Changes in version 101:

• fix a font preloading crash caused by the GmsFontProvider shim introduced in the previous release

A full list of changes from the previous release (version 100) is available through the Git commit log between the releases.

GmsCompatLib is a core component of the GrapheneOS sandboxed Google Play compatibility layer.

This update is available to GrapheneOS users via our app repository and and will be obsoleted by the next OS release including the changes in the base package.

Comparing lib-100...lib-101 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

Pixel Camera recently added a hard dependency on Google Play services. It still works on GrapheneOS, but started requiring sandboxed Google Play services.

GmsCompatLib version 100 for GrapheneOS 2025102300 or later restores support for Pixel Camera without Play services:

grapheneos.social/@GrapheneOS/…

Changes in version 100:

• add shim implementation of GmsFontProvider to prevent crashes of apps depending on Play services when it's missing or disabled (restores support for using Pixel Camera without Play services with recent Pixel Camera versions depending on it for this)
• extend shim for background service starts to address edge cases where a foreground service is required
• fix NoOpPrewarmService chain crash in Pixel Camera caused by lack of privileged OS integration

A full list of changes from the previous release (GrapheneOS version 2025102300) is available through the Git commit log between the releases.

GmsCompatLib is a core component of the GrapheneOS sandboxed Google Play compatibility layer.

This update is available to GrapheneOS users via our app repository and and will be obsoleted by the next OS release including the changes in the base package.

Comparing 2025102300...lib-100 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

While we greatly appreciate businesses seeing value in our work, selling devices with GrapheneOS preinstalled or being a business in the privacy/security space, recognising our users buying services/products, and so donating to us. GrapheneOS has no official direct affiliations.

Unless mentioned by the project account no team members make any recommendations on behalf of the project for any app/product/service, any that may be linked, are personal recommendations or just to make users aware they exist for them to decide for themselves.

Changes in version 142.0.7444.48.0:

• update to Chromium 142.0.7444.48
• allow registration of passkeys regardless of residentKey value

A full list of changes from the previous release (version 141.0.7390.122.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.122.0...142.0.7444.48.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Tags:

• 2025102300 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025102200 release:

• fix signing the GmsCompatLib package with a dedicated cross-device key, which was added in the last release but wasn't being replaced by a release key and blocked moving the last release past Alpha
• kernel (6.12): update to latest GKI LTS branch revision

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102301 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Tags:

• 2025102200 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100900 release:

• adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52
• System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1
• System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels
• Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions
• Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib
• Vanadium: update to version 141.0.7390.111.0
• Vanadium: update to version 141.0.7390.122.0
• raise emulator super / dynamic partition size due to reaching the limit in some cases
• adevtool: prefer prebuilt AOSP JDK 21

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 141.0.7390.122.0:

• update to Chromium 141.0.7390.122

A full list of changes from the previous release (version 141.0.7390.111.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.111.0...141.0.7390.122.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

When not using Google Play services (e.g. #GrapheneOS, #LineageOS users), #Signal can be a real battery drain. @mollyim with @unifiedpush on the other hand is extremely battery efficient.

Here's how to set this up, using #Nextcloud as the UnifiedPush provider: kroon.email/site/en/posts/moll…

Changes in version 141.0.7390.111.0:

• update to Chromium 141.0.7390.111
• enable origin keyed processes by default for improved site isolation sandboxing
• drop unnecessary code related to our search engine changes
• replace enabling local network checks feature in Vanadium Config via the browser again (this was enabled upstream so we dropped our patch but then they disabled it again which we dealt with via Vanadium Config)

A full list of changes from the previous release (version 141.0.7390.70.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.70.0...141.0.7390.111.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Our security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure. Our current security preview releases provide the current revision of the November 2025 and December 2025 patches for the Android Open Source Project. We recommend enabling this.

The only difference between our regular releases and security preview releases are the future Android Security Bulletin patches being applied with any conflicts resolved. The downside of security preview releases is we cannot provide the sources for the patches until the official disclosure date.

The delay for being able to publish the sources is why we're now going through the significant effort of building 2 variants of each release. Our most recent 3 releases have both a regular and security preview variant:

2025092500 and 20250925012025092700 and 20250927012025100300 and 2025100301

You can enable security preview releases via Settings > System > System update > Receive security preview releases.

Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We'll prompt users on existing installs to choose.

We're maintaining the upcoming Android security patches in a private repository where we've resolved the conflicts. Each of our security preview releases is tagged in this private repository. Our plan is to publish what we used once the embargo ends, so it will still be open source, but delayed.

The new security update Android is using provides around 3 months of early access to OEMs with permission to make binary-only releases from the beginning. As far as we know, GrapheneOS is the first to take advantage of this and ship the patches early. Even the stock Pixel OS isn't doing this yet.

During the initial month, many patches are added or changed. By around the end of the month, the patches are finalized with nothing else being added or changed. Our 2025092500 release was made on the day the December 2025 patches were finalized, but we plan to ship the March 2026 patches earlier.

Previously, Android had monthly security patches with a 1 month embargo not permitting early releases. For GrapheneOS users enabling security preview releases, you'll get patches significantly earlier than before. We'd greatly prefer 3 day embargoes over 3 month embargoes but it's not our decision.

Security preview releases currently increment the build date and build number of the regular release by 1. You can upgrade from 2025100300 to 2025100301 but not vice versa. For now, you can switch back to regular releases without reinstalling such as 2025092701 to 2025100300, but this may change.

One of the changes in this release should result in Google Messages RCS working for users receiving a verification error caused by Play Store checking for an emulator with an easy to bypass check. It was already working for many users without this but this should get it working for everyone else.

Tags:

• 2025100900 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100300 release:

• raise security patch level to 2025-10-05 since it's already provided without applying any additional patches
• System Updater, Setup Wizard: integrate support for recommending opting into security preview releases during the initial Owner user setup and for existing users via a persistent notification which is disabled after making an explicit choice on whether to use security preview releases (this is necessary to inform all users about the option with an explicit choice)
• Settings: add support for forcing VoWiFi availability
• Settings: improve the carrier configuration override by improving the summaries, adding detailed descriptions and using clarifying the options force features to be available since there are also toggles for directly enabling/disabling the features in the main SIM settings screen
• Sandboxed Google Play compatibility layer: fix a Google Messages RCS compatibility issue by removing the error string for the missing privileged permission from SurfaceFlinger::doDump() to make a DroidGuard check pass
• Sandboxed Google Play compatibility layer: make Play Store ignore app auto-install config
• Sandboxed Google Play compatibility layer: fix Build.getSerial() shim to fix an Android Auto issue
• Sandboxed Google Play compatibility layer: add stub for TelephonyManager.getImei()
• Sandboxed Google Play compatibility layer: add stub for Window.setHideOverlayWindows() to replace reliance on a feature flag override via GmsCompatConfig
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.155
• update test suite to handle our carrier overrides support
• Vanadium: update to version 141.0.7390.70.0
• Camera: update to version 90

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025100901 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48544, CVE-2025-48555, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48581, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48607, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629

CVE-2025-48595 was fixed in the regular GrapheneOS 2025100300 release and is no longer listed.

CVE-2025-48611 patch was retracted.

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Android Security Bulletin (ASB) for October 2025 is empty:

source.android.com/docs/securi…

However, you can see Samsung has a list of ASB patches for their October 2025 release exclusive to flagships:

security.samsungmobile.com/sec…

It's a small subset of the December 2025 patches.

Android now discloses patches around 3 months prior to their inclusion in a bulletin requiring them to raise the Android security patch level. However, OEMs are allowed to ship the patches as soon as they're receive. We're doing this in our security preview release, but with the full set of patches.

Our initial security preview release on September 25th with the November/December patches included 1 Critical severity patch and 54 High severity patches, which is the full subset applicable to Android 16. In the past couple days, 5 patches applicable to Android 16 were added and 1 was retracted.

December 2025 patches from the past couple days have been included and the January 2026 preview is now available.

Our next release coming today provides a choice to use our security preview releases in the initial setup wizard with a notification for existing users. Opting into it is recommended.

discuss.grapheneos.org/d/27068… provides more information on our security preview releases. The reason we're providing both regular and security preview releases is because we're required to wait to the embargo end date to publish the source code for the patches in the future bulletins.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

I give a fiver each month to the wonderful FOSS-type things below:

- Signal (killing Meta's WhatsApp)
- Libre Office (slaying Microsoft's 365)
- GrapheneOS (kicking Google Stock Android in the goolies)

If you use any of these - and you can afford to - why not set up a monthly dontation to the wonderful organisations above.

