#GrapheneOS version 2025090200 released. This is an early September security update release based on the September 2025 security patch backports since the monthly Android Open Source Project and stock Pixel OS release scheduled for this month hasn't been published yet. This is not an Android 16 QPR1 release. If certain apps using the Play Integrity API that worked before are no longer working, then be aware Google has changed it. A workaround is being worked on but there is a lot of other tasks at hand like this major version port to do. Changes since the 2025081400 release: • full 2025-09-01 security patch level • add support for address lines in the GrapheneOS geocoder implementation • Dialer: fix visual voicemail with Verizon MVNOs by working around AOSP Dialer not supporting vvm_type_vvm3_mvno • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.148 • kernel (6.1): reapply minor f2fs change we previously reverted due to it causing a regression since the stock Pixel OS has shipped it a while ago so the regression must have been fixed by other changes • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.102 • kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.42 • adevtool: massive overhaul to improve our infrastructure for device support • adevtool: add command for extracting aconfig flag values from device images • adevtool: add command for decompiling APKs and JARs from device images and creating an IntelliJ project from it • adevtool: detect missing vendor regeneration after adevtool changes • adevtool: parallelize state regeneration and remove unnecessary data from serialized build state files • Theme Picker: use AOSP launcher name for fetching resources in preparation for Android 16 QPR1 requiring this to be set up properly • Settings: prepare PIN scrambling setting for the upcoming port to Android 16 QPR1 • Seedvault: update to 16-5.7 (there are no changes to the code compared to the Android 16 development revision we previously shipped, only translation changes) • GmsCompatConfig: update to version 161 • Vanadium: update to version 139.0.7258.158.0 • Vanadium: update to version 140.0.7339.35.0 • Camera: update to version 87 • Camera: update to version 88 • App Store: update to version 31 • PDF Viewer: update to version 31

The main Matrix homeserver (

Matrix.org

Matrix, the open protocol for secure decentralised communications

) is down and likely to remain down for a while longer:

Matrix.org's Mastodon

The Matrix.org Foundation (@matrix@mastodon.matrix.org)

the matrix.org homeserver is having problems: https://status.matrix.org/incidents/mm9hdm78svgv apologies for the inconvenience…

Our Matrix rooms are still available since those aren't hosted on any specific server. We use our own Matrix server for our project accounts, bridge bot, etc. too.

This month has a MASSIVE set of Android Open Source Project security patch backports due to the move to move patches being quarterly instead of monthly for it. We will be doing a release with the AOSP backpo ts along with GKI LTS kernel updates to the latest. We have more work with adevtool to make it much faster to work on device support. We are closer to fully removing the device trees and instead auto-generating it. This will help with #GrapheneOS porting to Android 16 QPR1 and Pixel 10. We expect Android 16 QPR1 to be released TOMORROW (2025-09-03). This could change. Pixel 10 porting work will begin when Android 16 QPR1 port is complete.

Research has mostly already solved what we need to develop to create a system that is highly secure. We have strong encryption, we have microkernels, we have sandboxes, virtualization, exploit mitigation technology, secure authentication etc. What we need to target is how to make software that is highly secure and also highly useable, and something very private that is also very personalised with great UX. Oftentimes more security means more restrictions therefore less usability and user freedom thanks to a restricted environment. More privacy means a less personalised experience by knowing less about the user. Users frequently self-pwn by using insecure software for the preference of 'freedom' for a feature. The problem here lies that there is no feature in the high-security systems to do what they they wish safely. Unless, of course, that functionality is anti-security in itself. Many of what GrapheneOS develops or are designed to be useable security. Extra settings are opt-in. Some of the most important security work of GrapheneOS are changes invisible to the user, like hardened_malloc. A significant security enhancement while also providing little overhead or interruption to the user. Many useable apps people develop are not security-focused. Same can be said about the reverse. This is something to work on. When your app is only known as being an app for techies or security people, you may have already lost. Security is not selling point to people unless they want security.

#devstr I created a small script to make Free Speech Flags out of Kryptor public keys. A free speech flag is a flag created out of a cryptographic key as a protest art against censorship and freedom of speech. The README has more information. The original Free Speech Flag was designed out of a cryptographic key used in HD DVDs and Blu-Ray discs that the MPAA would send cease and desist letters to any web page that even hyperlinked the hex encoded value of the key. For example, this generated Kryptor public key Ed//e7NelPumXQ8GGsZV/Wmx4A8xhSkrqd8GdrGdLsBCfYw= Creates: Because there is 11 colors, it fits perfectly with 88x31 web page links as well. It is possible to find a way to repurpose this with PGP key fingerprints or potentially Age but neither provide the entire public key in a a fashion as simple as this. Adding all the Hex codes of the colors from left to right plus the text on the bottom right last into one Hex string, decoding it, then encoding to Base64 returns the Kryptor public key. This has potential steganographic use cases. You could embed these colors in a photo (most common to least common color as an order?). Or you could embed the hex input within an unsuspecting image's bytes. I mostly made this in mind as a art piece / cypherpunk fashion statement. It isn't a security or privacy plus. You having this flag is all that is required to encrypt files to me, and the encryption to use is strong. So I think it could be useful to someone. Here is the code:

GitHub

GitHub - final-git/marcottegen: Generate Free Speech (John Marcotte) flags from Kryptor public keys. Public domain.

Generate Free Speech (John Marcotte) flags from Kryptor public keys. Public domain. - final-git/marcottegen

If you do not have the Arial font, then change it in the code. This code is public domain, so I won't accept pull requests not expecting to be in public domain as well. This is because the original flag is public domain. Kryptor is a modern encryption / signing tool designed to be much easier to use than GPG. Try it out:

Introduction | Kryptor