Bikesharing je nejjednodušší cesta k městské cyklistice. Nemusíte mít vlastní kolo, řešit servis, parkování ani se bát krádeže. Stačí pár kliknutí v telefonu a můžete vyrazit. Možná vás překvapí, jak jednoduché to je.

V tomto videu si povídám s Honzou Střechou z Rekol, nejstarší české služby sdílených kol. Rekola jezdí v Praze už 13 let a za tu dobu pomohla dostat do sedla tisíce lidí. A i když na sdílených kolech jezdíte pravidelně, určitě se dozvíte něco nového ze zákulisí jejich fungování.

Dozvíte se:

✔️ Jak funguje bikesharing v Praze i dalších městech
✔️ Kolik stojí sdílená kola
✔️ Jak využít Lítačku nebo Multisport
✔️ Kde kola vracet a jak správně parkovat
✔️ Proč jsou sdílená kola skvělá pro začátečníky
✔️ Jakou budoucnost má městská cyklistika

#Rekola #Nextbike #Lime #Bikesharing #MěstskáCyklistika #Praha #Cyklistika #Doprava #Kolo #Lítačka

Více v článku: mestskacyklistika.cz/2026/06/2…

Podpořit nás můžete zde:

mestskacyklistika.cz/2025/07/2…

🇪🇺 Európsky parlament prijal uznesenie, v ktorom ostro odsudzuje narušovanie vzdušného priestoru EÚ ruskými dronmi. Podľa europoslancov tieto incidenty nie sú náhodné, ale predstavujú vedomú a systematickú hrozbu pre bezpečnosť, zvrchovanosť a odolnosť členských štátov. Text jasne hovorí, že EÚ sa nenechá touto destabilizačnou kampaňou zastrašiť.

🛑 Rusko nesie plnú a jednoznačnú zodpovednosť za tieto bezohľadné útoky, ktoré priamo ohrozujú ľudské životy. Súčasťou ruskej stratégie je aj agresívna dezinformačná kampaň s cieľom šíriť strach, ochromiť miestnu ekonomiku a vytvoriť zámienku pre prípadné odvetné kroky. Parlament zároveň odsúdil Bielorusko za jeho spoluvinu a hybridné útoky namierené proti Európskej únii.

🤝 Europoslanci vyjadrili absolútnu solidaritu s Estónskom, Fínskom, Lotyšskom, Litvou a Rumunskom, ktorých územia či kritická infraštruktúra čelia ruským provokáciám. Uznesenie zdôrazňuje, že tieto preniky majú otestovať a zneužiť slabiny v detekčných a reakčných kapacitách NATO. Na zvládnutie týchto hrozieb je preto nevyhnutné urýchlene posilniť celé východné krídlo EÚ a NATO od Arktídy až po Čierne more.

🛡️ V reakcii na eskaláciu napätia žiada Parlament urýchlené vybudovanie skutočnej Európskej obrannej únie. Hlbšia integrácia, koordinácia a spoločné využívanie zdrojov sú podľa poslancov jedinou účinnou odpoveďou na ruské hrozby. Zároveň je urgentne potrebné zrýchliť výrobu a dodávky prioritného vojenského materiálu pre Ukrajinu, najmä systémov protivzdušnej obrany, munície, dronov a rakiet.

🌐 Pre efektívne čelenie hrozbám ruských dronov je podľa schváleného textu kľúčová aj úzka spolupráca s Moldavskom. Táto kooperácia pomôže zlepšiť prehľad o situácii a zefektívni výmenu informácií na operačnej úrovni. Z tohto dôvodu uznesenie vyzýva členské štáty, aby zvýšili finančnú podporu pre Moldavsko prostredníctvom Európskeho mierového nástroja.

Tal y como ha anunciado NV Access mediante esta publicación, la beta 4 de NVDA 2026.2 ya se encuentra disponible para descarga y pruebas. Si quieres saber qué ofrece la próxima versión de NVDA antes de que se libere oficialmente, no dudes en descargar esta beta y proporcionar comentarios por los canales de la comunidad, o por el sistema de informe de fallos de NV Access. Esta versión no es apta para entornos de producción.
Al instalar esta beta te unirás al canal beta, y sólo recibirás avisos de actualización de compilaciones beta y candidatas a liberación (rc). El canal beta/rc siempre te mantendrá al día con la versión más reciente de NVDA. La última rc de un ciclo de liberación es idéntica a la última versión estable. Para regresar al canal de versiones estables, instala a mano la última versión estable.

Cambios de la beta 4:

• Traducciones actualizadas.
• Se cambia la disposición de los botones del diálogo «Añadir entrada de diccionario» a vertical.
• Se cambia el seguimiento de la lupa desde el centro de un objeto a su comienzo (por ejemplo, la parte superior izquierda en los idiomas de izquierda a derecha).
• Se corrige el guardado de comentarios en los diccionarios del habla.
• Se añade una categoría de depuración en el registro para la lupa.
• Mejoras en la disposición y los nombres de los ajustes de la lupa.

Cambios de la beta 3:

• Al pulsar NVDA+control+w en pantallas seguras, ahora se abren las opciones de la lupa como estaba previsto.
• Tanto la lupa como el resaltado ahora siguen la celda con el foco en Excel.
• Mejoras en el diseño y los nombres de las opciones de la lupa.

Cambios de la beta 2:

• Traducciones actualizadas. En español, catalán y gallego, se personaliza el gesto por defecto para ampliar la lupa. Debido a un conflicto con otro gesto, se espera un nuevo cambio en la próxima beta.
• Se elimina la opción «Mantener el ratón centrado» de la lupa.
• Mejoras en los nombres y el diseño de las opciones de la lupa.

Cambios destacables

Esta versión incluye una nueva función de ampliación, mejoras en los gestos táctiles y la navegación, y capacidades mejoradas de voz y braille.
El ampliador proporciona opciones de zoom y filtro de color para asistir a usuarios con baja visión.
Actualmente, el ampliador sólo soporta el modo a pantalla completa, dejando los modos acoplados planificados para una futura versión.
Se ha expandido significativamente el soporte táctil con nuevos gestos de pellizcar y con navegación en modo exploración táctil en contenido web. Ahora se puede navegar por enlaces, encabezados, campos de formulario y otros elementos usando deslizamientos táctiles.
Se han mejorado las funciones de voz con soporte de diccionarios del habla personalizados que pueden proporcionarse en complementos y nuevos tipos de entradas de diccionario que proporcionan un control más granular. Se ha añadido una nueva opción en las voces OneCore para controlar las pausas después de la puntuación. Una nueva orden permite repetir la última información verbalizada, con la capacidad de mostrarla en un mensaje explorable. El gesto predeterminado para repetir la última información verbalizada es NVDA+x, y se puede cambiar desde el diálogo Gestos de entrada.
La pantalla braille ahora puede desplazarse automáticamente, y los dispositivos DotPad soportan combinaciones multibotón.
Liblouis se ha actualizado con nuevas tablas braille en italiano y estonio.
Al restablecer NVDA a los valores de fábrica, ahora hay disponible un botón de deshacer para restaurar la configuración anterior.
Para instalar esta beta, puedes configurar el canal «rc y beta» en el complemento Selector del canal de actualización y buscar actualizaciones desde el menú Ayuda de NVDA, o actualizar desde una beta anterior. Y como siempre, también puedes descargar manualmente el instalador de NVDA 2026.2 beta 4. Su suma de comprobación SHA256, que te permitirá garantizar la integridad del archivo descargado, es 0a9ad9e6170bee0fd767fb12865893adda8d4951d350b6b8c0035c647a2e81d7.
¡Feliz martes!

