Final

It isn't a usual happening when an alleged career criminal cries about how he was charged with premeditated murder on social media in your comments while, incorrectly and without a smidge of evidence, blaming us for it. Back to your scheduled #GrapheneOS WINNING. Keep your eyes open for GrapheneOS based on Android 16 QPR2. nostr:nevent1qqsq3hl39vut9wrh4mcy8xa036l4e8qq9fj8wh3q7ffkvxl3e8936agpzemhxue69uhhyetvv9ujuerfw36x7tnsw43z7q3q235tem4hfn34edqh8hxfja9amty73998f0eagnuu4zm423s9e8ksxpqqqqqqzzerw8n

GrapheneOS news boring tiday, here is an OpSec of the year 2025 late contender. This is an update of that guy who falsely claimed GrapheneOS was compromised by law enforcement. He posted a document showing a warrant for **premeditated murder** and claimed we were to blame despite zero evidence of a device being exploited or even data of ANY device being accessed. https://x.com/GrapheneOS/status/1997126386968903972?s=20 The content they post across social media regularly implicates themselves in crimes they supposedly commit. They're now claiming that despite previously claiming GrapheneOS is insecure, they were using it and blame it for supposedly being charged with premeditated murder. The whole thing appears to be a very badly run smear operation targeting GrapheneOS. They're trying to portray GrapheneOS as heavily used by criminals while also portraying it as insecure. Despite claiming it's insecure, they supposedly keep using it and getting caught due to it. In their new story, they claim to have fled Belgium due to premeditated murder charges. They blame GrapheneOS as they claim the only way they could have been caught is Threema messages on the device. They claim the duress PIN feature many people have tested didn't trigger. They've been making claims about GrapheneOS supposedly being compromised or insecure for a while. It's quite strange for them to now come out with the claim that they were relying on it to store incriminating messages for plotting a murder. Incredibly strange thing to admit on X. If all of what they're saying is taken at face value, then they appear to be a career criminal who scams for people for a living and has gotten themselves into something darker. They have atrocious legal representation. If what they've said is true, they should go back to Belgium and turn themselves in. They've made it pretty clear they have incriminating evidence on their phone they tried to wipe but misremembered the duress PIN. They ASSUME their phone was exploited to get it with no proof. They claim to have an active investigation into themselves for murder. They claim to have tried to destroy incriminating evidence and fled the country. If it's real, their opsec approach is extraordinary. We think it's someone investing many months into smearing us this way.

Bear in mind there are a few major tasks: Priority will be made to work on completing porting to Android 16 QPR2 and then further work on the Pixel 10 to get it out of experimental. Major version upgrade is the most important. nostr:nevent1qqszdjcaq8935whpamcjcwneku777ysqc9w85q7j9s0l33vmatwgvmgpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgsrqsqqqqqpr8n3av

#GrapheneOS version 2025120400 released. - full 2025-12-01 security patch level (has already been fully provided by our security preview releases for at least a month and most of the patches since September) - add experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold (there were 2 standalone experimental releases prior to this via 2025112500 and 2025113000 along with corresponding security preview releases for each) - Cell Broadcast Receiver: switch back to our modified text for the presidential alerts toggle - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.158 - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.116 - kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.60 - Auditor: update to version 90 - Vanadium: update to version 143.0.7499.34.2 - GmsCompatConfig: update to version 165 All of the Android 16 security patches from the current January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025120401 security preview release. List of additional fixed CVEs: - Critical: CVE-2025-48631, CVE-2026-0006 - High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008 https://GrapheneOS.org/releases#2025120400

I must be the greatest Windows user to have ever lived because every single major breaking bug that shows up on tech news every week has never happened to me. I have never seen it, never heard of it. Keep in mind I use Windows pretty often on corp PCs...

final.st https://codeberg.org/f1nal/final.st

Android 16 QPR2 is out upstream and is pushed to AOSP. Work will be made to port once all the remaining sources have been pushed. This will take time to fully port as we had just previously ported QPR1, another major version, which was delayed in release.

