GrapheneOS
@grapheneos.org
13.6K followers0 following
4.6K posts
Open source privacy and security focused mobile OS with Android app compatibility. grapheneos.org
Pinned
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 9mo
In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now zeroes RAM before enabling USB. This successfully wiped out the After First Unlock state exploit capabilities of two commercial exploit tools.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 12h
Vanadium version 143.0.7499.34.1 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/28413-vana...
Release 143.0.7499.34.1 · GrapheneOS/Vanadium
143.0.7499.34.1
github.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1d
We now have experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold. Our initial 2025112500 release for these is available through our web installer or releases page on our staging site: staging.grapheneos.org/install/web staging.grapheneos.org/releases#dev...
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1d
A false narrative is being pushed about GrapheneOS claiming we're ending operations in France due to the actions of 2 newspapers. That's completely wrong. If both newspapers and the overall French media had taken our side instead of extreme bias against us, we'd still be leaving.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1d
French law enforcement brought up SkyECC and Encrochat, two companies they went after with arrests and server seizures. They made it very clear they'll go after us similarly if they're able to conjure a good enough justification and we don't cooperate by providing device access.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1d
Thinly veiled threats from law enforcement are quoted in several of the news article including archive.is/UrlvK. We don't store user data and cannot bypass brute force protection for encryption. Cooperating to provide device access means one thing: encryption backdoors.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 2d
We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 2d
We would have zero legal obligation to do it but it's not even possible. We have a list our official hardware requirements including secure element throttling for disk encryption key derivation (Weaver) combined with insider attack resistance. Why aren't they blaming Google?
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 2d
In Canada and the US, refusing to provide a PIN/password is protected as part of the right to avoid incriminating yourself. In France, they've criminalized this part of the right to remain silent. Since they're criminalized not providing a PIN, why do they need anything from us?
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
We host our own authoritative DNS servers to provide DNS resolution for our services. Authoritative DNS are the servers queried by DNS resolvers run by your ISP, VPN or an explicitly user chosen one such as Cloudflare or Quad9 DNS. We now have our own AS and IP space for this.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
Our ns2 network currently has New York City, Miami, Las Vegas and Bern. Here's latency to ns1: ping6.ping.pe/ns1.graphene... ping.pe/ns1.graphene... Here's latency to ns2: ping6.ping.pe/ns2.graphene... ping.pe/ns2.graphene... We plan to add more locations to ns2 via another provider.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
When we begin a reboot of a server, the change propagates across all internet backbone routers within a few seconds. This provides high availability for server downtime too. We have 2 networks so routing/transit issues or a malfunctioning server don't break using our services.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
We're going to be moving the production second release of GrapheneOS based on Android 16 QPR1 to our Stable channel in the near future. Most significant confirmed regression is a crash in a new clock customization UI. It's solid and we don't seem to need a 3rd release first.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
We're actively working on finishing support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold. It will likely be ready within a few weeks but we can't provide any specific timeline. It depends on which issues come up and how quickly we can get those resolved.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
France's cybersecurity agency was previously actively using GrapheneOS. They helped us by auditing our code and submitting bug reports such as this one: github.com/GrapheneOS/h... They also made suggestions for security improvements to improve protection against exploits.
Undefined behaviour in get_large_size_class() · Issue #133 · GrapheneOS/hardened_malloc
As mentioned there, I'm opening this issue to discuss another finding I investigated following static code analysis of hardened_malloc. If we can reach the following definition in get_large_size_cl...
github.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
Meanwhile, the FBI and European law enforcement facilitated years of organized crime in Europe via Operation Trojan Shield while infringing on our copyright and trademarks. How about they start by arresting themselves? See our other thread about this: bsky.app/profile/grap...
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 5d
Please listen to this podcast about ANOM: darknetdiaries.com/transcript/1... The FBI ran a string operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
darknetdiaries.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 4d
Here's France's ANSSI agency proposing an exploit protection to defend against apps being exploited: github.com/GrapheneOS/o... Today, our restrictions for Dynamic Code Loading via both memory and storage cover protecting against this and are enforced for the whole base OS.
Native libraries loading protection · Issue #1118 · GrapheneOS/os-issue-tracker
Hi I've implemented a small patch for android and I wondered if you would be interested in it : Its motivation is to allow a developer or a packager of an app to forbid the loading by an applicatio...
github.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 5d
Please listen to this podcast about ANOM: darknetdiaries.com/transcript/1... The FBI ran a string operation in Europe where they created their own 'secure' phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.
