GRAPHENEOS IS HIRING

Are you an experienced AOSP developer?

Interested in working full time, fully remotely on GrapheneOS?

Can you hit the ground running?

https://grapheneos.org/hiring

Global opportunity paid via Wise (local bank transfers), BTC, ETH or XMR.

One of our two senior developers has been forcibly detained and conscripted to participate in a war. When they first went missing, we revoked their repository access as a precaution. We soon learned their disappearance was completely unrelated to GrapheneOS. Our priority has been keeping them safe.

We've used our available connections to try to keep them safe. There's no way to get them out of the conscription. However, they're an incredibly talented security researcher and engineer and it would be extraordinarily misguided to send them to front line combat. This seems to be understood now.

GrapheneOS development and updates have continued and will keep going. We have substantial funds available to hire more people to work on GrapheneOS. We'll need to hire multiple experienced developers to fill their big shoes. They'll hopefully be safe and when they return we'll have a bigger team.

If you're an experienced AOSP developer interested in working full time on GrapheneOS in a fully rem

Changes in version 135.0.7049.100.0:

• update to Chromium 135.0.7049.100

A full list of changes from the previous release (version 135.0.7049.79.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Our initial highly experimental release for the Pixel 9a is now available for both CLI and web install via https://staging.grapheneos.org/.

We've tested both install methods and did basic testing of functionality including Wi-Fi, camera, audio, etc. Feedback is needed from users now.

We've tested the over-the-air upgrade path for the Pixel 9a internally via a sample update with no changes. We usually only use these sample updates internally for testing the upgrade path of each release. However, for broader testing, we're releasing it through each channel now.

First update from the initial 2025041200 release to the new 2025041201 release has no changes beyond build date and build number. The incremental (delta) update package is only 158KiB despite it shipping the full new firmware and OS images. We tested a full update package too.

Basic functionality has been tested for a while along with the upgrade path via both our System Updater app and recov

The fingerprint reader issue introduced by Android 15 QPR2 in March 2025 has been resolved by the monthly Android update for April 2025. This issue caused the fingerprint reader to become unavailable after reboot for a small subset of users nearly entirely on the non-Pro Pixel 9.

Android 15 QPR2 is the 2nd quarterly release of Android 15 and was released on March 4th. Our initial release based on it was on March 5th:

https://grapheneos.org/releases#2025030500

Our users reported the issue during our public testing for this release but it was impractical for us to resolve.

On March 8th, we made our 3rd release based on Android 15 QPR2 (https://grapheneos.org/releases#2025030800). Prior to it reaching the Stable channel later that day, we posted [https://discuss.grapheneos.org/d/20636-workaround-for-android-15-qpr2-fingerprint-firmware-glitch-on-pixel-9](https://discuss.grapheneos.org/d/20636-w

We're working on completing GrapheneOS support for the Pixel 9a. If you have a Pixel 9a and are interested in testing experimental GrapheneOS builds later today, please join our testing chat room on either Discord or Matrix which are bridged together.

https://grapheneos.org/contact#community-chat

Tags:

• 2025041100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025040700 release:

• full 2025-04-05 security patch level
• rebased onto BP1A.250405.007.D1 Android Open Source Project release
• remove code for Qualcomm XTRA (PSDS) privacy improvements since we no longer have any devices with Qualcomm GNSS and we can add it back in the future if we need it again rather than porting it forward under the assumption we'll be using it
• fix upstream RecoverySystem.verifyPackage(...) vulnerability (this was not directly exploitable due to there being 2 layers of update package signature verification and downgrade protection, but the first layer of protection should work properly to avoid a vulnerability in the 2nd layer being

Porting GrapheneOS to the Pixel 9a is now well under way. Pixel 9a is still using Android 15 QPR1 rather than Android 15 QPR2. We had to create a special branch for it based on taking our final Android 15 QPR1 release (2025030300) and rebasing it onto the Pixel 9a release tags.

