We're happy to announce a long-term partnership with Motorola. We're collaborating on future devices meeting our privacy and security standards with official GrapheneOS support. motorolanews.com/motorola-thr...

/e/ and Murena have been been promoting their products by misleading people about GrapheneOS for years. This has turned into an all out war on GrapheneOS by their company and supporters. We began regularly debunking their inaccurate claims and they try to frame it as aggression.

People shouldn't underestimate the harm which is going to be caused by them repeatedly telling people serious privacy and security are for pedophiles, criminals and spies. It's not a one time statement but rather a consistent narrative in years of their posts. This is a problem.

Murena and /e/ have been largely successful in how they've branded themselves despite lack of substance. Many people believe their false marketing. Governments now have an ally accepted within a lot of the privacy community which is saying strong privacy only helps pedophiles.

Apple and Google both provide support for offline speech-to-text using local models. Users can configure it to be fully offline. The Murena Voice to Text service in /e/OS sends the user's audio to OpenAI which is hidden away in their terms of service: community.e.foundation/t/voice-to-t...

Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.

URIBL (uribl.com) keeps adding grapheneos.org to their blacklist. This blacklist results in emails and comments linking to our website being widely filtered across the internet. They've approved our removal request 3 times but just added us back a 4th time.

We haven't ever sent any marketing emails and don't have a mailing list. The only automated emails we send to outside of the GrapheneOS project are for discuss.grapheneos.org (confirm email, reset password, subscriptions to threads, etc.) and attestation.app (alerts).

GrapheneOS version 2026040800 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/33971-grap... #GrapheneOS #privacy #security

GrapheneOS version 2026040600 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/33898-grap... #GrapheneOS #privacy #security

The situation with someone presenting their collaboration with us in 2018-2020 in an incorrect way appears to be resolved. We've removed our posts about the situation. We won't be getting involved as long as we're left out and our community should refrain from involvement too.

Transcription in French: > Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça

> aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles

GrapheneOS version 2026040300 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/33810-grap... #GrapheneOS #privacy #security

Vanadium version 147.0.7727.49.1 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33753-vana... #GrapheneOS #privacy #security

Vanadium version 147.0.7727.49.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33728-vana... #GrapheneOS #privacy #security

GrapheneOS regularly fixes issues in Android disclosed by Project Zero after their 90 day deadline expires. We have fixes for multiple security weaknesses found by Project Zero which are unresolved in Android. GrapheneOS actually benefits more from Google's Project Zero than upstream Android.

Google has a ton of churn with employees. They've done many rounds of layoffs and buyouts causing them to lose a lot of experience and talent. Forcing people back to the office was a massive mistake on their part. Android is severely understaffed. TAG and Project Zero are also not the Android team.

GrapheneOS is a production quality OS with a team of 10 full-time developers. It isn't a hobby project made by people in their free time. We're a far more efficient organization than Google. We have a fully remote team and coordinate the project via internal chat rooms without layers of bureaucracy.

We ship Linux kernel security patches months before the stock Pixel OS. We also regularly ship other patches to external projects much earlier and we'll expand this as we get more resources. Our security preview releases ship the standard AOSP security patches months before the stock Pixel OS too.

GrapheneOS is based on the Android Open Source Project and therefore has the standard Android security model, protections and patches as a starting point. We build major privacy and security improvements on top of the standard baseline. We benefit from their experience and resources along with ours.

Apple and Google regularly tell the media they haven't seen exploits of a specific vulnerability or exploits of devices with a security protection enabled. This is heavily misinterpreted as meaning exploits aren't happening. They don't ever find out about many successful attacks.

GrapheneOS is an open source project. Open source means it can be modified and used for any purpose including commercial ones. People making forks of GrapheneOS are supposed to rebrand it and make it clear that it's not the official GrapheneOS but rather a derivative of it.

A bunch of companies and individuals have sold devices with GrapheneOS or a fork of it. Many companies making forks of GrapheneOS haven't complied with our open source licenses and our separate rules for usage of our trademarks which we've been actively addressing for years.

From 2018 through around 2021, Abdoul Rasnab sold devices with his own proprietary fork of GrapheneOS. That's 4 years after the project was started. He had no involvement in creating or founding GrapheneOS. He also didn't write absolutely any of the GrapheneOS project's code.

Brazil's authoritarian age verification law became active this month. It won't be implemented by GrapheneOS. Complying would require integrating a mandatory process for each user where a third party service checks government identification and confirms a match using the camera.

There aren't yet devices supporting GrapheneOS directly sold in South America. Brazil in particular has unusually high import duties/taxes which add up to around 100%. This has resulted in us not having a lot of users there but our Motorola partnership will start changing this.

People are going to have their personal info leaked by third party age verification services due to these laws. Children are going to be harmed by apps and websites changing their behavior to exploit them. It isn't going to stop minors finding pornography if they want to find it.

GrapheneOS started in 2014 and was originally named CopperheadOS. In late 2015, the Copperhead company was founded which was meant to support the project. Copperhead didn't create CopperheadOS and didn't own or control it. Copperhead made a failed takeover attempt on it in 2018.