ANOM – Darknet Diaries
In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
darknetdiaries.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 5d
It's very likely a lot of the crime facilitated by ANOM wouldn't have happened without these governments providing criminals with a communications network they believed was completely secure. The way they wrapped it up doesn't absolve them of what they facilitated for years.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 5d
France's government and law enforcement wants you to believe GrapheneOS and Signal are somehow responsible for crime. French law enforcement operates with impunity and has extraordinarily levels of corruption and criminal behavior. They're the ones committing and enabling crime.
Reposted by
GrapheneOS
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 5d
Replied to
Karl Melnyk
GrapheneOS Foundation is based in Canada. The 3 directors are from Canada (also project manager), Ukraine (also lead developer) and Kazakhstan. Our local build and signing infrastructure along with our main device test farm is in Canada. We don't consider the project to have a nationality though.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 6d
Here's another French journalist participating in fearmongering about GrapheneOS. That article is not measured. It provided a platform to make both unsubstantiated and provably false claims about GrapheneOS while providing no opportunity to see and respond to those claims. bsky.app/profile/gabr...
‪Gabriel Thierry‬ ‪@gabrielthierry.bsky.social‬
· 6d
Un point qui devrait alerter. Je trouve l'article du @leparisien.fr mesuré: il signale les craintes policières d'une dérive vers un usage criminel et donne la réponse opposée de GrapheneOS. Mais regardez la réaction de cette dernière: il serait inadmissible de mettre une telle question sur la table
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 6d
Our discussion forum, Matrix, Mastodon, etc. in OVH Bearharnois can be moved to local or colocated servers in Toronto instead. We can use Netcup (owned by Anexia, both German) as one of the main providers for website/network service instances. The majority of our servers are already not on OVH.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 6d
We won't travel to France including avoiding conferences and will avoid having people working in the country too. A simple heuristic for the EU is avoiding countries supporting Chat Control. We genuinely believe we cannot safely operate in France anymore as an open source project privacy project.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 7d
We were contacted by a journalist at Le Parisien newspaper with this prompt: > I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police?
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 7d
The reality is that a tiny proportion of the GrapheneOS userbase are criminals, clearly far below 1%. It's a rounding error. The vast majority of criminals use Android and iOS. French law enforcement contains a vastly higher proportion of criminals than the GrapheneOS userbase.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 7d
French law enforcement has a disproportionately high number of domestic abusers, pedophiles and other criminals. They routinely illegally violate the human rights of French citizens. They're upset they can't break into phones of a small handful of people because of GrapheneOS.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 7d
We ported the Android 16 security preview patches to 16 QPR1. 2025111801 is our first 16 QPR1 with December 2025, January 2026, February 2026 and March 2026 ASB patches: grapheneos.org/releases#202... We'll fix a few more QPR1 regressions and then it should be able to reach Stable.
GrapheneOS releases
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
grapheneos.org
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 8d
Vanadium version 142.0.7444.171.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Release 142.0.7444.171.0 · GrapheneOS/Vanadium
142.0.7444.171.0
github.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 9d
Releases of GrapheneOS based on Android 16 QPR1 are available for public testing. These are highly experimental and aren't being pushed out via the Alpha channel yet. Join our testing chat room if you have a spare device you can use to help with testing. grapheneos.org/contact#comm...
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 9d
We have a serious OEM partnership with a large company actively working on implementing MTE and the rest of what we need. We need a proper secure device which can be refreshed yearly as a replacement for Pixels. We're not going to abandon properly protecting users to provide it.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 9d
Our focus is Android 16 QPR1, then Android 16 QPR1 security preview releases with all the current December 2025 / January 2026 / February 2026 / March 2026 patches and finally support for all four Pixel 10 models. We can find time to debunk another falsely marketed product too.
Reposted by
GrapheneOS
‪MetropleX | GrapheneOS‬ ‪@metroplex.bot‬
· 10d
Recently did an interview on behalf of
@grapheneos.org
with
@davidbombal.bsky.social
which can be found below. I'd like to say a huge thanks to David for his kindness, patience & consideration, his team are also a huge credit to him too. All round great experience. www.youtube.com/watch?v=eUEt...
