Administered by:
Robert Braxman has published another video spreading blatant misinformation about GrapheneOS in order to promote his highly insecure products and services. In addition to many false technical claims and fabrications about our team, he's falsely claiming the project is dying.
We have a thread already debunking this recent line of attack on GrapheneOS at https://grapheneos.social/@GrapheneOS/114721666000552094. GrapheneOS quickly provided the June security patches, was ported to Android 16 and is working with a major Android OEM. It's not dying and we haven't said or implied it is.
Braxman presents himself as a privacy and security expert but isn't one. He's a shady businessman selling unsafe snake oil products and services. His content is filled with outright fabrications and is heavily aimed at promoting his products. It misinforms rather than educating.
More privacy and security experts should address Braxman's inaccurate content along with the products and services he sells.
https://social.tchncs.de/@kuketzblog/114824455120563945
Braxman has repeatedly sold people fake end-to-end encryption messaging, etc. The companies working with him are scammers too.
GrapheneOS has only ever posted about Braxman in response to his misinformation about us. In his latest video attacking us, he engages in clear libel towards our team. He pushes fabrications from a libel/stalking site and accuses us of doing what he's openly doing in the video...
Our lead developer was forcibly conscripted into a war and we've been asking for help regularly since then and expressing that the situation was dire. Android 16 making our life harder than expected made it worse. The Android 16 changes weren't really the important part...
Following this, we hired 2 more full time developers and have tried to hire more people. Multiple people stepped up to do part time volunteer work helping with the port to Android 16 and other things. People stepped up to help in other ways. GrapheneOS was not and is not dying.
We shipped the June Android Security Bulletin patches for AOSP on June 2. Pixel and AOSP release was June 10 based on Android 16. We began porting to 16, realized it would be far harder than expected and requested urgent help. We backported Android 16 firmware/drivers to 15 QPR2.
Our initial official production release of Android 16 was made on June 30th after an experimental release the day before which had major issues:
https://grapheneos.org/releases#2025063000
Most users already considered that fully functional and very stable. Most early testers were happy with it.
There were no Pixel Update Bulletin security patches for July 2025 so we took an extra day to polish things up further and GrapheneOS based on Android 16 reached our Stable channel today.
Due to requesting and receiving help, we're much better off than we were before Android 16.
We've never considered AOSP providing device trees as a hardware requirement. The crisis was a combination of the conscription, other developers being less available to work, more than ever to port (2FA unlock in particular), remaking device support and ongoing attacks like this.
Useful information on Braxman's products and services from a security researcher (founder of DivestOS):
https://forum.f-droid.org/t/brax2-alternatives/22469/6
Highly insecure, ancient hardware running a closed source fork of the end-of-life Android 10 which did NOT receive basic security patches and updates.
Secure Group is a company quite similar to Encrochat, SkyECC, MPC Secure and AN0M with a similar customer base and marketing. Look into which products Secure Group's resellers also sold. They made Braxman's previous phone and the most recent one that's supposedly shipping now.
@GrapheneOS Robert Braxman presents himself as a privacy expert but routinely spreads misinformation and technical half-truths. His statements often lack depth and accuracy, suggesting he prioritizes narrative over substance.
@kuketzblog @GrapheneOS whilst also pushing his own solutions. 
@kuketzblog @GrapheneOS
What do you all think of Privacy on iOS? Should the average user care? Rob Braxman has made me too skeptical about iOS and MacOS devices, on privacy front.
What I am really sure about those devices is that Apple does have some backdoors, but they don't implement mass surveillance, and avg. user shouldn't worry.
Ofcourse, GOS is god in security.
What do you all think of Privacy on iOS?
@Notsoanonymous @kuketzblog Apple products and services are certainly far more private, secure and trustworthy than Braxman's products and services. That's not a high bar.
> What I am really sure about those devices is that Apple does have some backdoors
There's no evidence of that. On the other hand, Braxman's products/services have had actual legitimate backdoors in their code including fake end-to-end encryption where the server has access to the keys. There are people who covered this.
> What do you all think of Privacy on iOS?
iPhones are far more secure than the vast majority of Android devices. Only Pixels are currently competitive with them.
iOS is far more secure than nearly all options. Stock Pixel OS and AOSP itself aren't far behind iOS but iOS is at least a bit ahead. GrapheneOS greatly improves security. iOS has areas it does better even than GrapheneOS, but we think GrapheneOS is more secure overall especially against real exploits.
@Notsoanonymous @kuketzblog iOS provides strong privacy from apps and services. It doesn't provide the ability to avoid Apple services and strong privacy from Apple, but neither does a Google Mobile Services device with Google. iOS somewhat more private from Apple than GMS is from Google. It has better defaults and they support end-to-end encryption for most of the iCloud services via Advanced Data Protection. What they don't support is avoiding Apple services as you can with AOSP and Google.
@kuketzblog @GrapheneOS couldn’t say it better when I saw a few of his videos. Thanks for your point of view
@GrapheneOS oh so form his point of view increasing security don't increase privacy ?
