Search

Items tagged with: GrapheneOS

Vanadium version 141.0.7390.111.0 released

Changes in version 141.0.7390.111.0:

  • update to Chromium 141.0.7390.111
  • enable origin keyed processes by default for improved site isolation sandboxing
  • drop unnecessary code related to our search engine changes
  • replace enabling local network checks feature in Vanadium Config via the browser again (this was enabled upstream so we dropped our patch but then they disabled it again which we dealt with via Vanadium Config)

A full list of changes from the previous release (version 141.0.7390.70.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.


Comparing 141.0.7390.70.0...141.0.7390.111.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...
GitHub
#grapheneos

Explanation Of New Approach On Security Patches

Our security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure. Our current security preview releases provide the current revision of the November 2025 and December 2025 patches for the Android Open Source Project. We recommend enabling this.

The only difference between our regular releases and security preview releases are the future Android Security Bulletin patches being applied with any conflicts resolved. The downside of security preview releases is we cannot provide the sources for the patches until the official disclosure date.

The delay for being able to publish the sources is why we're now going through the significant effort of building 2 variants of each release. Our most recent 3 releases have both a regular and security preview variant:

2025092500 and 20250925012025092700 and 20250927012025100300 and 2025100301

You can enable security preview releases via Settings > System > System update > Receive security preview releases.

Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We'll prompt users on existing installs to choose.

We're maintaining the upcoming Android security patches in a private repository where we've resolved the conflicts. Each of our security preview releases is tagged in this private repository. Our plan is to publish what we used once the embargo ends, so it will still be open source, but delayed.

The new security update Android is using provides around 3 months of early access to OEMs with permission to make binary-only releases from the beginning. As far as we know, GrapheneOS is the first to take advantage of this and ship the patches early. Even the stock Pixel OS isn't doing this yet.

During the initial month, many patches are added or changed. By around the end of the month, the patches are finalized with nothing else being added or changed. Our 2025092500 release was made on the day the December 2025 patches were finalized, but we plan to ship the March 2026 patches earlier.

Previously, Android had monthly security patches with a 1 month embargo not permitting early releases. For GrapheneOS users enabling security preview releases, you'll get patches significantly earlier than before. We'd greatly prefer 3 day embargoes over 3 month embargoes but it's not our decision.

Security preview releases currently increment the build date and build number of the regular release by 1. You can upgrade from 2025100300 to 2025100301 but not vice versa. For now, you can switch back to regular releases without reinstalling such as 2025092701 to 2025100300, but this may change.

GrapheneOS (@GrapheneOS@grapheneos.social)

GrapheneOS Mastodon
#grapheneos

GrapheneOS version 2025100900 released

One of the changes in this release should result in Google Messages RCS working for users receiving a verification error caused by Play Store checking for an emulator with an easy to bypass check. It was already working for many users without this but this should get it working for everyone else.

Tags:

  • 2025100900 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100300 release:

  • raise security patch level to 2025-10-05 since it's already provided without applying any additional patches
  • System Updater, Setup Wizard: integrate support for recommending opting into security preview releases during the initial Owner user setup and for existing users via a persistent notification which is disabled after making an explicit choice on whether to use security preview releases (this is necessary to inform all users about the option with an explicit choice)
  • Settings: add support for forcing VoWiFi availability
  • Settings: improve the carrier configuration override by improving the summaries, adding detailed descriptions and using clarifying the options force features to be available since there are also toggles for directly enabling/disabling the features in the main SIM settings screen
  • Sandboxed Google Play compatibility layer: fix a Google Messages RCS compatibility issue by removing the error string for the missing privileged permission from SurfaceFlinger::doDump() to make a DroidGuard check pass
  • Sandboxed Google Play compatibility layer: make Play Store ignore app auto-install config
  • Sandboxed Google Play compatibility layer: fix Build.getSerial() shim to fix an Android Auto issue
  • Sandboxed Google Play compatibility layer: add stub for TelephonyManager.getImei()
  • Sandboxed Google Play compatibility layer: add stub for Window.setHideOverlayWindows() to replace reliance on a feature flag override via GmsCompatConfig
  • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.155
  • update test suite to handle our carrier overrides support
  • Vanadium: update to version 141.0.7390.70.0
  • Camera: update to version 90

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025100901 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2025-48593
  • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48544, CVE-2025-48555, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48581, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48607, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629

CVE-2025-48595 was fixed in the regular GrapheneOS 2025100300 release and is no longer listed.