Upgrading this release from a release not yet based on Android 17 requires using the standard over-the-air update system rather than ADB sideload. For users who only update via ADB sideload, we'll be releasing a special Android 16 QPR2 release with a backported fix for the upstream Android bug causing the issue. This bug also exists in the Pixel OS for both Android 16 QPR3 and Android 17 too but it bypasses it through being bloated enough to always trigger a fallback path. We confirmed adding a 1GiB randomly generated file to GrapheneOS would bypass the issue similarly to the stock Pixel OS but we'll be fixing the issue instead.

Tags:

• 2026062100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026061800 release:

• disable MTE for Widevine Rikers service since it's incompatible with it (issue predates Android 17)
• Sandboxed Google Play compatibility layer: avoid opening extra file descriptions to obtain Play services data prefix paths to avoid a compatibility issue with anti-tampering code used by the Kia Connect app and likely others (issue predates Android 17)
• separate GrapheneOS framework resource IDs from AOSP resource IDs to avoid incompatibilities with Pixel vendor components (issue predates Android 17)
• kernel (Pixel 10): fix for an upstream Broadcom Wi-Fi bcm4383 driver memory corruption bug to avoid invalid memory accesses caught by the kernel hardware memory tagging enabled by GrapheneOS
• disable UBLK feature flag for over-the-air updates due to it likely causing update reliability issues for devices with support for it (6.6 kernel or newer)
• disable UBLK for generated over-the-air update packages to force disable it for updates from the initial Android 17 release
• increase the maximum size of log events in production builds to match debug builds to avoid the kernel panic message and traceback being cut off
• use DevicePolicyManager.MAX_PASSWORD_LENGTH PIN length limit for the new upstream SystemUI PIN user interface for entering the PIN outside of the lockscreen to fix support for the expanded limit of 128 on GrapheneOS instead of using Android's limit of 16 (this didn't apply to passwords and it was straightforward to work around it by changing the PIN to a password)
• Settings: show night light settings even when Pixel Comfort View is enabled since we're missing the settings for it (currently only relevant to the 10th gen Pixels other than the Pixel 10a)
• allow using the new flashlight quick tile while locked (GrapheneOS requires unlocking by default for system quick tiles)
• SystemUI: avoid crashing when trying to edit a screen recording without a video editor app
• fix upstream bug causing the security scan in the Settings app to take much longer in Android 17 (also impacts the stock OS)
• fix compatibility issue breaking resetting permissions for apps with special-runtime permissions (Nearby Devices is now split to have Local Network access enabled by default for compatibility for apps not targeting Android 17 and there are bugs with how this is handled)
• Launcher: remove quick search bar from showing on large display devices since Android 17
• Launcher: remove space reserved for the quick search bar since Android 17
• add Pixel Comfort View settings for supported devices (Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold)
• add back error message for entering an incorrect 2nd factor PIN for the GrapheneOS 2-factor fingerprint unlock feature
• fix compatibility with the native zygote spawning system added by Android 17 which isn't enabled yet (this was added to provide more lightweight sandboxed renderer processes for Chromium and will benefit Vanadium even more due to having finer-grained process isolation but isn't used by Chromium/Chrome yet and our secure spawning will need to be ported to it)
• GmsCompatConfig: update to version 171

All of the Android 17 security patches from the current July 2026, August 2026, September 2026, October 2026, November 2026 and December 2026 Android Security Bulletins are included in the 2026062101 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-28591, CVE-2026-28604, CVE-2026-28639, CVE-2026-28662, CVE-2026-28666, CVE-2026-45515, CVE-2026-45531
• High: CVE-2025-22442, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-28582, CVE-2026-28584, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28622, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28630, CVE-2026-28631, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28638, CVE-2026-28643, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28664, CVE-2026-28665, CVE-2026-28667, CVE-2026-28668, CVE-2026-28671, CVE-2026-45513, CVE-2026-45514, CVE-2026-45516, CVE-2026-45517, CVE-2026-45518, CVE-2026-45519, CVE-2026-45520, CVE-2026-45521, CVE-2026-45523, CVE-2026-45524, CVE-2026-45525, CVE-2026-45527, CVE-2026-45528, CVE-2026-45529, CVE-2026-49880
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.

Changes in version 171:

• disable default enabled theft protection notification in Android 17
• update Gradle to 9.6.0

A full list of changes from the previous release (version 170) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

🇪🇺 Európsky parlament schválil nové pravidlá pre návrat štátnych príslušníkov tretích krajín, ktorí sa v EÚ zdržiavajú nelegálne. Cieľom tejto reformy je zjednodušiť a zrýchliť návratové procedúry pri plnom rešpektovaní ľudských a medzinárodných práv. Rozhodnutie o návrate vydané národnými orgánmi bude po novom znamenať povinnosť opustiť územie danej krajiny EÚ okamžite alebo v stanovenej lehote.

🤝 Migranti s rozhodnutím o návrate budú povinní plne spolupracovať s vnútroštátnymi orgánmi. Na zabezpečenie ich odchodu a zabránenie úteku ich bude možné na základe individuálneho posúdenia zaistiť, a to až na dobu 24 mesiacov s možnosťou predĺženia o ďalších 6 mesiacov. Členské štáty však môžu využiť aj alternatívne opatrenia k zaisteniu, ako je napríklad elektronické monitorovanie, finančná záruka alebo povinné hlásenie sa úradom.

🔍 Národné úrady získajú nové vyšetrovacie právomoci, ktoré im pomôžu pripraviť a efektívne zrealizovať proces vyhostenia. Tieto opatrenia zahŕňajú napríklad prehliadky osôb, ich bydliska či iných príslušných priestorov, ako aj prehľadávanie a zaistenie osobných vecí a elektronických zariadení. Všetky tieto kroky však musia podliehať súdnemu alebo administratívnemu povoleniu a musia striktne dodržiavať základné práva a právne záruky.

