Lightnews — Scholar-powered news

GrapheneOS

@grapheneos.org

13K followers 0 following 4.4K posts

Open source privacy and security focused mobile OS with Android app compatibility. https://grapheneos.org/

grapheneos.org

Posts Media Videos Starter Packs

Pinned

GrapheneOS @grapheneos.org · Feb 7

In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools.

8 22 380

GrapheneOS @grapheneos.org · 8h

Those are the only devices meeting the update and security requirements listed at grapheneos.org/faq#future-d.... We're actively working with a major Android OEM towards a subset of their future devices meeting these requirements. Broad device support wouldn't be compatible with privacy/security.

GrapheneOS @grapheneos.org · 19h

Only adding it as an option to the update settings only resulted in a tiny portion of the userbase using the security preview releases. Providing everyone with an explicit choice was important since otherwise it will take a lot of time for people to become aware of it and many won't ever notice it.

GrapheneOS @grapheneos.org · 19h

Our 2025092500 release (grapheneos.org/releases#202...) was the first with support for opting into security preview releases via the update settings.

Our latest release (2025100900) now provides a choice in the initial Setup Wizard process and a notification with the same choice for existing users.

1 1

GrapheneOS @grapheneos.org · 1d

GrapheneOS version 2025100900 released:

grapheneos.org/releases#202...

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

discuss.grapheneos.org/d/27194-grap...

#GrapheneOS #privacy #security

GrapheneOS releases

Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

grapheneos.org

3 4 43

GrapheneOS @grapheneos.org · 1d

Yes, it will be supported, but we don't know how long it's going to take.

1 3

GrapheneOS @grapheneos.org · 1d

They still set the patch level on the Pixel 7 to the latest value despite not having the patches from either the 2nd half of each Android Security Bulletin or the patches from the Pixel Update Bulletins. OEMs are supposed to have their own bulletins covering patches for components not from AOSP.

GrapheneOS @grapheneos.org · 1d

/e/ sets the patch level inaccurately for the officially supported devices too, and is similarly far behind on providing privacy and security patches. As an example, their official support for the Pixel 7 is on Android 13 without kernel, driver and firmware patches from October 2023 or later.

1 1

GrapheneOS @grapheneos.org · 1d

discuss.grapheneos.org/d/27068-grap... provides more information on our security preview releases. The reason we're providing both regular and security preview releases is because we're required to wait to the embargo end date to publish the source code for the patches in the future bulletins.

GrapheneOS @grapheneos.org · 1d

December 2025 patches from the past couple days have been included and the January 2026 preview is now available.

Our next release coming today provides a choice to use our security preview releases in the initial setup wizard with a notification for existing users. Opting into it is recommended.

1 10

GrapheneOS @grapheneos.org · 1d

Unpatched devices impact more than the owners of the devices. DDoS attacks are largely done from compromised embedded devices and personal computers which were not receiving important patches. Exploiting known vulnerabilities months or years after they were patched is very common.

GrapheneOS @grapheneos.org · 1d

The fact is your device has extraordinarily poor privacy/security, which /e/ is misleading people about including by setting an inaccurate Android security patch level. It's an unsafe device and devices with a bunch of unpatched vulnerabilities really shouldn't be internet connected in general.

2 1

GrapheneOS @grapheneos.org · 1d

/e/ substantially rolls back the privacy and security model compared to AOSP, far more than LineageOS. There are also other operating systems doing what they can to patch a small portion of Linux kernel vulnerabilities and aren't misleading users about what's provided. DivestOS was doing it before.

1 1

GrapheneOS @grapheneos.org · 1d

/e/ raises the patch level across devices regardless of how many of the required patches are missing. They miss part of the AOSP patches and miss all of the Linux kernel, driver and firmware patches on many devices including yours. They're even missing those on Pixels being 2-3 years behind on it.

GrapheneOS @grapheneos.org · 1d

Setting the patch level to 2025-09-05 means claiming to have provided all of the patches in the 2025-09-05, 2025-09-01, 2025-08-05, 2025-08-01 and all previous patch levels. /e/ raises the patch level without doing that. They're missing part of the first sections and 100% of the 2nd on your device.

GrapheneOS @grapheneos.org · 1d

Android Security Bulletins are split into 2 sections. The first section has AOSP userspace patches, which is what /e/ provides with significant delays. The second section has Linux kernel, driver and firmware patches they do not provide on most devices. The patch level refers to including both.

GrapheneOS @grapheneos.org · 1d

/e/ does not provide kernel, driver or firmware updates for your device. You have an end-of-life Linux 4.14 kernel no longer supported by Linux upstream, and they're not backporting to it. You have the kernel, drivers, firmware and other components from the last stock OS release in January 2023.

2 1

GrapheneOS @grapheneos.org · 1d

/e/ knowingly sets an inaccurate Android security patch level without providing all of the required patches. Security patch level string is simply a value set by the OS and there's nothing enforcing actually providing the patches to raise it, which they aren't doing. They're missing many of them.

1 1

GrapheneOS @grapheneos.org · 1d

/e/ lags behind on providing the subset of the AOSP patches they provide which is isn't caused by that device being end-of-life. /e/ is missing 2-3 years of kernel, driver and firmware patches for multiple non-end-of-life Pixels. Most of their users aren't aware they're missing years of patches.

GrapheneOS @grapheneos.org · 1d

/e/ is only providing a subset of the AOSP privacy and security patches. They're not providing Linux kernel updates, driver updates, firmware updates or other patches related to the components used by the device. You have severe unpatched vulnerabilities in the Linux kernel, drivers and firmware.

GrapheneOS @grapheneos.org · 1d

OnePlus 7 Pro has been end-of-life since January 2023 and last received the December 2022 security patches. /e/ is still using the same end-of-life Linux kernel branch, kernel drivers, userspace drivers, userspace services and firmware from the stock OS. /e/ doesn't change that it's highly insecure.

GrapheneOS @grapheneos.org · 1d

Many Play Store apps do not work with the approach used on /e/ and many others have reduced functionality. The small subset of Play Store apps which you use not having visible problems doesn't mean that most Play Store apps work with microG. It's verifiable that it's not the case...

GrapheneOS @grapheneos.org · 1d

@tiziano23.bsky.social

GrapheneOS @grapheneos.org · 1d

No, a large portion of Android apps do not work on /e/ with the approach they take to compatibility with apps depending on Google Mobile Services. It has much lower compatibility with Android apps than GrapheneOS and much worse stability. /e/ and Murena have misled people about GrapheneOS for years.

1 2

GrapheneOS @grapheneos.org · 1d

Providing a reasonable level of privacy requires patching privacy vulnerabilities and providing important privacy protections which they're failing to do at a reasonable level. Privacy also depends on security, so very lacking security patches and protections are certainly relevant to privacy too.

1 1

GrapheneOS @grapheneos.org · 1d

/e/ has extremely poor privacy due to leaving severe privacy vulnerabilities unpatched for years along with security vulnerabilities usable to exploit the OS and bypass the privacy model. They also don't have important current era Android privacy protections due to lagging far behind on OS updates.

1 1