Custom ROM GrapheneOS: a open source privacy and security OS

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
Auditor v20 released:

Also:
As always, the latest Auditor will be bundled in the next release of GrapheneOS but you can install it now. There will be a release of GrapheneOS in the next few days. It will include a couple other Android 11 port fixes for 2-button nav and our HTTPS-based network time updates.
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
2020.09.29.20

Changes since the 2020.09.25.00 release:

  • add overlay to show 2 button navigation option in Settings again
  • Calculator: gesture compatibility fix
  • Auditor: update to version 20
  • WebView: update to 85.0.4183.120
  • WebView: update to 85.0.4183.127
  • Vanadium: update Chromium base to 85.0.4183.127
  • fix syncing time for our HTTPS-based network time update implementation
  • stop using dedicated keys for signing OsuLogin and ServiceWifiResources rather than simply using the regular testkey/releasekey
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.10.06.02


Changes since the 2020.10.01.23 release:

  • full 2020-10-01 security patch level
  • full 2020-10-05 security patch level
  • rebased onto RP1A.201005.006 release
  • hardened_malloc: optimize and harden initialization sanity checks
  • work around upstream bug causing null pointer crashes from media notifications in secondary profiles
  • enable secondary user logout support by default (purges credential encrypted storage keys from memory)
  • add back screenshot action to global action list as an alternative to the key chord (power button + volume down) and screenshot button in the gesture navigation recent apps list
  • reject received unix timestamps before build unix time for https-based network time implementation
  • Clock: apply fixes for various upstream issues
  • Updater: harden PendingIntent usage
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.10.23.04


Changes since the 2020.10.06.02 release:
  • Vanadium: update Chromium base to 86.0.4240.75
  • Vanadium: update Chromium base to 86.0.4240.99
  • Vanadium: remove deprecated, unused storage permissions
  • replace standard WebView with Vanadium WebView again
  • Pixel 4, Pixel 4 XL: disable unsupported aware feature so that ambient display is available
  • SeedVault: switch to upstream development branch now that it supports Android 11
  • SELinux policy: port hardening from Android 10
  • hardened_malloc: log fatal errors (detected memory corruption bugs) to Android's log system
  • fix minor issues with Android 11 port of Wi-Fi and Bluetooth quick tile unlock requirement
  • kernel (Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a): apply Bluetooth fixes from the stable kernel branch including fixes for CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490
  • improve experimental support for the Pixel 4a including porting most device-specific changes implemented for other devices
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
Auditor 22 released

Full list of changes from the previous release (version 21). Notable changes:

  • add support for the new key attestation root via a new version of the Auditor protocol
  • add Pixel 4a support for both the stock OS and GrapheneOS


(It will be included in next GrapheneOS update)
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.11.03.03


Pixel 2 and Pixel 2 XL support will now be provided via separate extended support releases for obsolete devices. We'll be making the first one based on this official release in the near future. They can only reach the 2020-11-01 security patch this month due to the lack of a release with changes outside the scope of AOSP such as new GPU firmware.

Changes since the 2020.10.23.04 release:
  • full 2020-11-01 security patch level
  • full 2020-11-05 security patch level
  • rebased onto RP1A.201105.002 release
  • Vanadium: update Chromium base to 86.0.4240.110
  • Vanadium: update Chromium base to 86.0.4240.114
  • Vanadium: update Chromium base to 86.0.4240.185
  • Vanadium: enable prefetch privacy changes by default
  • Vanadium: enable reduced referrer granularity by default
  • Camera: request fine location instead of coarse location for the disabled-by-default geotagging feature
  • Camera: remove unused INTERNET permission
  • Clock: apply assorted fixes from upstream
  • add explicit detection of fastboot being missing to the factory images flash-all scripts
  • Gallery: apply upstream fix from NXP for null pointer dereference bug
  • Auditor: update to version 22
  • script: make generate_deltas ask for the password only once
  • enable screenshot action for 3 button nav too (the upstream release limited it to being enabled for 2 button navigation)
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.11.05.18

While waiting for this release to become available, you can manually add a battery optimization exemption for the Clock app via Settings ➔ Apps & notifications ➔ Special app access ➔ Battery optimization where you can select "All apps", scroll down to the Clock app and manually add an exemption. Should get this added upstream.