🌐 Nová legislatíva zavádza možnosť presunúť nelegálnych migrantov do takzvaných „návratových centier“ (return hubs) na území tretích krajín, ktoré s tým budú súhlasiť na základe dohôd s EÚ. Tieto dohody sa môžu uzatvárať len s krajinami, ktoré dodržiavajú ľudské práva, medzinárodné právo a princíp nevrátenia (non-refoulement). Z týchto presunov sú kompletne vylúčení maloletí bez sprievodu a národné orgány musia o takýchto dohodách vopred informovať Európsku komisiu.

Our community is helping us test the initial release of GrapheneOS based on Android 17. It's working very well for most people with very few issues. We've resolved the main regressions reported to us already. We'll start builds for a 2nd public release based on 17 later today after a few more fixes.

The most serious issue we fixed is an upstream memory corruption bug in the Broadcom Wi-Fi driver memory corruption bug for the Pixel 10, 10 Pro, 10 Pro XL and 10 Pro Fold. The invalid memory access is caught by our use of hardware memory tagging which causes a kernel panic instead of allowing it.

We already fixed this Broadcom Wi-Fi bcm4383 memory corruption bug in our 2026050900 release for the Pixel 8a, 9a and 10a. Pixel 6 through 9a share the same kernel source tree which the 10a is based on. Android 17 added the new code with this bug for real 10th gen Pixels which we missed initially.

Android 17 added a unified PIN interface to SystemUI for use outside of the lockscreen. Our PIN scrambling feature now works beyond the lockscreen too. We increase the DevicePolicyManager PIN and password length to 128 but Android's new PIN entry had it hard-wired to 16 which we've resolved now.

We add a feature making system quick tiles require unlocking by default and exclude tiles where it isn't needed which accidentally caused the new flashlight quick tile to require unlocking which is now fixed. Those are the main issues found so far other than minor UI quirks we're working on fixing

GrapheneOS

2026-06-19 18:25:52

We add a feature making system quick tiles require unlocking by default and exclude tiles where it isn't needed which accidentally caused the new flashlight quick tile to require unlocking which is now fixed. Those are the main issues found so far other than minor UI quirks we're working on fixing.

This is the initial release of GrapheneOS based on Android 17.

Due to an upstream Android 17 bug, updating to this release via ADB sideload to recovery from a previous release is unavailable. There will be no issues updating to it over-the-air and we'll provide instructions in our testing channels for early experimental testing prior to Alpha. We've added a workaround resolving updating via ADB sideload from this release to a future release. We're working on a resolution to updating via sideload from a previous release. If necessary, we could make a final release based on Android 16 QPR2 with the same workaround solely released for people who only update via sideloading.

Tags:

• 2026061800 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026061600 release:

• full 2026-06-05 Pixel security patch level (released with Android 17)
• rebased onto CP2A.260605.016 Android Open Source Project release (Android 17)
• revert in-process Opus codec sandboxed with LFI (Lightweight Fault Isolation) to dedicated sandboxed process in order to restore compatibility with hardware memory tagging and avoid likely holes in LFI
• Sandboxed Google Play compatibility layer: add stubs for BluetoothLeBroadcast methods
• Vanadium: update to version 149.0.7827.159.0

All of the Android 17 security patches from the current July 2026, August 2026, September 2026, October 2026, November 2026 and December 2026 Android Security Bulletins are included in the 2026061801 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-28591, CVE-2026-28604, CVE-2026-28639, CVE-2026-28662, CVE-2026-28666, CVE-2026-45515, CVE-2026-45531
• High: CVE-2025-22442, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-28582, CVE-2026-28584, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28622, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28630, CVE-2026-28631, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28638, CVE-2026-28643, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28664, CVE-2026-28665, CVE-2026-28667, CVE-2026-28668, CVE-2026-28671, CVE-2026-45513, CVE-2026-45514, CVE-2026-45516, CVE-2026-45517, CVE-2026-45518, CVE-2026-45519, CVE-2026-45520, CVE-2026-45521, CVE-2026-45523, CVE-2026-45524, CVE-2026-45525, CVE-2026-45527, CVE-2026-45528, CVE-2026-45529, CVE-2026-49880
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.

We built an initial release of GrapheneOS based on Android 17 (2026061700) but aren't going to release it through our Alpha channel due to discovering a serious upstream bug. Android 17 broke support for sideloading updates via recovery unless the OS images are large enough to exhaust COW space.

The stock Pixel OS is drastically larger than GrapheneOS due to having a massive amount of additional bundled app code for Google Mobile Services, many other Google apps and various Pixel apps. It's always above the threshold triggering the fallback code path for sideloading OS updates in recovery.

Over-the-air updates from both older versions to Android 17 and Android 17 to Android 17 work fine. It's only sideloading impacted by this. We don't want to release an OS version with broken OS update sideloading so we've cancelled 2026061700 and are building 2026061800 with a workaround for it.

Our current workaround is to force enable the fallback code path triggered by large OS images. This will fix sideloading an Android 17 version of GrapheneOS to another Android 17 version of GrapheneOS. However, sideloading Android 17 updates to older versions won't work without a further workaround.

We've tried making a build with a randomly generated 1GiB file included to make GrapheneOS about as large as the stock Pixel OS which fully works around the issue. We're not actually going to do that but rather we'll use the workaround forcing the fallback path for now and we'll find a proper fix

Our workaround will provide working sideloading from our initial Android 17 release to a future release. However, it isn't currently possible to sideload from 16 QPR2. We could make an extra 16 QPR2 update for people who only sideload updates with the workaround to use until we make a proper fix.

Google didn't run into this because they add so much bloat to the OS for Google Mobile Services including Google Play services along with a bunch of other Google and Pixel apps. Pixel OS is a lot smaller than the OS on most Android devices but it's drastically larger than AOSP and even GrapheneOS.

GrapheneOS uses ahead-of-time compilation for Java/Kotlin code which greatly increases the size of the apps in the OS images. Despite this, it's still drastically smaller than the Pixel OS. It would be substantially larger if we bundled as much code as they do but instead it's the opposite...

GrapheneOS

2026-06-18 15:10:38

GrapheneOS uses ahead-of-time compilation for Java/Kotlin code which greatly increases the size of the apps in the OS images. Despite this, it's still drastically smaller than the Pixel OS. It would be substantially larger if we bundled as much code as they do but instead it's the opposite...

