Tags:

• 2025121200 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, emulator, generic, other targets)

Changes since the 2025121000 release:

• disable notification summaries and organizer features due to AOSP and GrapheneOS lacking the AI models used to implement these features
• add workaround for notification background appearance regression in Android 16 QPR2
• Vanadium: update to version 143.0.7499.109.0
• GmsCompatConfig: update to version 167

All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2025121201 security preview release. List of additional fixed CVEs:

• High: CVE-2025-32348, CVE-2025-48641, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018

2025121201 provides at least the full 2026-01-01 Android and Pixel security patch level but will remain marked as providing 2025-12-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

We've received a 2nd IPv4 /24 subnet from ARIN for our 2nd anycast DNS network. Both our /24 subnets were obtained quickly under the NRPM 4.10 policy for IPv6 deployment for our dual stack DNS use case. 2nd was obtained without waiting 6 months due to being a discrete network.

We host our own authoritative DNS servers to provide DNS resolution for our services. Authoritative DNS are the servers queried by DNS resolvers run by your ISP, VPN or an explicitly user chosen one such as Cloudflare or Quad9 DNS. We now have our own AS and IP space for this.

Our ns1 has 11 locations on Vultr: New York City, Miami, Los Angeles, Seattle, London, Frankfurt, Singapore, Mumbai, Tokyo, Sao Paulo and Sydney.

Our ns2 has 4 locations on BuyVM: New York City, Miami, Las Vegas and Bern. We'll be adding a 2nd server provider for more locations.

DNS resolvers quickly fall back to the other network if traffic is dropped. Having two discrete networks with separate hosting companies and transit providers provides very high reliability. Individual servers which go down also stop having traffic routed to them due to BGP.

We have tiny website/network servers and also powerful update mirrors around the world. Our DNS servers use a combination of a GeoIP database and their own location to route users to the closest server that's up. Frequent health checks and low expiry time handle server downtime.

Changes in version 167:

• add stub for BluetoothA2dp.setConnectionPolicy() to fix a crash with a new version of Android Auto

A full list of changes from the previous release (version 166) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Comparing config-166...config-167 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

Changes in version 143.0.7499.109.0:

• update to Chromium 143.0.7499.109

A full list of changes from the previous release (version 143.0.7499.52.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 143.0.7499.52.0...143.0.7499.109.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Jolla has spent years disparaging projects based on the Android Open Source Project (AOSP) for marketing. SailfishOS has a largely closed source user interface and application layer with no equivalent to the open source AOSP. It's far less private and secure than AOSP or iOS too.

Jolla recently launched a new product so their supporters are understandably trying to promote it. As part of that, they've been posting about it in replies to posts about GrapheneOS. We've replied to some of it with our perspective within threads originally about GrapheneOS.

Since we dared to post accurate information in threads about GrapheneOS where they mentioned us in replies to promote it, their forum is being used as a place to attack GrapheneOS including libelous attacks towards our team referencing harassment content:

forum.sailfishos.org/t/sailfis…

Several of their supporters are taking the usual approach of calling us crazy and delusional while referencing harassment content at the same time as calling the factual info we posted aggressive. They're brigading discussions about GrapheneOS with attacks so we made this thread.

Brigading threads about an open source project and attacking the team with libelous claims is toxic. Defending ourselves from it with factual statements is not toxic. Repeating dishonest attacks on our team based on similar attacks over and over doesn't make it any less untrue.

Sailfish OS: Clarifying claims about open/closed source, security and privacy

Actually Jolla say that “Sailfish OS is partially open source, but not fully open source in the sense of “every part of the OS is free/open-source.

^{Sailfish OS Forum}

This is our first non-experimental release based on Android 16 QPR2 after our initial experimental 2025120800 release.

The change to the style of notification backgrounds is an upstream regression rather than an intentional change to a more minimal style. It will be fixed in a subsequent release since we decided it isn't important enough to delay this.