Android 15 QPR2, 2nd quarterly release of Android 15, was released March 2025. Since Android 14 QPR2, quarterly releases are based off the development branch with as many changes as yearly releases. Many changes are behind feature flags and yearly releases enable far more flags.

Pixel 8a launched in mid May 2024 still using Android 14 QPR1 instead of Android 14 QPR2 released in March 2024. The device branch for the Pixel 8a went away the next month when Android 14 QPR3 was released. This year's June release is Android 16 rather than Android 15 QPR3.

We've backported a subset of the changes since 2025030300 to our Pixel 9a device branch including an import sandboxed Google Play compatibility layer, a recent fi

Notable changes in version 28:

• add back JPEG 2000 image support unintentionally removed in PDF Viewer version 27 due to pdf.js splitting it out
• add JavaScript fallback for JPEG 2000 image support for when the WebView JIT is disabled
• improve CMYK to RGB conversion when the WebView JIT is enabled via ICC profile support provided by the pure Rust qcms library compiled to WebAssembly

A full list of changes from the previous release (version 27) is available through the Git commit log between the releases.

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to the network, files, content providers or any other data.

Content-Security-Policy is used to enforce that the JavaScript and styling properties within the WebView are entirely static content from the APK assets along with blocking custom f

Notable changes in version 27:

• update pdf.js library to 5.1.91
• raise minimum Chromium WebView version to 133 and use it as the build target
• add redundant setBlockNetworkLoads(true) for the WebView (this is already the default due to not having the INTERNET permission, but being more explicit about this is a good thing)
• update esbuild to 0.25.2
• update dependencies of npm dependencies
• update AndroidX Core KTX library to 1.16.0
• update Android Gradle plugin to 8.9.1
• update Kotlin to 2.1.20
• update Gradle to 8.13

A full list of changes from the previous release (version 26) is available through the Git commit log between the releases.

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to the network, files, content providers or any other data.

Content-Security-Policy is used t

Notable changes in version 88:

• add support for Pixel 9a with either the stock OS or GrapheneOS
• require TLSv1.3 instead of either TLSv1.2 or TLSv1.3
• drop legacy USE_FINGERPRINT permission since we dropped Android 9 support a while ago
• update Bouncy Castle library to 1.80
• update CameraX (AndroidX Camera) library to 1.4.2
• update AndroidX Core library to 1.16.0
• update Guava library to 33.4.7
• update Android NDK to 28.0.13004108
• update Android Gradle plugin to 8.9.1
• update Kotlin to 2.1.20
• update Gradle to 8.13
• minor improvements to code quality
• exclude unused OSGI manifests to avoid file conflicts

A full list of changes from the previous release (version 87) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the devic

Our 2025040700 release was an early April 2025 security update release based on the Android Security Bulletin backports.

April 2025 monthly release of Android 15 QPR2 is in the process of being published today and we'll make a new release after the tags are all pushed to AOSP.

Today is also the launch day for the Pixel 9a. The tags for the Pixel 9a should get pushed to AOSP after the monthly update is fully pushed.

Once that's pushed and we've released the April update of Android 15 QPR2, we can start working on adding Pixel 9a support to GrapheneOS.

We have a Pixel 9a ordered for our main device farm which has been marked as ready for pickup by the delivery company. It will hopefully be delivered tomorrow. We've generated signing keys and added preliminary support to Auditor and AttestationServer which will need testing.

April 2025 update for the Pixel 9a stock OS is still based on Android 15 QPR1 rather than Android 15 QPR2. They updated the device branch to the April 2025 secur

Changes in version 135.0.7049.79.0:

• update to Chromium 135.0.7049.79

A full list of changes from the previous release (version 135.0.7049.38.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Android Security Bulletin for April 2025 has 2 more vulnerabilities marked as being exploited in the wild.

GrapheneOS fully prevented exploiting both vulnerabilities for locked devices, made both far harder to exploit while unlocked and already had both patched for a while too.