🇪🇺 Európsky parlament schválil zmeny v nariadení o umelej inteligencii (AI Act), ktoré prinášajú zjednodušujúce opatrenia a odklad niektorých povinností, no zároveň zavádzajú prísny zákaz takzvaných „nudifier“ aplikácií. Tento krok je súčasťou širšieho digitálneho omnibusového balíka, ktorý má za cieľ znížiť byrokraciu a podporiť európske technologické firmy pri dodržiavaní pravidiel bez toho, aby sa zmenil základný rizikovo orientovaný prístup zákona.

⏳ Nová legislatíva posúva termíny uplatňovania viacerých pravidiel, aby poskytla dostatok času na zavedenie potrebných noriem. Povinnosti pre samostatné vysokorizikové AI systémy začnú platiť od 2. decembra 2027 a pre systémy zabudované ako bezpečnostné komponenty od 2. augusta 2028. Zároveň sa do 2. decembra 2026 posúva povinnosť označovať obsah vygenerovaný umelou inteligenciou strojovo čitateľným vodoznakom kvôli zvýšeniu transparentnosti.

🚫 Veľmi dôležitou súčasťou schválených zmien je okamžitý a plošný zákaz AI systémov, ktoré vytvárajú sexuálne explicitný obsah bez súhlasu dotknutej osoby, alebo ktoré generujú materiály so sexuálnym zneužívaním detí. Poskytovatelia a používatelia nebudú môcť tieto aplikácie uvádzať na trh EÚ, pokiaľ nebudú mať adekvátne technické zábrany proti zneužitiu. Spoločnosti dostali čas na zosúladenie svojich systémov s týmto zákazom do 2. decembra 2026.

⚙️ V rámci znižovania byrokracie parlament odstránil prekrývajúce sa pravidlá pre strojové produkty, pričom vyjasnil, že tieto produkty musia spĺňať iba sektorovú bezpečnosť. Spresnila sa aj definícia „bezpečnostného komponentu“, čo znamená, že funkcie AI, ktoré len pomáhajú používateľom alebo optimalizujú výkon, nebudú automaticky považované za vysokorizikové, ak ich zlyhanie neohrozuje zdravie. Výnimky zo zložitých pravidiel, ktoré doteraz platili pre malé a stredné podniky (SME), sa po novom rozšíria aj na spoločnosti so strednou kapitalizáciou (SMC).

Changes in version 149.0.7827.159.0:

• update to Chromium 149.0.7827.159

A full list of changes from the previous release (version 149.0.7827.114.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

This is our final release based on Android 16 QPR2/QPR3 since we've completed our initial port to Android 17 and are resolving regressions to prepare it for a public release very soon.

Tags:

• 2026061600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026060600 release:

• skip replacing pairip Play Store installer check with Play Store source stamp checks for apps installed from the Play Store
• hardened_malloc: add support for Cuttlefish build targets
• Network Location: require TLSv1.3 for Apple and Apple China location services in addition to the GrapheneOS service
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.174
• kernel (6.6): update to latest GKI LTS branch revision
• kernel (6.12): update to latest GKI LTS branch revision
• Vanadium: update to version 149.0.7827.102.0
• Vanadium: update to version 149.0.7827.114.0
• GmsCompatConfig: update to version 170
• Speech Services: update to version 3

All of the Android 16 security patches from the current July 2026, August 2026, September 2026, October 2026, November 2026 and December 2026 Android Security Bulletins are included in the 2026061601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604, CVE-2026-28618, CVE-2026-28639, CVE-2026-28662, CVE-2026-45515, CVE-2026-45531
• High: CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-0053, CVE-2026-0054, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0084, CVE-2026-28572, CVE-2026-28582, CVE-2026-28583, CVE-2026-28584, CVE-2026-28585, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28631, CVE-2026-28632, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28636, CVE-2026-28638, CVE-2026-28642, CVE-2026-28643, CVE-2026-28644, CVE-2026-28645, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28656, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28664, CVE-2026-28665, CVE-2026-28667, CVE-2026-28668, CVE-2026-28670, CVE-2026-28671, CVE-2026-45513, CVE-2026-45514, CVE-2026-45516, CVE-2026-45517, CVE-2026-45518, CVE-2026-45519, CVE-2026-45520, CVE-2026-45521, CVE-2026-45522, CVE-2026-45523, CVE-2026-45525, CVE-2026-45527, CVE-2026-45528, CVE-2026-45529, CVE-2026-49880
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.

Today is the official release day for Android 17. We've already fully ported GrapheneOS to Android 17 and are in the process of pushing the code to our public repositories. We're building a final official release based on Android 16 QPR2 today and we'll do an initial Android 17 release tomorrow.

We've already tested the Android 17 port of GrapheneOS on the Pixel 6a, 7, 7a, 8, 10a, 10 and 10 Pro Fold. It will be possible for people to start building and testing it themselves later today once we finish pushing the code. We'll start the process of public testing for official releases tomorrow.

To clarify the 2nd paragraph, we've ported GrapheneOS to Android 17 for all of the supported devices. That's a list of the devices we already built and tested it. Our initial public release will be available for all the supported devices and we'll have tested it on each by then.

GrapheneOS

2026-06-16 20:56:23

To clarify the 2nd paragraph, we've ported GrapheneOS to Android 17 for all of the supported devices. That's a list of the devices we already built and tested it. Our initial public release will be available for all the supported devices and we'll have tested it on each by then.

Notable changes in version 3:

• sync ONNX session close with runs to avoid upstream memory corruption bugs in ONNX caught by GrapheneOS hardware memory tagging
• update Kotlin to 2.4.0
• update detekt library to 2.0.0-alpha.4
• update AndroidX Core KTX library to 1.19.0

A full list of changes from the previous release (version 2) is available through the Git commit log between the releases.

GrapheneOS Speech Services provides a built-in text-to-speech implementation for GrapheneOS using a fully open source model for English (US) meaning fully open source training code/data. In the future, it will be expanded to other languages and will also provide speech-to-text. The models built into the app included in GrapheneOS must be fully open source but it can be extended to support additional choices for models distributed through our App Store as additional packages without the same constraint.

Major improvements to performance and the quality of the output will be provided in near future releases. The output is currently slightly distorted by one of the audio processing steps which can be fully removed and replaced by training a new model without a dependency on it. The performance can also be heavily improved by removing or optimizing the audio processing followed by implementing hardware acceleration for the model.

Speech Services should be installed from our App Store which can be installed outside GrapheneOS from GitHub.

Mike Kuketz has never had any role in the GrapheneOS project. He certainly isn't a GrapheneOS developer. He uses GrapheneOS and has a widely known privacy blog and community where he has written about it. That doesn't somehow make him part of GrapheneOS.

x.com/CryptoCyberia/status/206…

Kuketz hosts a German language forum about privacy at kuketz-forum.de/. It's hosted with the widely used open source Discourse project. It has the standard account system and metadata retention of Discourse. Many sites use Discourse and he has nothing to do with making it.