CVE-2025-48611 patch was retracted.

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.


GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
#grapheneos

Security Patch Preview Release and Next GrapheneOS Release

Android Security Bulletin (ASB) for October 2025 is empty:

source.android.com/docs/securi…

However, you can see Samsung has a list of ASB patches for their October 2025 release exclusive to flagships:

security.samsungmobile.com/sec…

It's a small subset of the December 2025 patches.

Android now discloses patches around 3 months prior to their inclusion in a bulletin requiring them to raise the Android security patch level. However, OEMs are allowed to ship the patches as soon as they're receive. We're doing this in our security preview release, but with the full set of patches.

Our initial security preview release on September 25th with the November/December patches included 1 Critical severity patch and 54 High severity patches, which is the full subset applicable to Android 16. In the past couple days, 5 patches applicable to Android 16 were added and 1 was retracted.

December 2025 patches from the past couple days have been included and the January 2026 preview is now available.

Our next release coming today provides a choice to use our security preview releases in the initial setup wizard with a notification for existing users. Opting into it is recommended.

discuss.grapheneos.org/d/27068… provides more information on our security preview releases. The reason we're providing both regular and security preview releases is because we're required to wait to the embargo end date to publish the source code for the patches in the future bulletins.


GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum
GrapheneOS Discussion Forum
#grapheneos

Hey @termux, I just installed #termux on a new #GrapheneOS device. When I did pkg upgrade, it automatically chose a Chinese mirror although I am in Europe, and I am not using Orbot or any VPN. Should I be worried?
Termux automatically picking a mirror on mirrors.sustech.edu.cn called "chinese mainland".
#grapheneos #termux @Termux

#android #google #signal #whatsapp #libreoffice #microsoft #meta #grapheneos @LibreOffice @Signal @GrapheneOS

I finally have a #pixel10pro. Now it's going in the drawer, and I'll be rooting for the #GrapheneOS developers to finish support for it as soon as possible.
A picture of a black phone with the display on showing the Android home screen.
#grapheneos #pixel10pro

#grapheneos

#lineageos #grapheneos @LineageOS @GrapheneOS

#grapheneos

I'm using two phones. One phone (Pixel 8) with #grapheneos and the other phone (OnePlus 6T) with Linux #postmarketos.

Btw: the Tuta app on the Linux phone was last updated on April 2019!

#postmarketos #grapheneos

Wow, according to reviews when you start a #Pixel 10 Pro, 10 out of 16 GB of RAM are already occupied by the OS and (primarily) AI. Leaving just ~1/3 of the memory for all your apps. Crazy. 🤯

Glad I'll be installing #GrapheneOS on it.

#grapheneos #pixel

#grapheneos

#GrapheneOS is already based on #Android 16. They also deliver security fixes more quickly than Google itself.

Switching to GrapheneOS was the best phone-related decision I've made in years. I hope phones will be available for it in future. I just can't imagine going back to mainstream options that force you to choose between privacy and user freedom.

A screenshot of OS info screen in Czech. It says: Android version 16, security level July 5 2025.
#android #grapheneos

#grapheneos #android16

#android #opensource #ios #VPN #dns #grapheneos #soukromí #tracker #Mobil

📱 Válí se mi doma Pixel 6a s GrapheneOS.
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.

Telefon má známky běžného používání a trochu zlobí konektor na nabíjení, ale jinak šlape v pohodě.