Why GrapheneOS is Almost Impossible to Crack (Forensic Teams Have Tried)
YouTube video by David Bombal
www.youtube.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 10d
Our port to Android 16 QPR1 which was to AOSP on November 11 is currently being tested internally. Several important regressions have been discovered and we're working on resolving those before we release it for public testing. A few minor features also still need to be ported.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 15d
We received an ASN and IPv6 space for GrapheneOS from ARIN: AS40806 and 2602:f4d9::/40. We've deployed 2 anycast IPv6 networks for our authoritative DNS servers to replace our existing setup: 2602:f4d9::/48 for ns1 and 2602:f4d9:1::/48 for ns2. BGP/RPKI setup is propagating.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 13d
We've deployed our IPv4 /24 and IPv6 /48 for ns2 in production to replace the IPv4-only anycast tunnel system it relied on before. It has somewhat better latency and significantly better reliability now. We're waiting a bit longer for production deployment of our ns1 IPv6 /48.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 13d
We need to choose a host in Singapore with IPv4+IPv6 BGP support to extend ns2 with a location in Asia. Once that's added, it will be good enough for our current needs. The subset of our dedicated/colocated update servers with BGP could be used as extra ns2 locations eventually.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 14d
Yesterday (2025-11-11), the most recent major quarterly release of Android (Android 16 QPR1) was pushed to the Android Open Source Project after being delayed since 2025-09-03. We've completed our initial port of all our changes to it and are building an experimental release now.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 15d
Android 16 QPR1 is finally being pushed to the Android Open Source Project. This should have happened on 2025-09-03. We migrated to full Android 16 QPR1 kernel code (GPLv2 tarball) and firmware in September. We couldn't migrate userspace to QPR1 without it being pushed to AOSP.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 23d
Both patches in the November 2025 Android Security Bulletin have been included since our September 2nd release. It's now known that our 2025090200 and later releases provided the 2025-11-05 Android security patch level early due to shipping extra patches. source.android.com/docs/securit...
Android Security Bulletin—November 2025  |  Android Open Source Project
source.android.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 23d
It's because these two patches were included in the full September 2025 bulletin patches we shipped but were made optional until November 2025. Later in September, we started our security preview releases able to provide Android Security Bulletin patches around 2-3 months early.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 27d
@rwhitwam.bsky.social
We posted a thread replying to your article here before realizing you don't use X anymore: x.com/GrapheneOS/s... Last paragraph in the article describes GrapheneOS is wrong and it'd be nice if that was fixed. We could provide a lot more info about the overall topic though.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 27d
@rwhitwam.bsky.social
We have no issue with the overall article, we just don't want people to think GrapheneOS is a volunteer hobbyist project or that'd it be unexpected for it to protect against exploitation. If there's interest in making a more detailed article, we have a lot of info and contacts.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1mo
Pixel Camera recently added a hard dependency on Google Play services. It still works on GrapheneOS, but started requiring sandboxed Google Play services. GmsCompatLib version 100 for GrapheneOS 2025102300 or later restores support for Pixel Camera without Play services: bsky.app/profile/grap...
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1mo
GmsCompatLib version 100 released: github.com/GrapheneOS/p... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/27574-gmsc... #GrapheneOS #privacy #security #gmscompat
Release lib-100 · GrapheneOS/platform_packages_apps_GmsCompat
Changes in version 100: extend shim for background service starts to address edge cases where a foreground service is required add shim implementation of GmsFontProvider to prevent crashes of apps...
github.com
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1mo
Android Security Bulletin (ASB) for October 2025 is empty: source.android.com/docs/securit... However, you can see Samsung has a list of ASB patches for their October 2025 release exclusive to flagships: security.samsungmobile.com/securityUpda... It's a small subset of the December 2025 patches.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1mo
December 2025 patches from the past couple days have been included and the January 2026 preview is now available. Our next release coming today provides a choice to use our security preview releases in the initial setup wizard with a notification for existing users. Opting into it is recommended.
‪GrapheneOS‬
 ‪@grapheneos.org‬
· 1mo
discuss.grapheneos.org/d/27068-grap... provides more information on our security preview releases. The reason we're providing both regular and security preview releases is because we're required to wait to the embargo end date to publish the source code for the patches in the future bulletins.