CVE-2024-53150: heap overflow (read) in a Linux kernel USB sound card driverCVE-2024-53197: heap overflow (write) in a Linux kernel USB sound card driver

These vulnerabilities were being exploited by Cellebrite for data extraction from locked Android devices without GrapheneOS.

We have a post from late February about CVE-2024-53197 and 2 other bugs exploited by Cellebrite which they were blocked from exploiting by GrapheneOS:

https://discuss.grapheneos.org/d/20402-cellebrite-exploits-used-to-target-serbian-student-activist

CVE-2024-53150 is almost certainly part of the same batch of vulnerabilities they've

New 25Gbps sponsored server from Macarne is now handling all of our OS/package update traffic for Europe, Africa, Middle East, Central Asia and South Asia:

https://grapheneos.social/@GrapheneOS/114264453740567840

We're looking into the several offers we received for new servers in East and West North America.

Rolling out our recent relatively small OS update with an 70M delta to Stable for all devices uses ~2Gbps for ~6 hours in Europe after a short 3Gbps spike. It then gradually drops. Europe handles ~40% more than North America. Quarterly/yearly updates tend to be 400MB to 800MB.

We also need to figure out the separate issue of needing more VPS instances broadly distributed around the world for our network services like network time. We aren't yet sure how large our own Wi-Fi AP database for network location is going to be so we aren't sure on specs yet.

Macarne has provided a sponsored server to replace our current EU update servers so we can handle current traffic and near future growth. Ryzen 9950X, 128GB RAM, 2x 2TB NVMe and most importantly 25Gbps bandwidth. It's greatly appreciated!

https://macarne.com/

We use GeoDNS and round-robin DNS to distribute load across our servers with automatic failover. Ideally, we can find a good 2nd provider willing to provide sponsored/discounted 2x 10Gbps servers to cover each coast of North America. 2x 25Gbps would be great but not needed yet.

Our existing setup was 8x 2Gbps OVH VPS instances with 4 in Quebec, 2 in France and 2 in Germany. This was getting increasingly overloaded for the 4 major releases per year, and the largest one (Android 16) is coming up soon. European bandwidth usage is also around 50-60% higher.

Yuh app from Swissquote temporarily disabled Play Integrity API enforcement due to complaints from GrapheneOS users and is reimplementing their security checks with support for GrapheneOS based on https://grapheneos.org/articles/attestation-compatibility-guide. We removed it from the list of apps banning GrapheneOS.

See https://github.com/PrivSec-dev/banking-apps-compat-report/issues/509#issuecomment-2753783269 for details. They responded on the issue.

This is one of several apps which has recently stopped banning GrapheneOS due to the guide we provide on using hardware-based attestation as an alternative or full replacement for the Play Integrity API.

Apps enforcing enforcing a Play Integrity API check have nothing to lose by permitting GrapheneOS too via hardware attestation. You'll get positive reviews from our rapidly

Murena sells highly insecure devices without basic privacy/security patches or the standard privacy/security model intact. Direct opposite of GrapheneOS in regards to privacy and security. It also lacks the stability and app compatibility of GrapheneOS...

https://xcancel.com/gael_duval/status/1905171960138547267

Murena, the company behind /e/OS, heavily pushes using both an insecure OS and services. Their services lack end-to-end encryption and are the opposite of private. People purchasing their devices are making a huge privacy and security sacrifice compared to simply using an iPhone.

Murena misleads people into wrongly believing that GrapheneOS is harder to use as their CEO is doing there. GrapheneOS has far better app compatibility, far better stability and unlike /e/OS is a serious production quality OS keeping up with updates and keeping things working.

/e/OS is a fork of LineageOS, a volunteer developed project fo

Second donation to GrapheneOS by the Proton Foundation:

https://discuss.grapheneos.org/d/21033-second-donation-to-grapheneos-by-the-proton-foundation