Tags:

• 2025121000 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, emulator, generic, other targets)

Changes since the 2025120400 release:

• full 2025-12-05 security patch level
• rebased onto BP4A.251205.006 Android Open Source Project release (Android 16 QPR2)
• disable promotion of identity check feature not currently present in GrapheneOS due to depending on privileged Google Mobile Services integration
• GmsCompatConfig: update to version 166

All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2025121001 security preview release. List of additional fixed CVEs:

• High: CVE-2025-32348, CVE-2025-48641, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018

2025121001 provides at least the full 2026-01-01 Android and Pixel security patch level but will remain marked as providing 2025-12-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Android 16 QPR2 experimental releases will be available soon. We're dealing with a lot of attacks on the project branching off from the smear campaign in France. We'd appreciate if our community would debunk this nonsense across platforms for us so we can focus on QPR2. Thanks.

If you see the fake story about someone claiming to be charged with premeditated murder because GrapheneOS supposedly didn't protect their data, see nitter.net/GrapheneOS/status/1… for a thorough debunking. Their story keeps changing and clearly isn't real. They may be a career criminal but this is fake.

@archos super, díky.
Pomalu se degooglizuji, jak se zabydlím na #grapheneos , chtěl bych postoupit dál. Mrknu pak na #Nextcloud ... a nejspíš se ještě ozvu 🙂

@neil

I'm on #GrapheneOS without MicroG or anything Google at all, so I use UnifiedPush to get notifications from #Fedilab, #Element and #ElementX (and something else I've forgotten LOL).

I set up family members with Element using UnifiedPush as, although they have Play Services, I prefer not to give Google (or by extension Trump atm) metadata about who my family talks to and when.

I only wish @nextcloud , @PixelFed , @loops etc. would get on board!

#UnifiedPush #Privacy #Google

Changes in version 166:

• add initial stubs for Android 16 QPR2

A full list of changes from the previous release (version 165) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Comparing config-165...config-166 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

Be careful, if the product is too secure, the user may be a criminal. This is how some parts of the EU think about security and data protection.

#grapheneos #freedom #security

🛡️ Level: Paranoia+

📱 Hlavní profil: jen FOSS aplikace. Čistota, minimalismus.
🛠️ Pracovní profil: WhatsApp, navigace, sportovní apky — prostě věci, které by mi hlavní profil zbytečně „zašpinily“.

💰 Bankovní profil: jen banky. Jo, mám na to celý profil. Ano, je to přesně tak extrémní, jak to zní.

A teď jen čekám, jak dlouho tohle digitální odříkání vydržím, než mě něco donutí založit čtvrtý profil… nebo to prostě prdnu všechno zpátky na hlavní. 🤣
#grapheneos

Tags:

• 2025120400 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, emulator, generic, other targets)

Changes since the 2025111800 release:

• full 2025-12-01 security patch level (has already been fully provided by our security preview releases for at least a month and most of the patches since September)
• add experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold (there were 2 standalone experimental releases prior to this via 2025112500 and 2025113000 along with corresponding security preview releases for each)
• Cell Broadcast Receiver: switch back to our modified text for the presidential alerts toggle
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.158
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.116
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.60
• Auditor: update to version 90
• Vanadium: update to version 143.0.7499.34.0
• Vanadium: update to version 143.0.7499.34.1
• Vanadium: update to version 143.0.7499.34.2
• GmsCompatConfig: update to version 164
• GmsCompatConfig: update to version 165

All of the Android 16 security patches from the current January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025120401 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48631, CVE-2026-0006
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 143.0.7499.52.0:

• update to Chromium 143.0.7499.52

A full list of changes from the previous release (version 143.0.7499.34.2) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 143.0.7499.34.2...143.0.7499.52.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Changes in version 143.0.7499.34.2:

• avoid always open external links in Incognito mode causing bookmarks to always open in it
• enable autofill configuration screens regardless of autofill settings
• remove unused Google autofill status
• enable Drumbrake WebAssembly interpreter for x86_64 builds used in the emulator too

A full list of changes from the previous release (version 143.0.7499.34.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 143.0.7499.34.1...143.0.7499.34.2 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Přechod mezi telefony je na Androidu pořád hodně práce

Konečně je GrapheneOS dostupný také pro Pixel 10 a já na něj mohl konečně přejít. Jak jednoduchá byla migrace na nový telefon? GrapheneOS má nejpokročilejší zálohovací/migrační nástroj, jaký jsem na Androidu zkoušel, jak ale píšu v článku, i tak je to pořád z nemalé části manuální proces.