People used Discourse's data export feature to obtain their data from his forum and are upset with Kuketz about how much metadata is retained by Discourse. He didn't make the software but rather is using it so that's already a bit extreme but blaming us is absolutely ridiculous.

GrapheneOS has over 400k users. It's hard to understand why one of our users running a Discourse forum is resulting in us suddenly getting attacked across platforms. These attacks on GrapheneOS happening across platforms every single day are increasingly desperate and ridiculous.

Our forum at discuss.grapheneos.org/ is hosted with Flarum rather than Discourse. Neither is written in a language we would have chosen and we would have done things differently. We prefer Flarum over Discourse though and have made small changes to improve privacy and security.

Forum software needs IP addresses to protect against spammers. We use StopForumSpam's database to block spammers from registering. For privacy reasons, we download IP blocklists instead of querying their API and they made a special setup for us to get more than hourly updates.

GrapheneOS

2026-06-13 20:28:29

Forum software needs IP addresses to protect against spammers. We use StopForumSpam's database to block spammers from registering. For privacy reasons, we download IP blocklists instead of querying their API and they made a special setup for us to get more than hourly updates.

Changes in version 149.0.7827.114.0:

• update to Chromium 149.0.7827.114
• enable upstream feature flag for faster default WebView user agent retrieval
• make the reduced default WebView user agent feature compatible with the flag for faster retrieval
• resolve Google app crash caused by an empty NetworkAnonymizationKey in a WebView-specific code path
• fix handling Sensors permission for Motion Sensors site setting
• fix handling schemes and port for Motion Sensors site setting exceptions

A full list of changes from the previous release (version 149.0.7827.102.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 170:

• force Pixel Buds to use standalone mode designed for non-Pixel devices without built-in support for it
• add stub for TelephonyManager.getIccAuthentication() to avoid rare Play services crash
• update Android SDK to 37 (Android 17)
• update Android target SDK version to 37 (Android 17)
• update Android build tools to 37.0.0
• update Kotlin to 2.4.0
• update Kotlin Symbol Processing to 2.3.9
• update Android Gradle plugin to 9.2.1

A full list of changes from the previous release (version 169) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 149.0.7827.102.0:

• update to Chromium 149.0.7827.102
• use default iframe process grouping while we determine which mode would be best

A full list of changes from the previous release (version 149.0.7827.59.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Tags:

• 2026060600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026060100 release:

• Launcher: fix upstream bug causing the recents button to become unresponsive for users with third party launchers
• replace validation of Play Store source stamps with a correct implementation (this isn't yet used for security-sensitive purposes but we plan to begin using it to replace security-relevant Play Store source checks in the near future)
• replace implementation of using Play Store source stamps as a substitute for Play Store installer checks included as part of Play Store anti-tampering protection enabled by certain apps (this prevents using the apps when combined with the Play Integrity API store lising toggles)
• Settings: correctly reset tethering offload developer setting when disabling developer options
• Settings: add one-time reset of tethering offload developer setting to re-enable it for everyone who had it disabled by the upstream Android bug when disabling developer options
• Settings: fix upstream null pointer exception bug in SettingsBasePreferenceFragment when listView is null which occurs with at least one of the developer options
• Pixel 10a: add missing SELinux policy for Pixel Camera TPU usage
• Vanadium: update to version 149.0.7827.59.0
• AppCompatConfig: update to version 5
• AppCompatConfig: update to version 6

All of the Android 16 security patches from the current July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026060601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604, CVE-2026-28618, CVE-2026-28639, CVE-2026-28662
• High: CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-0053, CVE-2026-0054, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0084, CVE-2026-28572, CVE-2026-28582, CVE-2026-28583, CVE-2026-28584, CVE-2026-28585, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28631, CVE-2026-28632, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28636, CVE-2026-28638, CVE-2026-28642, CVE-2026-28643, CVE-2026-28644, CVE-2026-28645, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28656, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28667, CVE-2026-28668, CVE-2026-28670, CVE-2026-28671
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.

In April, Mullvad provided sponsored DataPacket servers for GrapheneOS in Dallas and Frankfurt which each have 50Gbps peak bandwidth capacity. These now serve a large portion of the updates to GrapheneOS users and add a lot of capacity to our other services including our anycast authoritative DNS.

We also have sponsored servers from ReliableSite, Cherry Servers, Zare and Xenyth. There are a total of 8 sponsored servers where 7 are primarily update mirrors. The update mirror servers also serve our website and network services as a replacement for VPS instances for the locations we have them.

We host 2 anycast networks with our own ASN and IP space in order to self-host anycast DNS servers providing the authoritative DNS resolution for all of our services. Both IPv4 /24 blocks we use for anycast DNS were obtained for free via from ARIN via NRPM 4.10 along with the IPv6 space.

Our DNS servers use GeoDNS to direct connections to the lowest latency servers and implement automatic failover via health checks and 5 minute expiry for the DNS records. It provides a lot of redundancy for the many critical services used by GrapheneOS. We essentially run our own CDN for our users.

If one of our DNS servers goes down or fully loses connectivity, BGP routing across the internet will quickly adjust to send traffic to the other servers in the network. If a DNS resolver fails to get an answer from one of the anycast DNS networks, it will automatically fall back to the other one.

Our GeoDNS was recently massively improved via IPinfo.io sponsoring us with free access to their standard GeoIP database. They use over 1300 probes to scan the internet instead of relying on very inaccurate/incomplete WHOIS/geofeed data. We nearly always use the right server thanks to this database.

We need additional dedicated servers for updates and other services in APAC where bandwidth is more expensive (Singapore, Sydney and Tokyo). We also need another server in North America to go along with our 2nd server from Cherry Servers in Amsterdam used to provide our opt-in geocoding service.

We have enough bandwidth for updates in Europe and North America to handle quite a lot of further userbase growth. We do need additional servers for other things. Several other server providers contacted us with sponsorship offers but we mainly need several APAC servers now which is more costly.

A full list of our public-facing servers is available at grapheneos.org/articles/graphe… with links to repositories with the per-service configuration. The most interesting parts are BGP communities configuration for our anycast DNS networks and our email server hosted with Postfix/Dovecot/Rspamd.

GrapheneOS

2026-06-06 20:55:11

A full list of our public-facing servers is available at grapheneos.org/articles/graphe… with links to repositories with the per-service configuration. The most interesting parts are BGP communities configuration for our anycast DNS networks and our email server hosted with Postfix/Dovecot/Rspamd.