Kdyby někomu udělal radost a využil ho naplno, dej vědět do zpráv. Rád ho pošlu dál – hlavně někomu, kdo ví, co má v rukou. 🙂

#GrapheneOS #Privacy #OpenSource #FediBazaar #androidbezgoogle

#opensource #privacy #grapheneos #fedibazaar #androidbezgoogle

#privacy #security #grapheneos

I really like the backup function in #GrapheneOS based on #Seedvault. I know it doesn't work 100%, some apps don't support it etc. But in my case >90% of apps get backed up and restored.

This is what all Androids should have. I understand #Google doesn't want to do it because for them #Android is just a gateway to their services and when you have all your data in their cloud, you don't need such backups. But other Android vendors should have it.

A list of applications with green check marks that signal the apps have been backed up.
#android #google #grapheneos #seedvault

GrapheneOS: Android pro lehce paranoidní uživatele

Pokud chcete mobilní telefon, který je bezpečný, opravdu respektuje vaše soukromí, zároveň nechcete přijít o populární aplikace, bez kterých už se dnes těžko obejdete, může vám současný trh přijít jako výběr mezi kompromisy. Podíval jsem se tedy na systém, který o sobě tvrdí, že jimi netrpí.

#Android #bezpečnost #Google #GrapheneOS #mobil #Pixel #soukromí

blog.eischmann.cz/2025/03/07/g…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)

GrapheneOS: Android pro lehce paranoidní uživatele

Sesivany's blog
#android #google #grapheneos #soukromí #pixel #bezpečnost #Mobil

I am not that familiar with #GrapheneOS. What is the key benefit of it compared to #LineageOS or /e/OS? Privacy and security features, I guess?
#lineageos #grapheneos

I bought a #Pixel 6a to finally switch to #GrapheneOS. You can get a used one for €120 and it still has 2.5 years of support.
Software-wise, so far so good. Even banking apps like #Revolut work without having to install anything from #Google. 👌
A phone with the home screen of GrapheneOS. The UI is black and white and there are 6 icons on the screen.
#google #grapheneos #pixel #revolut

"no escape" isn't correct. Don't use Google services (e.g search,) don't use Google software (e.g Chrome.) De-Google your life.

Posted from a phone using a non-Google OS called #GrapheneOS

#grapheneos

Quoting a Mastodon post by GrapheneOS:
"The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users."

grapheneos.social/@GrapheneOS/…

#AndroidSystemSafetyCore #Android #Privacy #GrapheneOS

GrapheneOS (@GrapheneOS@grapheneos.social)

GrapheneOS Mastodon
#android #privacy #grapheneos #androidsystemsafetycore

I'm pretty sure they won't be able to do it on #GrapheneOS and other custom ROMs 🙃
#grapheneos

#czech #pixelfed #photography #grapheneos #wick #pixel8

Tak je to pravda. Revolut je na #grapheneos opět funkční.
#grapheneos

#privacy #security #grapheneos

Android auto spuštěné v Private space na #grapheneos vše šlape jak hodinky
Fotografie infotainmentu, s aplikací Android auto
#grapheneos

#grapheneos #revolut

interessant. Ich kämpfe auf meinem #grapheneos auch seit einer Weile mit dem Akkuverbrauch von #signal. Schade, dass in #younohost seit dem Update auf #debian 12 nicht mehr automatisch ein #XMPP Server integriert ist. Das war schon ein sehr bequemer Weg für Laien wie mich, unfallfrei, unkompliziert und günstig einen solchen zu klicken und pflegen.
#xmpp #debian #signal #grapheneos #younohost

I installed #Signal and #Conversations_im on a clean install of #GrapheneOS on my Pixel 4a and measured the battery impact. The results are shocking!

Both messengers had only one contact: my regular phone.

I used my regular phone to send messages to the Pixel 4a (which was not used for anything else over the course of the experiment).