No one should believe the false narratives peddled by these people. They've always been in it for personal benefit and have caused immense harm to actual efforts to improve privacy and security. We're willing to forgive people who were duped by their fabrications, just reach out.

We're offering forgiveness to people who have engaged in years of libel/harassment towards us if they take down their attacks, debunk it and help repair the harm caused to us. This offer even extends to Henry Fisher and Louis Rossmann. Alternatively, we can address it in court.

There are at least a dozen people spending at least several hours attacking GrapheneOS across platforms on a daily basis. It's a very strange situation. How do these people have so much time and dedication to keep making posts across platforms attacking us? It's relentless.

Privacy projects are more vulnerable to these attacks because the userbase and supporters largely avoid social media and other platforms where it happens. Many people believe what they read on social media if it isn't countered and it builds echo chambers hostile to GrapheneOS.

Many people think these must be state sponsored attacks. However, our experience is these attacks are primarily orchestrated by companies selling dubious products marketed as private and secure. We did get targeted by state sponsored smear campaigns in France and Spain though.

Vanadium version 147.0.7727.24.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33526-vana... #GrapheneOS #privacy #security

GmsCompatConfig version 169 released: github.com/GrapheneOS/p... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33525-gmsc... #GrapheneOS #privacy #security #gmscompat

If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this.

Root-based attestation trusts the whole hardware attestation ecosystem. Leaked keys from any device can be used to bypass it. Pinning-based attestation starts trust from first use and then provides a high level of security based on the security of the device's early boot chain and secure element.

Root-based attestation is mainly used to disallow an arbitary device, OS or modified app for control rather than security. Pinning-based attestation lacks those negatives and can be very secure. It can be bootstrapped by root-based attestation but it works without it and it's not the only approach.

Vanadium version 146.0.7680.164.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33474-vana... #GrapheneOS #privacy #security

We aren't partnered with Motorola Solutions. It's an entirely different company from Motorola Mobility. Those haven't been part of the same company since they were split up in 2011. Motorola Mobility is a subsidiary of Lenovo. Motorola Mobility even has ThinkPad branded phones called ThinkPhones.

GmsCompatConfig version 168 released: github.com/GrapheneOS/p... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33369-gmsc... #GrapheneOS #privacy #security #gmscompat

GrapheneOS version 2026032000 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/33367-grap... #GrapheneOS #privacy #security

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.

Vanadium version 146.0.7680.153.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33290-vana... #GrapheneOS #privacy #security

We posted a thread on Mastodon addressing the underhanded attacks being made on GrapheneOS by Volla due to our opposition to their Unified Attestation API: grapheneos.social/@GrapheneOS/... An account previously pretending to be a fan supporting Volla has been clearly exposed as run by them.

Here's an archive preserving all of the posts from this account clearly run Volla: archive.ph/LhddH It has the whole history of how it was used to promote it pretending to be a supporter with inaccurate marketing to the current outrageous conspiracy theory attacks.

We're open to suggestions on a better archiving site since there are some complaints about the one we've been using. archive.org has repeatedly removed archives upon request by companies covering up what they've done to GrapheneOS so their service isn't acceptable.

Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Unified Attestation is an anti-competitive cartel turning a decentralized decision into a centralized one. Instead of neutral organizations being formed to certify devices without a massive conflict of interest, these companies will sign off on their products regardless of the level of insecurity.

Multiple competing companies forming a cartel which locks out other options is not legal. We're fully willing to file one or more lawsuits over this. It should be discontinued now prior to harming us.

Vanadium version 146.0.7680.119.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33145-vana... #GrapheneOS #privacy #security

Vanadium version 146.0.7680.115.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33092-vana... #GrapheneOS #privacy #security

Auditor app version 91 released: github.com/GrapheneOS/A... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33051-audi... #GrapheneOS #privacy #security #android

Vanadium version 146.0.7680.111.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/33004-vana... #GrapheneOS #privacy #security

We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps. uattest.net

These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.

Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.

Vanadium version 146.0.7680.65.1 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/32895-vana... #GrapheneOS #privacy #security

GrapheneOS version 2026030700 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/32885-grap... #GrapheneOS #privacy #security

Vanadium version 146.0.7680.65.0 released: github.com/GrapheneOS/V... See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: discuss.grapheneos.org/d/32825-vana... #GrapheneOS #privacy #security

GrapheneOS version 2026030500 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/32816-grap... #GrapheneOS #privacy #security

The official microG OS project (lineage.microg.org) leaked their private keys for logging into their servers and signing releases: github.com/lineageos4mi... We make our official builds on local machines. Our signing machine's keys aren't ever on any storage unencrypted.

Our roadmap for improving security of verifying updates is based on taking advantage of the reproducible builds. We plan to have multiple official build locations and a configurable signoff verification system in the update clients also usable with third party signoff providers.

We don't have faith in any available commercial HSM products being more secure than keeping keys encrypted at rest on the primary local build machine. Instead, we're planning to develop software for using the secure element on GrapheneOS phones as an HSM for signing our releases.

GrapheneOS version 2026030200 released: grapheneos.org/releases#202... See the linked release notes for a summary of the improvements over the previous release. Forum discussion thread: discuss.grapheneos.org/d/32708-grap... #GrapheneOS #privacy #security