#android #grapheneos #pixel10pro #seedvault

blog.eischmann.cz/2025/12/02/p…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)

Our security preview releases have provided the December 2025 security patches for the Android Open Source Project since September 2025. December 2025 security patches are now public and being integrated into our regular releases while our security previews have up to March 2026.

A bunch of the patches previously scheduled for December 2025 were made optional and deferred to future months so they're not listed in the public bulletin. That's why even our September 2025 security preview releases list CVEs which are still not public in December 2025.

The reason patches get deferred is because OEMs aren't capable of quickly integrating, testing and shipping patches. When issues are identified including an OEM having trouble with it, they'll often defer it to a future month. Our security previews can continue shipping these.

GrapheneOS is the only Android-based OS providing the full security preview patches. Samsung ships a small subset of their flagship devices. Pixel stock OS gets a portion of it early but we aren't sure exactly how much since they don't follow their guidelines for listing patches.

Providing our security preview patches is a lot of work for us. It requires a full time developer spending a significant fraction of their time on it. It's hard to understand why large companies can't keep up with these patches but what matters is that we can provide them early.

Android security preview patches are currently backports to Android 13, 14, 15 and 16. Since GrapheneOS is based on Android 16 QPR1, we need to forward port the patches from 16 to 16 QPR1. Our understanding is they're going to start backporting to some quarterly releases too.

Android 16 QPR2 appears to be the first quarterly release of Android which is going to be shipped by non-Pixel devices. If that's the case, they'll need to start providing security preview patches backported to it too. It's not clear if it will happen for every quarterly release.

Spending a significant amount of time on this is part of the reason GrapheneOS feature development has slowed down. Expanding our servers and now migrating away from OVH is another. We'll be hiring more people and improving our organization structure to get things moving better.

We would greatly prefer it if patches were disclosed to OEMs 1 week ahead instead of 2-4 months ahead so our security preview releases would only need to exist for a week and regular releases would get the patches much faster. OEMs should just hire far more people and do better.

Changes in version 143.0.7499.34.1:

• fix regression for setting opening external links in Incognito mode
• disable search engine compose plate feature to avoid a UI feature exclusive to Google search promoting AI mode

A full list of changes from the previous release (version 143.0.7499.34.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 143.0.7499.34.0...143.0.7499.34.1 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

We now have experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold.

Our initial 2025112500 release for these is available through our web installer or releases page on our staging site:

staging.grapheneos.org/install…staging.grapheneos.org/release…

GrapheneOS web installer

Web-based installer for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

^GrapheneOS

A false narrative is being pushed about GrapheneOS claiming we're ending operations in France due to the actions of 2 newspapers. That's completely wrong. If both newspapers and the overall French media had taken our side instead of extreme bias against us, we'd still be leaving.

We're ending operations in France and ending our use of French companies (mainly OVH) to provide services because of direct quotes by law enforcement in dozens of French news publications. Their inaccurate claims about GrapheneOS and thinly veiled threats were our sign to leave.

French law enforcement hijacked the servers of companies selling secure phones multiple times and is comparing us with those companies. They've made it clear they expect access to phones and will go after us if we do not cooperate. Cooperating with that means adding a backdoor.

We were already moving away from OVH over time. We didn't have authoritative DNS or update mirrors on it anymore prior to this. We were only going to be using it for our website/network service instances which are tiny servers with only static content and reverse proxies.

We couldn't see any of the specific claims from French law enforcement until the news stories were published. French law enforcement are wrongly conflating GrapheneOS with products using portions of our code. Claims about our features, distribution and marketing are inaccurate.

French law enforcement brought up SkyECC and Encrochat, two companies they went after with arrests and server seizures. They made it very clear they'll go after us similarly if they're able to conjure a good enough justification and we don't cooperate by providing device access.

Thinly veiled threats from law enforcement are quoted in several of the news article including archive.is/UrlvK. We don't store user data and cannot bypass brute force protection for encryption. Cooperating to provide device access means one thing: encryption backdoors.

Používám GrapheneOS už několik let a je super vidět, jak komunita pořád roste.
Mám proto otázku na ostatní:
Jak řešíte profily a Google služby?

– jedete jeden hlavní profil + sandboxed Google Play,
– používáte více profilů (např. hlavní bez Googlu, druhý pro appky),
– spoléháte na Private Spaces (soukromé prostory),
– nebo jste úplně bez Googlu a stačí vám Aurora Store?

