GrapheneOS

GrapheneOS, 2 months ago to random

April release of the Pixel boot chain firmware includes fixes for 2 vulnerabilities reported by GrapheneOS which are being actively exploited in the wild by forensic companies:

https://source.android.com/docs/security/bulletin/pixel/2024-04-01
https://source.android.com/docs/security/overview/acknowledgements

These are assigned CVE-2024-29745 and CVE-2024-29748.

GrapheneOS, 1 year ago to random

We'll be heavily prioritizing adding support for the Pixel 7a, Pixel Tablet and Pixel Fold. It has been years since we supported a tablet (Nexus 9) and there will likely be additional work to support the form factor properly. Pixel Fold is a new form factor and may be difficult.

#grapheneos #privacy #security #pixel #pixel7a #pixeltablet #pixelfold

GrapheneOS, 10 days ago to random

Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.

We've added initial documentation to the features page:

https://grapheneos.org/features#duress

It near instantly wipes and shuts down.

GrapheneOS, 1 year ago to random

First experimental release of GrapheneOS for Pixel 7a is available. Can be installed via our staging site web installer or downloaded from the releases page for CLI install.

https://staging.grapheneos.org/install/web
https://staging.grapheneos.org/releases

We don't have a Pixel 7a yet so it's entirely untested.

#grapheneos #privacy #security #experimental #pixel7a #7a

GrapheneOS, 3 months ago to random

GrapheneOS based on Android 14 QPR2 has been heavily tested by our users over the past 2 days and should reach the Stable channel within a few hours.

You can help with final Beta channel testing if you want. The only known regression is Wi-Fi auto-turn-off not always triggering.

GrapheneOS, 3 months ago to random

Our hardware memory tagging support for Pixel 8 and Pixel 8 Pro has uncovered a memory corruption bug introduced in Android 14 QPR2 for Bluetooth LE. We're currently investigating it to determine how to fix or temporarily disable the newly introduced feature as a workaround.

GrapheneOS, 2 months ago to random

We're looking for people with a spare Pixel 4a (5G) or Pixel 5 willing to test experimental QPR2-based releases. It would be easier for us to continue extended support than shifting them to a legacy extended support branch. Join testing chat room to help: https://grapheneos.org/contact#community-chat.

GrapheneOS, 1 month ago to random

We'll be blacklisting mailbox.org and websites using it for email hosting for registration on discuss.grapheneos.org and as an alert email for attestation.app. They're blocking emails from our mail server for a convoluted, nonsensical reason and won't stop.

GrapheneOS, 1 month ago to random

We've pre-ordered a Pixel 8a for our official device testing farm. They push the Android Open Source Project tags and stock OS factory images on the official release day. Should take us a couple hours to add support for it. We'll build, test and make an official release quickly.

GrapheneOS, 1 month ago to random

There's a site impersonating the GrapheneOS project for scamming people (grapheneos dot fr). GrapheneOS does not currently sell phones or work with any company/individual selling phones.

We strongly recommend using the very easy to use web installer: https://grapheneos.org/install/web.

GrapheneOS, 1 year ago to random

GrapheneOS version 2023050500 released: https://grapheneos.org/releases#2023050500.

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/4870-grapheneos-version-2023050500-released

#grapheneos #privacy #security

GrapheneOS, 1 year ago to random

Latest release of GrapheneOS replaces Qualcomm PSDS (XTRA) servers with a GrapheneOS server caching the data by default:

https://grapheneos.social/@GrapheneOS/110318519898395712

We've also fully removed the unnecessary User-Agent header instead of only removing the serial number from it as we did previously.

#grapheneos #qualcomm #xtra #psds #privacy

GrapheneOS, 25 days ago to random

XRY and Cellebrite say they can do consent-based full filesystem extraction with iOS, Android and GrapheneOS. It means they can extract data from the device once the user provides the lock method, which should always be expected. They unlock, enable developer options and use ADB.

GrapheneOS, 1 year ago to random

Latest release addresses the privacy issue brought to our attention by NitroKey with Qualcomm SoC devices by stopping xtra-daemon from sending the SoC serial number in the HTTPS User-Agent header:

https://grapheneos.social/@GrapheneOS/110284380098624253

We'll be removing the User-Agent header completely later.

#grapheneos #qualcomm #xtra #psds #privacy

GrapheneOS, 1 month ago to random

One of our community members has been doing testing of Android VPN apps to check for leaks. They've found and reported 2 issues where leak blocking functionality doesn't appear to work as intended: one occurs with local network multicast and the other with DNS while VPN is down.

GrapheneOS, 7 days ago to privacy

GrapheneOS version 2024060400 released:

https://grapheneos.org/releases#2024060400

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/13244-grapheneos-version-2024060400-released

#GrapheneOS #privacy #security

GrapheneOS, 28 days ago to random

Pixel 8a with the latest May 2024 update is running Android 14 QPR1 with backported security patches instead of Android 14 QPR2.

Android 14 QPR2 was released in March 2024 and is by far the largest quarterly release so far due to being the first trunk-based quarterly release.

GrapheneOS, 28 days ago to random

An experimental prerelease of GrapheneOS for the Pixel 8a is now available via https://staging.grapheneos.org/ including web installer support. It will be made available via https://grapheneos.org/ after we've done basic testing including testing the upgrade path to a future release.

GrapheneOS, 29 days ago to random

Our Vanadium browser (https://grapheneos.org/features#vanadium) is based on the stable releases of Chromium. We port to the new releases when they're still in Beta/Dev/Canary but we wait until it's Stable to upgrade, particularly since Stable is the only branch with proper security support.

GrapheneOS, 20 days ago to random

Linux kernel becoming their own CVE Numbering Authority (CNA) is wasting resources they'd have previously put towards higher quantity and quality backporting. We've noticed a drop in both for the stable/longterm branches and particularly Android Generic Kernel Image LTS branches.