped a reset attack mitigation we proposed preventing the whole attack vector. We plan to expand it.

Currently, non-Pixel devices are still vulnerable to these reset attacks. In June 2024, Android 14 QPR3 included another feature we proposed providing wipe-without-reboot support for the device admin wipe API. We shipped this early and use it in our duress PIN/password feature.

We also began triggering a full compacting garbage collection cycle in system_server and SystemUI when the device is locked based on info about these attacks. This releases memory for no longer allocated objects to the OS, where our generic zero-on-free feature clears all of it.

In the near future, we plan to ship support for adding a PIN as a 2nd factor to fingerprint unlock to enable users to use a strong passphrase combined with PIN+fingerprint secondary unlock for convenience. We have an initial implementation, but it needs more work before shipping.

We're going to continue advancing the state of the art for protection against exploitation. Hardware vendors are welcome to collaborate with us if they want to protect users. We're regularly filing vulnerability reports and making suggestions to improve the security of Pixels.

Glossary:

BFU: Before First Unlock exploitation of OSBF: Brute Force password after BFU exploitation, which requires bypassing secure element brute force protection if implementedAFU: After First Unlock exploitation of OSFFS: Full Filesystem Extraction from an unlocked device

BF capability does not bypass hardware-bound key derivation, so a brute force is still rate limited but no longer has an extremely small number of attempts. Cellebrite Advanced Services may be able to bypass this through extracting data from hardware, but it would be difficult.

BF implies ability to bypass random 6 digit PINs. It does not imply ability to bypass a decent passphrase where hardware-bound key derivation slows them down too much. A truly strong passphrase is safe even if they bypass hardware-bound key derivation and use a huge server farm.

113
 
 

Cellebrite Premium documentation we published in May and which recently received a lot of media coverage was from April 2024. Someone has shared a newer version of the iOS table indicating Cellebrite caught up to iOS 17.5.1 or higher along with the iPhone 15 for the OS exploits.

It's common for them to fall behind by a few months for new iOS and Android versions. Android and iOS have no secure way to automatically get devices back into Before First Unlock from After First Unlock as GrapheneOS does so attackers can simply wait until they have an exploit.

We're currently waiting for one of our several sources to provide us with the new Android and iOS documentation. We aren't going to post the leaked iOS table in this thread because we can't confirm that it's authentic yet. We should have the new documentation quite soon though.

It's unfortunate that there was a whole bunch of secondary news coverage where it was misreported that Cellebrite was unable to exploit current iOS based on documentation from April 2024. It's July 2024 now, and they've had months to restore the capabilities broken by an update.

114
 
 

GrapheneOS App Store now includes a mirror of Accrescent, which is a privacy and security focused alternative to the Play Store distributing developer builds of apps:

https://accrescent.app/

Accrescent comes from within the GrapheneOS community and we're collaborating together.

Accrescent is in alpha and isn't yet open to any developers uploading their apps. It will have a lot more apps available in the future. It will become a full alternative to Play Store permitting closed source apps too, but you'll be able to filter to show only open source apps.

Lead dev of Accrescent is a GrapheneOS user and contributor. It'll be a good place to publish apps for GrapheneOS users. AppVerifier, BeauTyXT and Transcribro are from the same person who wrote our Info app. Molly is a security-focused fork of Signal from another GrapheneOS user.

AppVerifier was based on a planned GrapheneOS feature for users to verify APK files based on their key fingerprint. The feature is currently stalled since relying on the clipboard isn't ideal. For now, users can use AppVerifier from Accrescent until we ship a built-in approach.

We'll be delegating distributing developer builds of apps signed by the developers to Accrescent rather than doing it in ourselves. Our App Store will be focused on our own apps and eventually hardened, rebranded builds of important third party apps widely used by our community.

115
 
 

Changes in version 126.0.6478.186.0:

  • update to Chromium 126.0.6478.186
  • reimplement reading content filtering rules from config app to avoid upstream memory corruption bug caught by hardware memory tagging

A full list of changes from the previous release (version 126.0.6478.122.3) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

116
 
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024071600-redfin (Pixel 4a (5G), Pixel 5)
  • 2024071600 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024071200 release:

  • fix touch-to-unlock setting on devices with a power button fingerprint scanner (Pixel Fold, Pixel Tablet) which is normally always active with AOSP
  • avoid race for setting USB port mode when the lock method is set to none (lockscreen disabled)
  • Pixel Tablet: add non-standard toggle for enabling touchscreen frequency hopping to reduce ghost touches for users with problematic touchscreen hardware
  • kernel (5.10, 5.15): revert a USB change backported to kernel.org LTS that's causing DisplayPort alternate mode compatibility issues
  • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device)
  • backport mainline APEX module patches for Media Provider, Network Stack, Remote Key Provisioning and Wi-Fi
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.219
  • kernel (5.15): update to latest GKI LTS branch revision
  • kernel (6.1): update to latest GKI LTS branch revision
  • GmsCompatConfig: update to version 123
117
 
 

Changes in version 123:

  • update max supported version of Play services to 24.28
  • update max supported version of Play Store to 41.8
  • update Gradle to 8.9
  • update Android Gradle plugin to 8.5.1

A full list of changes from the previous release (version 122) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

118
 
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024071200-redfin (Pixel 4a (5G), Pixel 5)
  • 2024071200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024070900 release:

  • kernel (Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a): temporarily revert disabling 32-bit ABI support due to rare cases of apps using a buggy anti-tampering library incorrectly calling 32-bit versions of system calls from 64-bit code even on devices with no 32-bit support in hardware
  • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.160
  • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.38
  • TalkBack (screen reader): update dependencies
  • TalkBack (screen reader): remove more unused resources
  • TalkBack (screen reader): drop 32-bit OS support
119
 
 

Certain banking apps use a buggy anti-tampering library which was broken by a security improvement in the most recent GrapheneOS release. It wasn't reported during 2 days of Alpha/Beta testing. We've paused rolling it out to the Stable channel and we're working on resolving it.