GrapheneOS servers

Documentation on GrapheneOS servers.

^GrapheneOS

Changes in version 6:

• stop explicitly marking Uber apps as compatible with Dynamic Code Loading via Storage since there are cases where it's needed (this was automatically detected by the OS prior to AppCompatConfig version 5 which wasn't moved to the Stable channel)
• update Kotlin to 2.4.0

A full list of changes from the previous release (version 5) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 5:

• disable hardened_malloc for the Uber apps by default due to buggy anti-tampering code parsing /proc/self/smaps while allocating a lot of memory and infinite looping until it runs out of memory due to creating new VMAs (also enables other per-app protections by default due to how compatibility entries work)
• extend Chrome configuration to the Beta, Canary and Dev variants
• extend Brave configuration to the Beta and Nightly variants
• use Long integer for bitwise operation to avoid a future issue
• update Android SDK to 37 (Android 17)
• update Android target SDK to 37 (Android 17)
• update Android build tools to 37.0.0
• update Protobuf Gradle plugin to 0.10.0
• update Protobuf libraries to 4.35.0
• update Android Gradle plugin to 9.2.1 and replace deprecated functionality
• update Kotlin to 2.3.20
• update Kotlin Symbol Processing plugin to 2.3.9

A full list of changes from the previous release (version 4) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 149.0.7827.59.0:

• update to Chromium 149.0.7827.59

A full list of changes from the previous release (version 149.0.7827.48.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

🇪🇺 Európsky parlament 20. mája 2026 vyjadril súhlas s uzavretím Dohody o posilnenom partnerstve a spolupráci medzi EÚ a Uzbekistanom. Tento krok predstavuje dôležitý posun k hlbšej politickej a hospodárskej angažovanosti Únie v regióne Strednej Ázie.

🤝 Nové posilnené partnerstvo je vybudované na spoločných hodnotách a obojstranných záujmoch s cieľom rozvíjať vzťahy vo všetkých strategických oblastiach. Tento kooperačný proces má aktívne prispievať k trvalo udržateľnému rozvoju, mieru, stabilite a bezpečnosti. Kľúčovými nástrojmi na dosiahnutie týchto cieľov budú väčšia konvergencia v zahraničnej a bezpečnostnej politike, efektívna ekonomická súčinnosť a podpora multilateralizmu.

🛡️ Súčasťou zmluvy sú štandardné doložky EÚ zamerané na ochranu ľudských práv, agendu Medzinárodného trestného súdu (ICC) a boj proti terorizmu. Dokument striktne definuje aj dôležité zásady a postupy namierené proti šíreniu zbraní hromadného ničenia (ZHN), ako aj ručných a ľahkých zbraní (RĽZ).

🌱 Rozsiahly rámec civilnej spolupráce pokrýva kľúčové oblasti ako zdravotníctvo, životné prostredie, zmenu klímy, energetiku, dane a dopravu. Obe strany sa zaviazali kooperovať aj v otázkach vzdelávania, kultúry, vedy a techniky. Významné miesto v dohode patrí taktiež rozvoju v oblastiach práce, zamestnanosti a sociálnych vecí.

💼 V oblasti justície sa text zameriava na posilňovanie právneho štátu a boj proti korupcii, organizovanému zločinu, praniu špinavých peňazí či financovaniu terorizmu. Obchodná zložka dohody navyše prinesie transparentnejšie regulačné prostredie pre hospodárske subjekty. Pre spoločnosti z EÚ to bude znamenať prístup k výrazným ekonomickým výhodám.

🇪🇺 Európsky parlament 20. mája 2026 schválil stratégiu umelej inteligencie (UI) pre obchod EÚ pomerom hlasov 527 za, 62 proti a 59 sa zdržalo. UI má urýchliť obchod, znížiť náklady pre MSP, zefektívniť dodávateľské reťazce a posilniť colné kontroly balíkov z Číny. Komisia by preto mala integrovať poradenské služby UI do portálu Access2Markets, presadzovať bezpapierový obchod, open-source riešenia a využiť UI na kontrolu dovážaného tovaru.

📈 Konkurencieschopnosť EÚ v priemysle (automobilový, farmaceutický či energetický) bude závisieť od produktivity poháňanej UI, čo musí Komisia obhajovať v obchodných rokovaniach proti nekalým praktikám. Parlament však varuje pred stratou pracovných miest kvôli automatizácii a v obchodných dohodách žiada analýzu vplyvov UI na pracovníkov a ekológiu. Upozorňuje tiež na riziko digitálnej priepasti a technologického vylúčenia globálneho Juhu.

🌍 Europoslanci chcú, aby sa európsky model UI zameraný na človeka a Akt o UI stali globálnym štandardom pre bezpečný obchod. Významnú rolu v tom hrajú digitálne partnerstvá a Rady pre obchod a technológie (TTC) s demokratickými spojencami. Komisia by mala koordinovať spoločné pozície v rámci G7, G20, OECD a OSN s cieľom stanoviť globálnu minimálnu ochranu pred najvážnejšími rizikami UI.

🔒 Digitálne obchodné dohody EÚ musia plne rešpektovať ochranu súkromia a cezhraničný tok dát. Parlament zároveň presadzuje vytvorenie osobitnej pracovnej skupiny pre UI v rámci Svetovej obchodnej organizácie (WTO). Akékoľvek pravidlá WTO pre elektronický obchod musia zabezpečiť politický priestor pre demokratické riadenie technológií a vynútiteľné záruky pre zamestnancov i spotrebiteľov.

🛡️ Technologická suverenita EÚ závisí od prístupu k polovodičom a výpočtovému výkonu, čo si vyžaduje diverzifikáciu dodávateľov a surovinovú diplomaciu. Keďže cloudová infraštruktúra sídli najmä mimo EÚ, uznesenie žiada zavedenie rámcov suverenity cez pripravovaný zákon o rozvoji cloudu a UI a zákon o priemyselnom akcelerátore, ktoré vo verejnom obstarávaní uprednostnia európskych poskytovateľov.

🇮🇩 Európsky parlament schválil 21. mája 2026 dôležité uznesenie, ktoré ostro reaguje na prenasledovanie indonézskych obhajcov ľudských práv a životného prostredia Andrieho Yunusa a Muhammada Rosidiho. Spoločný návrh textu, ktorý predložili politické frakcie EPP, S&D, ECR, Renew a Greens/EFA, získal na plenárnom zasadnutí silnú podporu. 469 poslancov hlasovalo za, 38 bolo proti a 62 sa zdržalo.