Vyzkoušel jsem všechny varianty, ale zajímají mě vaše reálné zkušenosti.
Co vám dlouhodobě funguje nejlíp?
Já se přiznám, že jedu jeden hlavní profil se sandboxed Google Play.
Důvod je jednoduchý:
– v práci mi volají přes WhatsApp,
– jedna pracovní appka přes Auroru nefungovala,
– a několikrát denně používám navigaci v autě.

Přepínání profilů mě po čase prostě přestalo bavit.

#grapheneos

• Hlavní profil + sandboxed Google Play (40%, 6 votes)
• Více profilů (26%, 4 votes)
• Private Spaces (0%, 0 votes)
• Bez Googlu, jen Aurora a F-droid (33%, 5 votes)

When your phone is designed for #AI, but your OS doesn't have it, you have plenty of memory for useful apps.

#GrapheneOS #Android #pixel10pro

Anyone interested in #Pixel6a with #GrapheneOS pre-installed? I'm selling mine for 2500 CZK (€100) + shipping.

If you'd like to try GrapheneOS on something cheaper before committing to it with a more expensive phone, this is a great option. It's what I did and happily used the phone for almost a year. It has a surprisingly good camera for the price.

nechces.cz/~sesivany/019ccbe7-…

We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now.

Our App Store verifies the app store metadata with a cryptographic signature and downgrade protection along with verification of the packages. Android's package manager also has another layer of signature verification and downgrade protection.

Our System Updater verifies updates with a cryptographic signature and downgrade protection along with another layer of both in update_engine and a third layer of both via verified boot. Signing channel release channel names is planned too.

Our update mirrors are currently hosted on sponsored servers from ReliableSite (Los Angeles, Miami) and Tempest (London). London is a temporary location due to an emergency move from a provider which left the dedicated server business and will move. More sponsored update mirrors are coming.

Our ns1 anycast network is on Vultr and our ns2 anycast network is on BuyVM since both support BGP for announcing our own IP space. We're moving our main website/network servers used for default OS connections to a mix of Vultr+BuyVM locations.

We have 5 servers in Canada with OVH with more than static content and basic network services: email, Matrix, discussion forum, Mastodon and attestation. Our plan is to move these to Netcup root servers or a similar provider short term and then colocated servers in Toronto long term.

France isn't a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed. We don't feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries.

We were likely going to be able to release experimental Pixel 10 support very soon and it's getting disrupted. The attacks on our team with ongoing libel and harassment have escalated, raids on our chat rooms have escalated and more. It's rough right now and support is appreciated.

It's not possible for GrapheneOS to produce an update for French law enforcement to bypass brute force protection since it's implemented via the secure element (SE). SE also only accepts correctly signed firmware with a greater version AFTER the Owner user unlocks successfully.

We would have zero legal obligation to do it but it's not even possible. We have a list our official hardware requirements including secure element throttling for disk encryption key derivation (Weaver) combined with insider attack resistance. Why aren't they blaming Google?

In Canada and the US, refusing to provide a PIN/password is protected as part of the right to avoid incriminating yourself. In France, they've criminalized this part of the right to remain silent. Since they're criminalized not providing a PIN, why do they need anything from us?

můžu se prosím zeptat? Při zběžné prohlídce webu #grapheneos jsem nenašel odpověď.

Plánuji si vytvořit 3 profily:
1. Degooglovaný, jako primární soukromý
2. Soukromý s Googlem kvůli bankovnictví
3. Firemní
Dává to smysl?

Jestli jsem to správně pochopil, tak mají Pixely dvě SIM. Jedna je virtuální, druhá fyzická. (Mířím na Pixel 8a)
Virtuální bych použil pro soukromou SIM, fyzickou pro firemní, abych ji mohl kdykoliv zahodit a nepárat se s přenastavováním virtuálky. Dává to smysl?

Jak ty SIM fungují s jednotlivými profily? Nějak se těm profilům přiřazují, nebo fungují obě na všech, nebo je to jinak?