Web hosting / low spec VPS providers that accept Lightning... Go Bonus points for domain registrar. Time to put some value back on some sats.

The December Android Security Bulletin is out, showing the security patches released for December. See the following: >Note: There are indications that the following may be under limited, targeted exploitation: CVE-2025-48633, CVE-2025-48572 We had these vulnerabilities patched already in the security preview channel of #GrapheneOS. 48633 was patched in 2025102301 and 48572 was patched in 2025092501 (**ALMOST 4 MONTHS AGO**) despite them being confirmed as exploited in the wild. Whatever threat actor was exploiting it was able to do so without much pushback for months even after being revealed. Samsung provided patches for 48572 early in October, but this is not every device or Android distribution. https://source.android.com/docs/security/bulletin/2025-12-01

I think you already know who won't be doing that. #GrapheneOS nostr:nevent1qqszw3ulcfv2t9rufa202aeh99drhwxg9ppq9mjahr3qvq3zdnzehpspz9mhxue69uhkummnw3ezuamfdejj7q3qcf3zeytdnwgwzz5pk2ax0vvmmlzad03xcft4d50ejrfhsh8pxcdsxpqqqqqqzr24fca

The document was uploaded by a random user on the GrapheneOS Reddit (and other pages on the forum) where the OP admitted the device was UNLOCKED when it was taken. There was no exploitation because the device was unlocked. There is also no way to prove this document is legitimate on our end due to classifications (if it is, why post it? it would have a limited distribution... Easy to identify a source). The alleged offence in the first page was also completely unrelated to anything to do with black hat cyber crime offences. Randoms on Dread forums have about as much credibility as the random Reddit user. nostr:nevent1qqsvvxmasch6j6ptlhsvay5fvmetpntc3l2430lyg96mjm89fcg5jzqpzemhxue69uhhyetvv9ujuerfw36x7tnsw43z7q3qxcpw8fqmxj2xmqwqql70ttsd4t39n9a5up93ql5zu44qjrqdnwqsxpqqqqqqznepaen

We now have experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold. Our initial 2025112500 release for these is available through our web installer or releases page on our staging site. Download and test #GrapheneOS for your Pixel 10 at: https://staging.grapheneos.org/install/web https://staging.grapheneos.org/releases#devices

We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now. Our App Store verifies the app store metadata with a cryptographic signature and downgrade protection along with verification of the packages. Android's package manager also has another layer of signature verification and downgrade protection. Our System Updater verifies updates with a cryptographic signature and downgrade protection along with another layer of both in update_engine and a third layer of both via verified boot. Signing channel release channel names is planned too. Our update mirrors are currently hosted on sponsored servers from ReliableSite (Los Angeles, Miami) and Tempest (London). London is a temporary location due to an emergency move from a provider which left the dedicated server business and will move. More sponsored update mirrors are coming. Our ns1 anycast network is on Vultr and our ns2 anycast network is on BuyVM since both support BGP for announcing our own IP space. We're moving our main website/network servers used for default OS connections to a mix of Vultr+BuyVM locations. We have 5 servers in Canada with OVH with more than static content and basic network services: email, Matrix, discussion forum, Mastodon and attestation. Our plan is to move these to Netcup root servers or a similar provider short term and then colocated servers in Toronto long term. France isn't a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed. We don't feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries. We were likely going to be able to release #GrapheneOS for experimental Pixel 10 support very soon and it's getting disrupted because of this. The attacks on our team continue to escalate. It is rough right now and your support is appreciated. Let's release soon. nostr:nevent1qqsxn3a4cg7fw8cs34nxvfwupryr3pgww2wrt4dfjeh4dxdt4w9wsqqpzpmhxue69uhkummnw3ezumt0d5hsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqsfvas3s