🧪 Europoslanci vyjadrili hlboké zdesenie nad brutálnymi útokmi kyselinou z roku 2026, ktorých terčom sa stali práve obaja spomínaní aktivisti kvôli tomu, že odhaľovali nezákonnú ťažobnú činnosť. Tento incident zapadá do širšieho, mimoriadne znepokojujúceho vzorca násilia voči aktivistom v Indonézii. Celá krajina navyše čelí zmenšovaniu občianskeho priestoru, stúpajúcim represiám voči novinárom, obmedzovaniu kritických hlasov, diskriminácii menšín a neustávajúcemu násiliu v regióne Papua a Západná Papua.

⚖️ Uznesenie preto rázne vyzýva indonézske orgány, aby okamžite zabezpečili rýchle, nezávislé a transparentné vyšetrenie oboch útokov kyselinou a postavili vinníkov vrátane objednávateľov a podnecovateľov pred civilné súdy. Indonézia musí bezodkladne zmeniť svoje represívne zákony a garantovať bezpečné prostredie pre prácu environmentálnych aktivistov, novinárov a odborových zväzov, a to bez strachu zo sledovania, obťažovania či vládnych odvetných opatrení.

🚫 Parlament s veľkými obavami sleduje aj nové legislatívne zámery indonézskej vlády, ktoré hrozia ešte väčším potlačením slobody prejavu. Kritika sa ušla najmä pripravovaným návrhom zákonov o dezinformáciách, vysielaní a kybernetickej bezpečnosti. Mimoriadne nebezpečný je podľa europoslancov vládny plán zaviesť povinné preverovanie a certifikáciu obhajcov ľudských práv, čím by štát sám rozhodoval o tom, komu vôbec prizná nárok na právnu ochranu.

🌍 Keďže Indonézia je pre EÚ kľúčovým strategickým partnerom pri zvládaní regionálnych výziev, Parlament žiada, aby Únia vo všetkých vzájomných vzťahoch striktne podmieňovala spoluprácu plnením záväzkov v oblasti ľudských práv, pracovného práva a ekológie. Európska komisia by mala vyčleniť priame financie na ochranu ohrozených aktivistov. Zároveň je nutné zintenzívniť diplomatický tlak na najvyššej úrovni i na medzinárodných fórach a využiť oficiálny dialóg o ľudských právach medzi EÚ a Indonéziou na riešenie kritickej situácie v Papue a Západnej Papue.

Tags:

• 2026060100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026052400 release:

• full 2026-06-01 security patch level
• fix Location access indicator to always properly display when only coarse location is granted too
• kernel (Pixel): fix upstream use-after-free bug in Broadcom Wi-Fi driver caught by hardware memory tagging
• kernel (Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold): fix upstream out-of-bounds array read caught by hardware memory tagging in the DisplayPort driver when using the XReal One Pro (AR glasses) due to the glasses implementing the DisplayPort protocol incorrectly and the kernel driver not properly handling the incorrect data
• kernel (6.1): update to latest GKI LTS branch revision
• kernel (6.6): update to latest GKI LTS branch revision
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.89
• Speech Services: update to version 2
• Vanadium: update to version 149.0.7827.48.0
• Auditor: update to version 92

All of the Android 16 security patches from the current July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026060101 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604, CVE-2026-28618, CVE-2026-28639, CVE-2026-28662
• High: CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-0053, CVE-2026-0054, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0084, CVE-2026-28572, CVE-2026-28582, CVE-2026-28583, CVE-2026-28584, CVE-2026-28585, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28631, CVE-2026-28632, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28636, CVE-2026-28638, CVE-2026-28642, CVE-2026-28643, CVE-2026-28644, CVE-2026-28645, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28656, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28667, CVE-2026-28668, CVE-2026-28670, CVE-2026-28671
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.

June 2026 Android Security Bulletin notes CVE-2025-48595 is being exploited in the wild. It's being widely misreported in tech media as a 0-day vulnerability being exploited. That's a major misunderstanding of Android Security Bulletins and how poorly OEMs keep up with patches.

Google disclosed CVE-2025-48595 to OEMs in a security preview release near the end of September 2025. Those patches are allowed to be shipped right away, so it was included in our 2025092501 release. We noted it was already publicly fixed so it was added to our regular releases too in 2025100300.

We quickly shipped the patch after it was disclosed to OEMs by Google but we plan to do better in the future. SQLite 3.44.5 was released with this backport on 2025-07-24. We weren't previously aware SQLite maintained upstream LTS branches for Android but our plan is to closely follow those now.

In this case, Google slipped up and took 2 months to add the patch to the security preview releases. We plan to avoid that in the future by handling this ourselves because this happens too often. It's also a nice example of how Android Security Bulletins are set extremely low expectations for OEMs.

GrapheneOS quickly ships all security preview patches. Every AOSP patch included in the Android Security Bulletins was already available in GrapheneOS for over a month. We end up shipping patches 2-3 months earlier. Google having such low expectations for OEMs and even themselves is ridiculous.

Android's security patch system doesn't make any sense and is completely at odds with how quickly people can discover and exploit vulnerabilities with the help of LLMs. The security preview release system would be far more reasonable if the embargo for sources and details was no more than 48 hours.

Google's embargo system harms security for nearly all Android users by setting the expectation of patches taking 2 to 6 months for OEMs to ship after disclosure. Patches are available to sophisticated attackers as soon as Google discloses them to OEMs. A partial embargo for months makes no sense.

GrapheneOS

2026-06-02 17:10:59

Google's embargo system harms security for nearly all Android users by setting the expectation of patches taking 2 to 6 months for OEMs to ship after disclosure. Patches are available to sophisticated attackers as soon as Google discloses them to OEMs. A partial embargo for months makes no sense.

🇪🇺 Európsky parlament uplynulý štvrtok jasnou väčšinou hlasov (440 za, 49 proti, 84 sa zdržalo) schválil modernizáciu pravidiel na ochranu a podporu obetí trestných činov. Nová legislatíva výrazne posilňuje ich postavenie priamo počas trestného konania. Obete dostanú lepšiu informačnú aj emocionálnu podporu priamo v priestoroch súdu, no najmä nové právo na utajenie osobných údajov pred páchateľom. Pre ľudí s obmedzenými finančnými možnosťami bude zabezpečená bezplatná právna pomoc a urýchli sa aj celý proces vyplácania odškodného.

📞 Pre okamžitú pomoc a nasmerovanie na správne služby vznikne nová sieť pomoci dostupná cez internet a mobilné aplikácie. Kľúčovým pilierom reforiem bude jednotné celoeurópske telefónne číslo 116 006, na ktoré sa budú môcť obete kedykoľvek bezplatne obrátiť a získať potrebné informácie, podporu či odporúčania na nadväzujúce služby.