Notable changes in version 90:

• add support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold with either the stock OS or near future GrapheneOS releases
• add back check for Auditee support for remote verification
• update Android target API level to 36 (Android 16)
• switch transition for QR scanning activity to handle target API level 36 predictive back more smoothly
• properly distinguish unknown vs. invalid values for extended GrapheneOS security information covering auto-reboot, etc.
• fix displaying lowest possible auto-reboot timer supported at a low-level in the OS
• remove unused support for new pairings without StrongBox (secure element keystore as opposed to a less secure Trusted Execution Environment keystore)
• add support for new key attestation root certificate launching in February 2026
• add new protocol version 7 with a new DEFLATE dictionary adding the new attestation root and dropping the non-StrongBox sample
• raise minimum app version for Auditee to 87 which was released over a year ago
• add new far future Let's Encrypt roots to TLS key pinning configuration
• drop obsolete workaround for old Android versions on 6th gen Pixels not declaring attest key support
• drop unsupported legacy devices without Android 13 or later from supported device list
• enable hardware memory tagging for use outside of GrapheneOS in the narrow cases where it's available for apps opting into it (Android 16 Advanced Protection Mode on hardware with support for MTE)
• update ZXing barcode scanning library to 3.5.4
• update CameraX (AndroidX Camera) library to 1.5.1
• update Bouncy Castle library to 1.82
• update Guava library to 33.5.0
• update Material Components library to 1.13.0
• update AndroidX Core library to 1.17.0
• update AndroidX AppCompat library to 1.7.1
• update Gradle to 9.2.1
• update NDK to 29.0.14206865
• update Android Gradle plugin to 8.13.1
• update Kotlin to 2.2.21
• update Android build tools to 36.1.0

A full list of changes from the previous release (version 89) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

Releases · GrapheneOS/AppStore

Contribute to GrapheneOS/AppStore development by creating an account on GitHub.

^GitHub

Changes in version 165:

• disable DeviceDoctor subsystem to avoid failing to notify users about certain Play services crashes from it killing the process after handling uncaught exceptions itself

A full list of changes from the previous release (version 164) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Comparing config-164...config-165 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

Changes in version 164:

• add stub for BluetoothLeBroadcastAssistant::getConnectedDevices()
• update Android Gradle plugin to 8.13.1

A full list of changes from the previous release (version 163) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Comparing config-163...config-164 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

We host our own authoritative DNS servers to provide DNS resolution for our services. Authoritative DNS are the servers queried by DNS resolvers run by your ISP, VPN or an explicitly user chosen one such as Cloudflare or Quad9 DNS. We now have our own AS and IP space for this.

You can see information about our AS and IP space here:

bgp.tools/as/40806

We received a free ASN, IPv6 /40 and IPv4 /24 from ARIN. We use one IPv6 /48 for our ns1 anycast DNS network and one for our anycast ns2 network. We're using the IPv4 /24 for ns2 and need another.

Our ns1 network currently has 10 locations: New York City, Miami, Los Angeles, Seattle, London, Frankfurt, Singapore, Mumbai, Tokyo and Sydney. We're considering moving London to Amsterdam. We plan to add a South American location and perhaps Warsaw. ns2 isn't as scaled out yet.

Our ns2 network currently has New York City, Miami, Las Vegas and Bern.

Here's latency to ns1:

ping6.ping.pe/ns1.grapheneos.o…
ping.pe/ns1.grapheneos.org

Here's latency to ns2:

ping6.ping.pe/ns2.grapheneos.o…
ping.pe/ns2.grapheneos.org

We plan to add more locations to ns2 via another provider.

When we begin a reboot of a server, the change propagates across all internet backbone routers within a few seconds. This provides high availability for server downtime too. We have 2 networks so routing/transit issues or a malfunctioning server don't break using our services.

For ns1, there's a mix of different upstream transit providers. We've done traffic engineering with BGP communities configuration to get traffic routed to the right places. We prioritize Arelion and NTT since nearly all locations have both and we can configure their routing well.

We make the routes announced by our servers deprioritized when propagated into other continents for Arelion, Cogent and NTT. We deprioritize transit ruining global routing (GTT, Lumen) and block some peering (RETN, Bharti). We deprioritize Cogent since only 3 locations have it.