#Signal #LibreOffice #GrapheneOS #Meta #Microsoft #Google #WhatsApp #Android

@signalapp @GrapheneOS @libreoffice

#GrapheneOS on my Pixel 8 Pro @GrapheneOS

and #LineageOS on my Samsung Tablet @LineageOS

I'm using two phones. One phone (Pixel 8) with #grapheneos and the other phone (OnePlus 6T) with Linux #postmarketos.

Btw: the Tuta app on the Linux phone was last updated on April 2019!

Wow, according to reviews when you start a #Pixel 10 Pro, 10 out of 16 GB of RAM are already occupied by the OS and (primarily) AI. Leaving just ~1/3 of the memory for all your apps. Crazy. 🤯

Glad I'll be installing #GrapheneOS on it.

#GrapheneOS is already based on #Android 16. They also deliver security fixes more quickly than Google itself.

Switching to GrapheneOS was the best phone-related decision I've made in years. I hope phones will be available for it in future. I just can't imagine going back to mainstream options that force you to choose between privacy and user freedom.

Jak na soukromí v mobilním telefonu

V tomto blogpostu jsem si pro vás připravil praktické tipy na to, jak lépe chránit své soukromí na mobilním telefonu: od operačního systému, přes prohlížeč až po VPN.

#Android #DNS #GrapheneOS #ios #mobil #openSource #soukromí #tracker #VPN

blog.eischmann.cz/2025/05/20/j…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)

Jak na soukromí v mobilním telefonu

^{Sesivany's blog}

📱 Válí se mi doma Pixel 6a s GrapheneOS.
Mám tu plně funkční Google Pixel 6a s nainstalovaným GrapheneOS. Bezpečnostní aktualizace do července 2027. Perfektní pro někoho, kdo to myslí vážně se soukromím a chce bezpečný telefon bez Google sledovaček.

Telefon má známky běžného používání a trochu zlobí konektor na nabíjení, ale jinak šlape v pohodě.

Kdyby někomu udělal radost a využil ho naplno, dej vědět do zpráv. Rád ho pošlu dál – hlavně někomu, kdo ví, co má v rukou. 🙂

#GrapheneOS #Privacy #OpenSource #FediBazaar #androidbezgoogle

GrapheneOS version 2025032500 released:

grapheneos.org/releases#202503…

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

discuss.grapheneos.org/d/21207…

#GrapheneOS #privacy #security

GrapheneOS version 2025032500 released - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

I really like the backup function in #GrapheneOS based on #Seedvault. I know it doesn't work 100%, some apps don't support it etc. But in my case >90% of apps get backed up and restored.

This is what all Androids should have. I understand #Google doesn't want to do it because for them #Android is just a gateway to their services and when you have all your data in their cloud, you don't need such backups. But other Android vendors should have it.

GrapheneOS: Android pro lehce paranoidní uživatele

Pokud chcete mobilní telefon, který je bezpečný, opravdu respektuje vaše soukromí, zároveň nechcete přijít o populární aplikace, bez kterých už se dnes těžko obejdete, může vám současný trh přijít jako výběr mezi kompromisy. Podíval jsem se tedy na systém, který o sobě tvrdí, že jimi netrpí.

#Android #bezpečnost #Google #GrapheneOS #mobil #Pixel #soukromí

blog.eischmann.cz/2025/03/07/g…
(reakce na tento příspěvek se může zobrazit jako komentář pod článkem)

"no escape" isn't correct. Don't use Google services (e.g search,) don't use Google software (e.g Chrome.) De-Google your life.

Posted from a phone using a non-Google OS called #GrapheneOS

Quoting a Mastodon post by GrapheneOS:
"The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users."

grapheneos.social/@GrapheneOS/…

#AndroidSystemSafetyCore #Android #Privacy #GrapheneOS

GrapheneOS version 2025010700 released:

grapheneos.org/releases#202501…

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

discuss.grapheneos.org/d/18831…

#GrapheneOS #privacy #security

GrapheneOS version 2025010700 released - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}