We now have access to the Android Security Partner Bulletins in an official way so we will be able to do the Android Security Bulletin updates after the embargoes end instead of waiting for release tags. We can prepare the integration or even make #GrapheneOS builds with patches in advance too.

We've received the Pixel 10 we ordered and have confirmed it supports unlocking, flashing another verified boot key and locking again. Our Pixel 10 support will likely only be possible to complete after we finish porting to Android 16 QPR1 which is being released in September. A second Pixel 10 we ordered has arrived at a package forwarding service in the US to be shipped to a country without Pixels available. We'll order a Pixel 10 Pro (XL) and Pixel 10 Pro Fold for our main device testing farm today too since we'll supporting all 4 variants of them. Previously, we likely would have been able to implement support for the Pixel 10, Pixel 10 Pro and Pixel 10 Pro XL in the next 48 hours. However, we likely need to wait for Android 16 QPR1 and our port to it since we don't expect a Pixel 10 device branch will be pushed to AOSP. We've received confirmation that Android is switching to having quarterly releases across devices. There will be 3 quarterly and 1 yearly release of Android and the Android Open Source Project. Monthly releases are Pixel exclusive and will have far fewer changes than before. Previously, only Pixels shipped the quarterly releases in practice. Other OEMs will now be pushed to ship those, but not the monthly releases which are now officially Pixel exclusive. Please note monthly Android Security Bulletins are a different thing from the monthly releases. Android Security Bulletins are backports of a subset of patches deemed High/Critical severity to older Android releases. That currently means the initial yearly releases of Android 13, 14, 15 and 16 without the monthly/quarterly updates for those. This will need to change now. The changes are acceptable for us and we can deal with it. We're currently working with a major OEM towards future generations of their devices meeting our requirements and providing official GrapheneOS support. #GrapheneOS on both Pixels and these future non-Pixels will be fine. Pixels are still the most secure Android devices and the only ones combining a high level of security with proper support for an alternate OS. However, it's clear they don't value alternate OS support and won't remain the best devices for GrapheneOS once we have official ones. We could continue supporting future Pixels such as the Pixel 11 and Pixel 12 after we have another option available but we won't depend on them continuing to provide alternate OS support. It's good that the Pixel 10 still provides it since our alternative is a year or two away.

For June 2025, Cellebrite haven't bypassed secure element brute force protection on the Pixel 6 or later and iPhone 12 or later. They do have device extraction support for every iPhone on latest stable iOS without credentials required in AFU state, same with almost all stock OS Android devices. Later Pixels running GrapheneOS have no capabilities, only allowing extraction if they know the user's password already. We will not be publishing documents ourselves to protect sources and to avoid closing our leaks. We believe these companies will watermark these documents to identify a source. I consider these companies hostile to GrapheneOS, as they seek job applications deliberately targeting GrapheneOS as an experience or research target. Older iPhones and Pixels 3 to 5a have brute force exploits available that circumvent or exploit the secure element. This means they can get access to any such devices using insecure credentials, like small length numeric PINs. Second generation Pixels are an outlier, likely due to no demand by their customers to have access for them. A customer could request on-demand help and support through Cellebrite Advanced Services. This likely could change things, since the secure element is the same. Pixels 6 and later moved to a far greater RISC-V secure element based on OpenTitan called the Titan M2. It has proven to be far more resilient thus far. Pixels 5a and earlier have not been secure devices for a long time. They do not receive driver or firmware updates from their component manufacturers. If there are exploits available, they won't be patched. No choice of OS will change this situation.

Anons: Are you free yet? Because we are. #GrapheneOS View quoted note →