Funny *laught in celebrite*
@GrapheneOS it's strange se talk about verified boot as a "problem", when it's the only reason i use you.
@rawshadows Verified boot is an industry standard security feature. Preserving the standard security features is only the baseline of what GrapheneOS provides. We provide massive privacy and security features built on top of that base. https://grapheneos.org/features provides an overview of how GrapheneOS compares to standard Android 16.
@GrapheneOS yeah i guess he's the sort of people that buy pc with coreboot only to avoid secureboot on computer ....
@GrapheneOS hey, congrats on finding more devs!
@GrapheneOS this thank-you note from me was written on a pixel tablet that was updated seamlessly to android 16 today as part of the latest GrapheneOS release.
@GrapheneOS initial GrapheneOS builds in under a month and being pressed on the longevity of the project... Now should we look at any number of OEMs software versions for the multitude of devices that they supposedly support with greater user bases than GrapheneOS?!
@GrapheneOS oh my god i checked the header security, tls security, dnssec support etc of his website and his website miss so much thing, it's horrible, PFS not enforced, TLS 1.0 and 1.1 allowed, tls on email not enforced dnssec not enabled, insecure key allowed, No CSP, the only xss protection is via header (not csp), strict transport policy not enabled due to misconfiguration, tls cert don't match the hostname.
at that point it's a criminally insecure service
@rawshadows The old XSS protection header is deprecated and removed from modern browsers because it was found to be unsafe and created vulnerabilities in correct code. Modern guides recommend setting it to 0 since Safari kept it for so long. Trusted Types is the strict way of blocking XSS, etc. where your CSP can enforce Trusted Types and then provide an allowlist of Trusted Types policies which if set to 'none' completely blocks various vulnerability classes. Just need to build DOM via APIs.
@GrapheneOS it's true but if he had the old one AND the new one we could say, hum ok simply forgotten to remove it, but there ...
i mean these day i even deployed the permission rules to lock down browser feature on my website that host literally nothing ... and the fact he continue to use deprecated TLS or completly insecure cipher is ... i don't even find the word to say how it's bad 
i feel sad for the people that use his service because he scammed them.
@rawshadows His supposedly end-to-end encrypted services have consistently had server side access to the encryption keys simply out of laziness. It's bottom of the barrel work at all levels. It's just the bare minimum which they can do to make a product people can be tricked into buying. It has to look as if it's reasonable to people brainwashed by his highly inaccurate content always presenting his products as the best solution. He covers real topics but with tons and tons of fabrications.
There are a lot other bullshit devices available ar the market, for example "explora x5" smartwatch, communicated as a "SECURE" smartwatch for kids.
Shipped with an stone-age version of Android.
I reported the exact version to price compare services like GEIZHALS, they listed it as a criteria, however it was removed there for now.
X6 is out, don't checked the Android version here, didn't expext it to be much better here.
For sure they are backporting everything 
@FamilyCyclist Android 13 is the oldest yearly release getting security backports now, although anything but the latest stable releases only gets close to full backports of High/Critical severity vulnerabilities. Low/Moderate severity ones aren't really backported much anymore since the pace of finding vulnerabilities across software being heavily fuzzed, audited, etc. is so high.
X5 latest update is Android 7.1.2, so there is no place for hope, having a secure smartwatch.
While their data policy is OK, they will never reach their own requirments with this basic release.
However this is an example of dozens out there.
You guys know this better than others.
So we have no choice providing kids a GOSdevice. Fighting physical access time with them as screen time feature is just non working mental bullshit: Nebula candle from Apple and UncleG adding consumption
Parents out there should read the sample and maybe decide to check out this book here:
https://www.penguinrandomhouse.com/books/771065/the-tech-exit-by-clare-morell/
(Check the sample on a desktop computer, more chaps available from there)
What we learned:
- no own smartphone before the age of 14
- no social media before 16
- provide a pool device for "events", use GOS.
Provide the sim pin for your childs, but not the owners one
- for longer trips > one day, provide the owner pin.
As they sometimes miss to juice the battery.
@GrapheneOS
Wow, haven't thought of Braxman in... years maybe
@GrapheneOS
During the night I received the upgrade of A16 stable. Considering the circumstances with so many obstacles to solve, you did far more than a fantastic job! Thank you so much for your hard work!
@GrapheneOS I'm so sorry to hear that. I assume that most people don't come close to the expertise required to be beneficial to the project. Let's hope for the best, and the end of the war. 
@GrapheneOS Look I'm happy using GOS and happy that the A16 port worked out but it's a simply a lie that you didn't originally paint it as doomsday when the device repos stopped updating.
@eskuero No, it is yourself and others misrepresenting what we said in this series of posts who are lying. We did not say we were going to stop working on GrapheneOS. We said it was going to be impossible to continue in the way it was going before where we could port to new major releases in 24 hours and add support for new devices in 24 hours. You're also lying about the reason for why we posted this which was far more to do with our lead developer being conscripted into an army...