Changes since the 2020.11.03.03 release:
  • Clock: add battery optimization exemption required for the new target API level (this is missing in AOSP)
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
(not a update but a important info):
GrapheneOS has 6+ developers along with various contributors. You can see a partial list of the core developers at GrapheneOS I don't do the majority of the development work myself. I focus on mentoring, reviewing code, release engineering, infrastructure, etc.

Also please support GrapheneOS if possible as the scam CopperheadOS team attacks again. (see my profile for more info)
 
Last edited:
  • Applause
Reactions: oldschool

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
Secure PDF Viewer app version 6 released:

It's integrated in next GrapheneOS update
Remember the PDF viewer can be used in non GrapheneOS systems too. It's available in Google store.
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.11.25.22


Changes since the 2020.11.05.18 release:
  • PDF Viewer: update to version 6
  • NFC: backport compatibility fix for certain broken apps from AOSP master
  • Bluetooth: backport fix for Bluetooth capacity string
  • Vanadium: update Chromium base to 86.0.4240.198
  • Vanadium: update Chromium base to 87.0.4280.66
  • Vanadium: disable new high-level functionality for fetching variations
  • Vanadium: disable unused Omaha update check support
  • Vanadium: disable GaiaAuthFetcher code due to upstream bug
  • Vanadium: disable deprecated FTP support by default
  • Pixel 4 XL: correctly mark certain unsupported features as unavailable per the Pixel 4
  • Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a: use device-specific NFC configuration
  • add initial runtime flags handling for exec-based spawning to improve compatibility
  • Pixel 3, Pixel 3 XL, Pixel 4, Pixel 4 XL, Pixel 4a: disable chained vbmeta to simplify verified boot and improve attestation (Pixel 3a and Pixel 3a XL never used this)
  • Seedvault: update to latest revision
  • NetworkStack: remove change to connectivity check handling that's no longer required with Android 11
  • use GrapheneOS connectivity check server by default for connectivity checks in the OS (not yet for Vanadium)
  • Settings: add setting to toggle between GrapheneOS connectivity check server and the standard Android connectivity check URLs to continue supporting blending in with other Android devices without a VPN
  • Updater: remove unused READ_PHONE_STATE permission
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.11.27.15

Changes since the 2020.11.25.22 release:
  • Vanadium: disable autofill assistant by default (restores previous Vanadium behavior)
  • Vanadium: backport upstream fix for missing manifest changes (this fixes issues with opening URLs in external apps)
  • Vanadium: disable component updater pings by default
  • Settings: disallow configuring connectivity checks for users disallowed to configure Private DNS by the administrator (in theory, it could be a separate option, but we need to use one that's already part of the public API)
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.12.08.08

Changes since the 2020.11.27.15 release:
  • full 2020-12-01 security patch level
  • full 2020-12-05 security patch level
  • rebased onto RQ1A.201205.010 release
  • script: support any number of source versions for deltas
  • set read timeout for HTTPS network time connections
  • disable keepalive for HTTPS network time connections
  • always disconnect HTTPS time connections
  • remove unnecessary Accept-Charset header for HTTPS network time requests
  • Vanadium: ask permission to play protected media by default
  • Vanadium: disable autofill server communication by default
  • Vanadium: update Chromium base to 87.0.4280.86
  • Vanadium: update Chromium base to 87.0.4280.101
  • Settings: remove partial MAC randomization translations
  • Auditor: update to version 23
  • downstream fix for VPN lockdown being overridden when stopping users replaced by upstream fix
 

Maschera

Level 1
Mar 19, 2016
28
Do we have a chance to adapt it for Meizu 16TH? My device's bootloader is unlocked. If we have a chance to adapt it, we can work on it.
 
  • Like
Reactions: oldschool

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103

2020.12.12.03

Changes since the 2020.12.08.08 release:
  • Vanadium: disable WebView variations support
  • SetupWizard: update to latest upstream code
  • NetworkStack: switch to grapheneos.network for connectivity checks to improve compatibility with captive portals lacking support for the built-in login interface (HSTS preloading for grapheneos.org breaks the fallback browser login notification)
 

SecurityNightmares

Level 32
Verified
Jan 9, 2020
2,103
The new features page on the site has been expanded a lot: grapheneos.org/features. Redundant content has been removed from the main page. We'll likely make a section on past features to list out the many historical features that are no longer implemented as part of our changes.
A section on past features could be divided into those that are now upstream/obsolete and ones that are not yet ported to the current OS (with links to each issue). For now, the page only lists our current enhancements to AOSP 11 and doesn't go into much detail about most yet.
 
Top