I always sent the same message via Signal and #XMPP (mixing up which app went first). In total I sent ~32 messages in intervals of 10mins to a few hours.

Battery usage stats from an Android phone. The battery is down to 10% after 20 hours since last full charge. Signal has consumed 95% in that period and Conversations 5%
#xmpp #signal #grapheneos #conversations_im

Navazuji na včerejší tip.

Tady je porovnání iPhone a různých odnoží Androidu. Většina lidí má "Android" - distribuci plnou šmírovátek od Google obohacenou o bloatware výrobce, který nejen že šmíruje po svém, ale často zavléká bezpečnostní chyby, zabírá místo v úložišti i RAM.

V GrapheneOS mimo jiné vůbec není položka "Reklama" s Mobile Advertising ID.

Zdroj: youtu.be/lb1BbT5fpwA

#soukromí #kybez #Google #Apple #grapheneos

What Is The Most Private Phone?

What is the most private phone and what makes a phone private? That is the question... and we have answers! Please support my work: https://www.patreon.com/t...
YouTube
#apple #google #grapheneos #soukromí #kybez

GrapheneOS and android 15 beta upgrade. Pixel8 on the big screen, unbeatable. I probably won't think about a linux phone, at least not for a while, because now I have a notebook in my pocket, without google and most FOSS apps. Tidal from the phone looks good on the big screen, all other apps work too. #GrapheneOS #pixel8 #bigscreen #nextlevel #degoogle
#grapheneos #degoogle #pixel8 #bigscreen #nextlevel

#grapheneos #osmand #AndroidAuto

@jan Já používám Pixely, už pár let, na jiné telefony nejde nahrát #grapheneos, ale Pixel 6a má baterii fakt nic moc a to nemluvím o tom, že se občas i dost zahřívá.
#grapheneos @Jan Dytrych🇨🇿🇺🇦

I tried this but using #NextPush instead of NTFY.

Tapping on #UnifiedPush in the #Dav5X settings instantly picked up UnifiedPush and subscribed, showing my account in brackets. The NextPush Android app showed Davx5 as subscribed.

It seems I had to turn the collection off and on a couple of times before it showed as subscribed, and it still takes about 30 seconds to update. Could that just be #GrapheneOS's default calendar app that I'm using?

#UnifiedPush #grapheneos #nextpush #dav5x

»Firma verschleudert 3,6 Milliarden Standorte von Menschen in Deutschland«. Seit Jahren erwähne ich in fast jedem Artikel, in dem es um Tracking und Android-Apps geht, dass die Google Advertising-ID ein personenbeziehbares Datum ist. Dies wurde nun erneut eindrucksvoll bewiesen. 👇

Weg aus der Misere: Verwendet googlefreie Systeme wie #GrapheneOS und nutzt Werbe- und Trackingblocker.

netzpolitik.org/2024/databroke…

kuketz-blog.de/empfehlungsecke…

#tracking #dsgvo #advertisingid #google #apple #android #ios


Databroker Files: Firma verschleudert 3,6 Milliarden Standorte von Menschen in Deutschland

Datenhändler verbreiten die Standorte von Menschen in Deutschland – teils sogar kostenlos, wie Recherchen von netzpolitik.org und BR zeigen.
netzpolitik.org
#android #apple #google #ios #tracking #grapheneos #DSGVO #AdvertisingID

@IzzyOnDroid
Auch bei 'meinen' / den von mir 'verwalteten' drei #grapheneos Geräten bisher keine Chance zum OptOut. Auch schon beim Vorgänger von #utiq (#trustpid) ging es nicht. Wollte es gleich mal mit nem Notebook via WLanHotspot probieren.

Ein absolutes #NoGo! Jährlich? Und jeder NICHT #digitalnatives erfährt davon erst garnichts. 🤬

#grapheneos #TrustPid #utiq #nogo #digitalnatives @IzzyOnDroid ✅