#GrapheneOS version 2024072800 released 2 days ago. • avoid isolating eUICC LPA (eSIM activation) app from third party apps to allow carrier activation apps to work (we still block communication with Google Play to avoid sending telemetry data to Google services when sandboxed Google Play is installed) • Pixel 8a: fix GNSS configuration to avoid occasional crashes of the service (Pixel 8a is currently the only Samsung GNSS device) • Settings: don't allow disabling user installed apps when uninstall is disallowed • Settings: drop code for supporting the legacy Settings UI • Sandboxed Google Play compatibility layer: avoid infinite wait for GmsCompatConfig update when call to App Store fails • enforce stack clash protection for x86_64 • enforce minimum 64kiB stack guard size for arm64 due to the standard stack probe size of 64kiB • future proof our Bionic libc changes for dynamic 64k pages (hardened_malloc still doesn't support it) • flash-all: remove unnecessary reboot after flashing Android Verified Boot (AVB) key • kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.222 • kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.163 • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.92 • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.42 • adevtool: update to latest carrier settings • App Store: update to version 24 • Camera: update to version 69 • Camera: update to version 70 • Camera: update to version 71 • Auditor: update to version 81 • Auditor: update to version 82 • Vanadium: update to version 127.0.6533.64.0 • Vanadium: update to version 127.0.6533.64.1 • GmsCompatConfig: update to version 124 • GmsCompatConfig: update to version 125 • fastboot: add support for generating web installer optimized factory images zip for an improved web install approach not requiring fastbootd • integrate generating web installation optimized factory images zip into release signing script • split script/release.sh to remove dependency on build output and the OS source tree (see the new instructions for signing releases) • rename script/release.sh to script/generate-release.sh • add script/generate-releases.sh wrapper script

Releases | GrapheneOS

We've developed a new factory images format optimized for web installation which avoids the need for fastbootd mode and greatly reduces memory/storage usage. The new approach is compatible with 5th gen Pixels and later. It's deployed on our staging site:

Install | GrapheneOS

We'd appreciate help with testing the new web installer on our staging site. It should reduce issues caused by low quality USB connections/drivers by avoiding switching to a different mode. It should also eliminate the need to install a fastboot driver on up-to-date Windows 11. We'll wait for feedback from people using it successfully across different operating systems and devices. Sections for working around Debian, Ubuntu and Windows USB deficiencies should be unnecessary other than the legacy extended support devices so we'll likely remove those. #GrapheneOS

Vanadium version 127.0.6533.64.1 released: - enable per-site isolation for sandboxed iframes instead of per-origin isolation - avoid rare uncaught exception from attempting to load content filters from the Vanadium Config app when native code isn't loaded yet

GitHub

Releases · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It...

#GrapheneOS

Chromium has merged the WebAssembly interpreter submitted by a Microsoft Edge engineer: https://chromium-review.googlesource.com/c/v8/v8/+/5509903 Once this reaches a Chromium stable release, Vanadium will support WebAssembly by default instead of requiring turning on JS JIT via drop-down site settings. Example of a site using it is Mutiny Wallet. Chromium has a V8 Optimizer toggle for disabling the 2 optimized tiers of the Just-In-Time (JIT) compiler to greatly reduce attack surface. However, it doesn't disable baseline JIT and therefore still does dynamic native code generation. They did this to avoid breaking Wasm. In Vanadium, our JIT toggle fully disables the JIT and therefore currently loses Wasm support. An increasing number of sites are depending on Wasm with no fallback to JavaScript. Most of these sites perform perfectly fine with only the fast V8 interpreter and no JIT compilation. Vanadium has JIT compilation disabled by default as part of the security focus. This Wasm interpreter will be a nice usability improvement for sites depending on it with no fallback code since users won't need to toggle on the JIT compiler for the site unless it performs badly.

Yes!!! Yes!!! https://chromium-review.googlesource.com/c/v8/v8/+/5509903

Unplugged have doubled down on false claims about GrapheneOS security, pretending people cannot buy devices with GrapheneOS installed and pretending it's hard to install along with promoting their blatantly insecure products with false marketing.

X (formerly Twitter)

The Andres Segovia (@_AndresSegovia) on X

Long before Unplugged delivered their first phone, they were under scrutiny because of it's founders. And while people can hear from co-founder Eri...

We have an existing thread going through many of their false claims and debunking them:

X (formerly Twitter)

GrapheneOS (@GrapheneOS) on X

Unplugged are a recent entry in the crowded space of selling insecure hardware with significantly worse privacy and security than an iPhone as high...

We also responded to their lies about GrapheneOS directly. They've read our posts and have chosen to continue peddling the same misinformation about GrapheneOS. They keep pushing the false claim that Pixels supporting using another OS makes them less secure. The reality is that it's properly implemented in a secure way without adding any significant attack surface. The bottom of the barrel MediaTek Unplugged devices have awful security. They still haven't ported to the initial release of Android 14 with Android 15 right around the corner. This means they're missing at least around a year of Moderate severity privacy/security patches and huge privacy/security improvements from the past year of Android releases. Unplugged is using an SoC from MediaTek, a company known to have poor security practices, which fares poorly against real attackers and which has a history of repeatedly shipping actual backdoors. They're trying to portray that as more trustworthy and more secure hardware. Nope. Unplugged was founded by Erik Prince, noted war criminal and illegal arms dealer. They make a point in talking about the involvement of their employees in enabling these kinds of operations:

X (formerly Twitter)

GrapheneOS (@GrapheneOS) on X

Here's an example of a "counterterrorism operation" by a U.S.-allied Western government targeting political opponents with NSO exploits: https://t...

That doesn't imply competence, but explains the lack of ethics. They're trying to present themselves as if they were leaders in the field and switched sides, but they never were and simply want money. Unplugged is an affinity scam in the same vein as the Freedom Phone. Unplugged has built their product out of open source projects, but without complying with the licenses from projects like DivestOS and while trying to harm open source. Claiming to be in the process of replacing some of the code they were caught stealing doesn't change much...

Accrescent app store documentation and website have been updated to reflect the collaboration with #GrapheneOS. If using Accrescent before this, the recommended method to verify Accrescent is to install it from the GrapheneOS App Store. This approach chains the signing verification of Accrescent to GrapheneOS itself, which can then be chained to a hardware-backed root of trust through the GrapheneOS verified boot and Auditor app. You can learn more about the Accrescent security modeling here:

Accrescent

Accrescent

Notable features of Accrescent distinguishing it from other stores.

For Signal users: Outside of just the security benefits for using Molly we discuss a lot about, you should also use it if you don't use Google Play Services, as the non-FCM push notifications in the original Signal app drains a lot of battery. Molly FOSS has a much more efficient implementation of non-FCM push notifications and doesn't drain battery. You can find Molly FOSS on the Accrescent app store (available in GrapheneOS Apps app) or from the project site.

Molly

Molly is an improved Signal app for Android