Compatibility issue is caused by these apps having hand-written 64-bit ARM assembly code that's making system calls with the 32-bit ARM compatibility layer even on devices unable to run 32-bit ARM code at a CPU level. They depend on a quirk of how 32-bit ARM compatibility works.

Unfortunately, it means we need to temporarily revert the removal of the kernel's 32-bit compatibility layer on devices without 32-bit support. Banking apps are holding back security with their anti-tampering libraries. They do this to make it harder to audit their insecure apps.

120
 
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024070900-redfin (Pixel 4a (5G), Pixel 5)
  • 2024070900 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024070201 release:

  • Settings: extend standard fingerprint enrollment stages with proper support for devices with power button fingerprint scanners (Pixel Fold, Pixel Tablet) which is not present in AOSP (Pixel Fold was still usable, but it had become incredibly hard to successfully register new fingerprints on the Pixel Tablet)
  • improve warning for 32-bit-only apps by explaining why the warning is shown, how to resolve it for apps that are still developed and that we plan to phase out support for it on 5th/6th generation Pixels where it's still available
  • show warning for 32-bit-only apps on each launch instead of only once
  • kernel (Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a): disable 32-bit ABI support to substantially decrease kernel size and attack surface and raise mmap_min_addr to the standard 65536 for 64-bit-only ARM
  • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.158
  • adevtool: update file removal for 8th gen Pixels to skip Family Space related files
  • GmsCompatConfig: update to version 122
  • Vanadium: update to version 126.0.6478.122.3
121
 
 

Changes in version 126.0.6478.122.3:

  • switch to using API 35 (Android 15) SDK and build tools
  • set target API level to 35 (Android 15) to support providing the WebView on Android 15
  • add support for newer protobuf versions
  • switch to 64-bit-only builds for x86_64 since the only supported x86_64 build targets for GrapheneOS are 64-bit-only

A full list of changes from the previous release (version 126.0.6478.122.2) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

122
 
 

Changes in version 122:

  • update max supported version of Play services to 24.26
  • update max supported version of Play Store to 41.7

A full list of changes from the previous release (version 121) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

123
 
 

Phasing out 32-bit-only app support for older devices too:

We're planning on phasing out support for 32-bit apps on 5th/6th generation Pixels where they're still supported. They were already phased out by Android for 7th generation Pixels and later, and by ARM for 2nd generation ARMv9 Cortex cores onwards.

Since 7th/8th generation Pixel users are doing fine without them, we want to bring the improved security to users on 6th generation Pixels which still have a lot of support ahead of them. It will also save a significant amount of build time and bandwidth, particularly when we can move to 64-bit-only builds of Vanadium.

The main benefit is dropping all the 32-bit ABI support from the kernel including a bunch of awful legacy cruft for emulating legacy ARM features no longer supported by hardware.

The next release will add a clear warning to each launch of 32-bit-only apps. In nearly all cases, people just need to switch to proper builds of apps which aren't 32-bit-only such as the ones distributed by certain 3rd party mirror sites where users accidentally ended up on 32-bit-only builds.

It hasn't been possible to install 32-bit-only apps from the Play Store on 64-bit-capable devices since August 2021 and they blocked uploading either new apps or app updates without 64-bit support since August 2019.

Discussion:

https://discuss.grapheneos.org/d/14004-phasing-out-32-bit-only-app-support-for-older-devices-too

124
 
 

Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and Pixel 5 receiving extended support releases from GrapheneOS will need to be ported to it with additional work in a future release, which is done as a low priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024070201 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024070200 release:

  • full 2024-07-05 security patch level
  • rebased onto AP2A.240705.005 Android Open Source Project release
  • avoid skipping toggling USB port after unlock in certain edge cases to make sure devices connected while locked are always detected when unlocking
  • fix upstream bug causing first party app stores using the package install dialog to be blocked when the user isn't allowed to install apps from third party sources
  • fix notification suppression check in currently unused code to prepare for our per-app clipboard toggle
  • adevtool: download and use latest Pixel carrier settings from the API for use by our CarrierConfig2 app instead of using the snapshot included in the latest Pixel stock OS release since it lags months behind
  • Settings: fully fix regression permitting disabling apps when it shouldn't be allowed due to device manager policy
  • Sandboxed Google Play compatibility layer: stub out reads of hidden system settings in Google's speech services app to avoid uncaught security exceptions
  • Sandboxed Google Play compatibility layer: don't allow the Play Store to abort pending package installation to avoid it cancelling install/update attempts after 10 minutes of waiting for requested user approval it hasn't been designed to handle
  • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.218
  • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.155
  • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.36
125
 
 

This is an early July security update release based on the July 2024 security patch backports. This month's release of the Android Open Source Project and stock Pixel OS will be available later today and we'll quickly release an update based on it following this one.

Since Android 14 QPR3 is a major release, the end-of-life Pixel 4a (5G) and Pixel 5 receiving extended support releases from GrapheneOS will need to be ported to it with additional work in a future release, which is done as a low priority. Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024070200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024062700 release:

view more: ‹ prev next ›