💻 Nahlasovanie trestných činov bude oveľa jednoduchšie vďaka možnosti podať oznámenie online. Nové pravidlá navyše garantujú, že sa k spravodlivosti efektívne dostanú aj ľudia s obmedzenou osobnou slobodou – napríklad cudzinci z krajín mimo EÚ v imigračných zariadeniach alebo klienti v zariadeniach ústavnej starostlivosti (ako sú domovy seniorov a centrá pre osoby so zdravotným postihnutím). Celý proces uľahčí aj možnosť nahlasovania činov tretími stranami prostredníctvom organizácií občianskej spoločnosti.

🩹 Systém bude k obetiam pristupovať individuálne na základe posúdenia od vyškolených odborníkov, pričom osobitný dôraz sa kladie na obete sexuálneho násilia. Tým sa garantuje rýchly prístup k špecializovanej zdravotnej starostlivosti vrátane núdzovej antikoncepcie, postexpozičnej profylaktickej liečby (PEP), testovania na pohlavne prenosné infekcie a k interrupciám.

🧸 Najvyšší možný štandard ochrany a podpory čaká detské obete, kde sa zavedie citlivý prístup prispôsobený ich veku. Všetky kľúčové úkony a služby. Ako napríklad lekárske vyšetrenia, psychologická pomoc, nahrávanie výpovedí na video či potrebná administratívna pomoc, by sa mali ideálne odohrávať v rámci tých istých priestorov, aby sa dieťa vyhlo opakovanej traumatizácii.

Notable changes in version 2:

• switch to ABI specific APKs (reduces APK size from 162MB to 76MB for 64-bit ARM)
• fix ONNX resource leaks and refactor usages of ONNX APIs
• handle null TTS voice name to avoid crashes with mismatched languages
• fix phonemizer crashes and text handling on malformed input including edge cases for Markdown links
• fix US abbreviation pronunciation via dictionaries

A full list of changes from the previous release (version 1) is available through the Git commit log between the releases.

GrapheneOS Speech Services provides a built-in text-to-speech implementation for GrapheneOS using a fully open source model for English (US) meaning fully open source training code/data. In the future, it will be expanded to other languages and will also provide speech-to-text. The models built into the app included in GrapheneOS must be fully open source but it can be extended to support additional choices for models distributed through our App Store as additional packages without the same constraint.

Major improvements to performance and the quality of the output will be provided in near future releases. The output is currently slightly distorted by one of the audio processing steps which can be fully removed and replaced by training a new model without a dependency on it. The performance can also be heavily improved by removing or optimizing the audio processing followed by implementing hardware acceleration for the model.

Speech Services should be installed from our App Store which can be installed outside GrapheneOS from GitHub.

Initial release.

Speech Services should be installed from our App Store which can be installed outside GrapheneOS from GitHub.

🇪🇺 Európsky parlament schválil nové pravidlá na kontrolu zahraničných investícií v EÚ, ktoré zásadne menia spôsob, akým sa preverujú finančné toky z pohľadu bezpečnosti. Doterajší systém z roku 2019 bol totiž príliš roztrieštený, čo zahraniční aktéri často využívali na získavanie vplyvu v krajinách s najslabšou ochranou. Nová legislatíva preto plošne rozširuje zoznam strategických sektorov, ktoré budú povinne podliehať prísnemu bezpečnostnému preverovaniu.

🛡️ K doterajšej energetike, doprave a obrannému priemyslu teraz pribúdajú ďalšie vysoko citlivé oblasti. Po novom budú musieť členské štáty povinne monitorovať investície do polovodičov, generatívnej umelej inteligencie, kvantových technológií či strategických surovín. Pod prísnejší dohľad spadajú aj finančné a volebné systémy, pokročilé šifrovanie a moderné biotechnológie.

🔍 Veľkou zmenou je zameranie sa na obchádzanie pravidiel a skryté formy investovania. Kontrola sa bude po novom týkať aj investícií v rámci samotnej EÚ, pokiaľ ich realizuje dcérska spoločnosť firmy, ktorá sídli mimo Únie. Nový systém navyše efektívne zachytí súbežné akvizície rovnakého investora vo viacerých štátoch naraz. Doteraz totiž bolo možné takéto transakcie účelovo rozdeliť a národné predpisy tak obísť.

⚠️ Povinné nahlasovanie sa dotkne aj investícií s netransparentnou vlastníckou štruktúrou. Hlavným cieľom tohto kroku je zabrániť krajinám ako Rusko a Čína v získavaní prístupu k citlivým európskym technológiám a kritickej infraštruktúre, o ktorý sa často pokúšajú maskovaním prostredníctvom zdanlivo bežných komerčných obchodov.

⏱️ Nové nariadenie, ktoré vstúpi do platnosti do 12 mesiacov, zavádza jednotné postupy a harmonogramy pre celú EÚ a výrazne posilňuje spoluprácu s Európskou komisiou. Tá bude môcť navrhovať nápravné opatrenia, no konečné slovo o povolení či zablokovaní investície zostáva plne v rukách konkrétneho členského štátu. Tieto podmienky budú navyše zapracované do chystaného priemyselného zákona ako priama reakcia na dlhoročné snahy Číny o zneužívanie investícií na získanie európskeho know-how.

Notable changes in version 92:

• permit expired attestation roots until Pixel 6 support is dropped since the original attestation root expired on 2026-05-24 but is still used for 6th gen Pixels and remote key provisioning providing ongoing key rotation for per-app keys chaining to the root only fully launched with 7th generation Pixels (Permitting fixes initial pairings with 6th gen Pixels and has no negative impact on Auditor. Phasing out all but the latest root for the initial verification of the Pixel 7 and later can be attempted in a near future release to improve the initial verification prior to having the per-pairing hardware attestation signing key pinned on the Auditor side.)
• raise minimum Auditor version to 89 which has been out for over a year
• remove support for end-of-life Pixels which have been end-of-life for around 2-3 years
• raise minimum patch level for verification to 2025-05-05
• raise minimum OS version for verification to Android 14 since Android 13 security support has ended
• validate remote-verify QR before persisting account state
• update Gradle to 9.5.1
• update Bouncy Castle library to 1.84
• update Guava library to 33.6.0
• update CameraX library to 1.6.1
• update Material Components library to 1.14.0
• avoid a potential crash from a rare UI race condition
• remove unnecessary debug logging to avoid having remote verification enrollment QR code contents in saved logs
• remove legacy code

A full list of changes from the previous release (version 91) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

Changes in version 149.0.7827.48.0:

• update to Chromium 149.0.7827.48
• improve implementation of the per-site motion sensors site setting added by GrapheneOS

A full list of changes from the previous release (version 149.0.7827.22.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.