this post was submitted on 20 Sep 2024
20 points (100.0% liked)

GrapheneOS [Unofficial]

1712 readers
2 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

Our latest release blocked a class of VPN leaks via multicast packets discovered by our community. Unfortunately, end-of-life Pixel 4a (5G), Pixel 5 and Pixel 5a have an upstream kernel bug that's causing it to break compatibility with IPv6-only carriers. We're dealing with it.

We're hardly getting any testing feedback for the end-of-life devices which led to this issue slipping into the Stable channel. Our extended support for 5th gen devices will become legacy extended support after Android 15 meaning they won't get these kinds of changes anymore.

Our extended support releases have only ever been planned for the legacy Pixel 5a and earlier with less than 5 years of support from launch. We provide extended support until the first yearly release not supporting them and then switch to a legacy extended support branch.

We likely should have only provided legacy extended support releases via a legacy branch as soon as devices were end-of-life. Extended support encourages people to stick with insecure end-of-life devices and lead to regressions like this but we caught previous ones before Stable.

We're providing one final extended support release for 5th generation Pixels reverting these changes and then they're becoming legacy extended support. This would have happened in October with the stable release of Android 15 regardless, so it makes very little difference.

Separately from this, our multicast leak prevention is causing minor app compatibility issues due to apps trying to use multicast when a VPN is enabled with leak blocking and then not catching the SecurityException which the low-level EPERM error is being converted into for them.

We'll be making a release today reverting our multicast leak prevention for all devices and will begin work fixing the minor app compatibility issues to ship it again.

5th gen will be switched to legacy extended support a few weeks early to work around the old Linux kernel bugs.

Main app compatibility issue is with the DuckDuckGo app's "App Tracking Prevention" feature based on a VPN service. If you use that feature and upgraded to our cancelled 2024091700 release, that's the issue you're having. Likely an app bug, but we'll make sure it works next time.

There may also be compatibility issues with IPv6-only Wi-Fi networks. We're working on resolving this too. We were treating this as security patches and unfortunately we didn't get any reports of any app or network compatibility issues during the 20 hours of public Beta testing.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 month ago

Lol, so yesterday, using ProtonVPN did work without issues on my Pixel 5