@GrapheneOS "Otherwise, be prepared for the final release of GrapheneOS to be today. It's up to the people who have this access to decide if they want the project to go on after today."
is very clear language not open for interpretations
@eskuero No, that's a lie, and you're very clearly misrepresenting what we said. Even in this cropped screenshot, it says directly afterwards that we can continue the project with substantial effort. The following messages explain that we plan to do that but it will be very difficult. Why show this single message with many subsequent messages explaining the situation and what we planned to do removed? You're cherry picking wording expressing how dire things were/are with the rest cropped out.
@eskuero Cropping out a single message out of dozens explaining the situation and cherry picking wording from 1 sentence while ignoring the rest of what was said in that paragraph is not being honest about what we actually said to people. Why were the rest of the messages and edits we made to the wording omitted? You're claiming we're lying while doing an extraordinarily dishonest misrepresentation of what we said. Nope, it's you who is lying and you who will no longer be part of our community.
@eskuero Show the whole conversation including the edits we quickly made to the initial messages. Why are you using a cropped screenshot and twisting the wording we used in a way which contradicts us very clearly explaining it would take far more work than expected? We also did receive additional support compared to what we expected to have. Our call for help was at least partially answered.
It's now a month later after we successfully ported to Android 16 a couple weeks earlier...
@eskuero It's nothing short of an outrageous lie to use this cropped screenshot omitting subsequent messages, edits and twisting the wording which was used initially to present it as if GrapheneOS is dying weeks after we ported to Android 16 successfully. A major part of why it went better than expected is because the developer who was forcibly conscripted was diverted away from combat and is currently in limbo where they were able to use free time and cellular connection to help us out.
@GrapheneOS This is the only second message I got which still said you would not be able to do it without help from a partner access.
The rest you deleted already since I just scroll all way back to june 10th and it's all gone.
Do not take this as an attack because it's far from my intention but the message on day one was worrying, what happened later was great and I'm happy about it
@eskuero You falsely accused us of lying in your initial post. We're responding to a video which was just recently posted after our Android 16 port was completed weeks ago. Our initial concern about how hard it was going to be and lack of our usual development team is not the present. These messages also made it incredibly clear we were going to work very hard on porting to Android 16, overcoming the fact that our lead developer was forcibly conscripted and ongoing escalating attacks hurting it.
@eskuero Your post at https://grapheneos.social/@eskuero@mstdn.io/114824540330983883 is an extreme misrepresentation of this situation. It's a dishonest attack. Braxman didn't post his video minutes after we posted that message before further clarification. He just posted it now, after our port to Android 16 was completed and after numerous threads providing clear information on our plan and how things were going. Even following the message you posted out of context, we clearly communicated we were continuing the project.
@eskuero Porting to Android 16 did go far worse than ports over the past many years. It took us 2 weeks and then additional time to get it to Stable instead of it taking the typical 48 hours or so to Alpha and then Stable in under a week. We care a lot about shipping updates quickly and consider what happened to be awful.
@GrapheneOS I didn't falsely accuse you of anything. You said on day one that the project would not be able to continue without help. I doubt I was the only one that thought the project was close to death.
I don't care about Braxman I don't know him and I haven't watched his video, don't relate me to him.
> I didn't falsely accuse you of anything.
You falsely accused us of lying in our thread.
> You said on day one that the project would not be able to continue without help.
We received more help than we had at the time.
> I doubt I was the only one that thought the project was close to death.
That is what happens when a state forcibly conscripts our lead developer when we already lack the resources we need, and then a port we were worried about is made much harder than expected.
@eskuero We never said GrapheneOS was being discontinued and or that we were going to stop working on it.
Do you realize how hard it is to have the person who did 95% of code review and 90% of the ports conscripted into a military and sent to basic training with nearly 0 contact with us for 45 days?
We desperately needed help and made that clear before Android 16 was released. We were not yet receiving enough help at that time.
Following the posts we made, we received more help and funding.
@eskuero It is not June 10. It is July 3. Our first production build based on Android 16 was made on June 30. Prior to that, we publicly explained how things were going in several long threads.
We made it clear we were going to be able to complete the port very shortly after June 10 after we received additional help and support.
Why is a dire situation on June 10 where we said we need help to continue being misrepresented as GrapheneOS being discontinued or struggling now, after we got help?
@GrapheneOS @eskuero I fully support you. And I would like to ask only one thing, is this developer safe now. He and you are also counting on the fact that he will return to work on the project as soon as possible or at least someday. Does he have the opportunity to leave, because he is such an important person for the development of the project? I know that in practice he can pay for leaving this country or get a deferment from the army.
@userj @eskuero He isn't being sent to combat and he'll hopefully be discharged and able to work on GrapheneOS again soon. We're in active communication with him via a cellular connection. He's currently in limbo and not really tasked with any actual assignment so he has some time to help.
Corruption is very widespread in the country but that doesn't mean he can get out of it with money. There's widespread knowledge of his situation and that he's a talented security researcher and developer.