Our authoritative DNS server setup is largely in a public Git repository:

github.com/GrapheneOS/ns1.grap…

Here's our BGP communities setup ns1 New York City as an example:

github.com/GrapheneOS/ns1.grap…

Here's ns1 Miami with different handling for South America:

github.com/GrapheneOS/ns1.grap…

We have two main groups of servers around the world:

1) website and OS network services

github.com/GrapheneOS/ns1.grap…
github.com/GrapheneOS/ns1.grap…

2) update mirrors, which are currently 3x sponsored dedicated servers with 10Gbps

github.com/GrapheneOS/ns1.grap…

We'll have more of both soon.

We're in the process of our website and OS network services away from OVH due to the threats from French law enforcement. We're going to add nodes in South America, India, Japan and Australia as part of this. We also have 5 non-static-content servers in Canada to move off OVH.

The servers with more than static content are our discussion forum and attestation service for our users along with our email, Matrix and Mastodon servers for our project. These will move to colocated servers in Toronto long term but short term we'll just switch providers for it.

We're going to be moving the production second release of GrapheneOS based on Android 16 QPR1 to our Stable channel in the near future. Most significant confirmed regression is a crash in a new clock customization UI. It's solid and we don't seem to need a 3rd release first.

We're actively working on finishing support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold. It will likely be ready within a few weeks but we can't provide any specific timeline. It depends on which issues come up and how quickly we can get those resolved.

France's cybersecurity agency was previously actively using GrapheneOS. They helped us by auditing our code and submitting bug reports such as this one:

github.com/GrapheneOS/hardened…

They also made suggestions for security improvements to improve protection against exploits.

France was actively using GrapheneOS on a national level via ANSSI. They benefited from our open source code available to them for free as it is to everyone else in the world. This makes it all the more ridiculous that French state agencies are now heavily attacking GrapheneOS.

We're being contacted by a bunch of journalists about French law enforcement agencies sending out warnings about GrapheneOS and contacting the media to fearmonger with false and unsubstantiated claims. Meanwhile, ANSSI actively sought out our code to defend their infrastructure.

Every user of Android and other Linux distributions, macOS and iOS in France has benefited from GrapheneOS contributing to open source projects used in these systems. Ideas we came up with for defenses were also deployed in these. French law enforcement literally uses our code.

Based on our update server download statistics, GrapheneOS is approaching 400k users around the world. A majority of those users are in Europe with a large number in France. Only a small handful of people being arrested who use it is in fact strong evidence against their claims.

Meanwhile, the FBI and European law enforcement facilitated years of organized crime in Europe via Operation Trojan Shield while infringing on our copyright and trademarks. How about they start by arresting themselves? See our other thread about this:

grapheneos.social/@GrapheneOS/…

Here's France's ANSSI agency proposing an exploit protection to defend against apps being exploited:

github.com/GrapheneOS/os-issue…

Today, our restrictions for Dynamic Code Loading via both memory and storage cover protecting against this and are enforced for the whole base OS.

Changes in version 143.0.7499.34.0:

• update to Chromium 143.0.7499.34

A full list of changes from the previous release (version 142.0.7444.171.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Release 143.0.7499.34.0 · GrapheneOS/Vanadium

Changes in version 143.0.7499.34.0: update to Chromium 143.0.7499.34 A full list of changes from the previous release (version 142.0.7444.171.0) is available through the Git commit log between th...

^GitHub

Tags:

• 2025112100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025111800 release:

• fix regression from our Android 16 QPR1 port causing enabling the Network permission to not work without a reboot
• adevtool: fix SELinux policy handling issue causing fingerprint registration issues on the devices with power button fingerprint readers (Pixel Tablet, Pixel Fold, Pixel 9 Pro Fold) with Android QPR1
• fix port of our notification forwarding between user profiles feature to Android 16 QPR1
• enable new UI customization picker UI from Android 16 QPR1
• Wallpaper Picker: don't use the CuratedPhotos categories which aren't setup in AOSP
• Wallpaper Picker: hide the always-empty wallpaper carousel
• Wallpaper Picker: enable integration of the embedded photo picker
• System Updater, Sandboxed Google Play compatibility layer: switch to Material 3 Expressive theme for Settings app menus
• Cell Broadcast Receiver: fix presidential alerts toggle added by GrapheneOS not being enabled without the main emergency alerts toggle being toggled off and on
• Vanadium: update to version 142.0.7444.171.0

All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025112101 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48631, CVE-2026-0006
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008

2025112101 provides at least the full 2025-12-01 Android and Pixel security patch level but will remain marked as providing 2025-11-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}