Info thread: #GrapheneOS is being heavily targeted by the French state because we provide highly secure devices and won't include backdoors for law enforcement access to our software. They're conflating us with companies selling closed source products using portions of our code. Considering it is easy to search GrapheneOS online and read our documentation, you can only assume this is intentional. Both French state media and corporate media are publishing many stories attacking the GrapheneOS project based on false and unsubstantiated claims from French law enforcement. This has even escalated to broadcast media. They've made a clear threat to seize our servers and arrest our developers if we do not cooperate by adding backdoors. Due to this, we're leaving French service providers and will leave / never operate in France. In these attack pieces, they describe GrapheneOS with features not present in our software and showing sites and guides not in our control nor authored by us. We need substantial help from the community to push back against this across platforms. People malicious towards us are also using it as an opportunity to spread libel/harassment content targeting our team, raid our chat rooms and much more. /e/ and iodéOS are both based in France, and are both actively attacking GrapheneOS. /e/ receives substantial government funding. Both are extremely non-private and insecure which is why France is targeting us while those get government funding. We need a lot more help than usual and we're sending out a notification for situational awareness. If people help us, it will enable us to focus more on development again including releasing experimental Pixel 10 releases very soon. Spread the word about this current situation. Initial thread: https://grapheneos.social/@GrapheneOS/115575997104456188 Follow-up: https://grapheneos.social/@GrapheneOS/115583866253016416 Thread about the FBI and European law enforcement selling devices to criminals using GrapheneOS code: https://grapheneos.social/@GrapheneOS/115589833471347871 Thread about how ANSSI (French national cybersecurity agency) contributed to GrapheneOS: https://grapheneos.social/@GrapheneOS/115594002434998739

More people should have the new updates with the UI refresh now. nostr:nevent1qqswxgq7wysnk2m2eh9fz4x0s5kgatd29r3yju87qdkkze6ttw9m6ccpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgsrqsqqqqqpt3nqup

No bro you don't get it you just gotta do this key combination and type this random shit in

#GrapheneOS version 2025112100 released. • fix regression from our Android 16 QPR1 port causing enabling the Network permission to not work without a reboot • adevtool: fix SELinux policy handling issue causing fingerprint registration issues on the devices with power button fingerprint readers (Pixel Tablet, Pixel Fold, Pixel 9 Pro Fold) with Android QPR1 • fix port of our notification forwarding between user profiles feature to Android 16 QPR1 • enable new UI customization picker UI from Android 16 QPR1 • Wallpaper Picker: don't use the CuratedPhotos categories which aren't setup in AOSP • Wallpaper Picker: hide the always-empty wallpaper carousel • Wallpaper Picker: enable integration of the embedded photo picker • System Updater, Sandboxed Google Play compatibility layer: switch to Material 3 Expressive theme for Settings app menus • Cell Broadcast Receiver: fix presidential alerts toggle added by GrapheneOS not being enabled without the main emergency alerts toggle being toggled off and on • Vanadium: update to version 142.0.7444.171.0 All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025112101 security preview release. List of additional fixed CVEs: • Critical: CVE-2025-48631, CVE-2026-0006 • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008 2025112101 provides at least the full 2025-12-01 Android and Pixel security patch level but will remain marked as providing 2025-11-05. https://GrapheneOS.org/releases#2025112100

Interview of French federal prosecutor saying that not providing them with backdoors is unacceptable and they'll go after us with charges if we don't cooperate with them: archive.is/UrlvK There's a very direct threat towards us in that article. They've made it clear they do not consider it acceptable for there to be devices they cannot break into. In that interview, there's a clear statement they'll go after us as they did others if we don't "cooperate" with them. The demands they have from us are unspecified but we're not going to wait around to find out what they expect from us. #GrapheneOS will exit remaining global infrastructure in France and OVH as soon as possible. We do not feel safe operating in a country with federal law enforcement agencies lying about us and threatening us. France's government is a strong supporter of backdoors for secure messaging apps including heavily supporting Chat Control. They appear to have the same position on secure devices. Their previous law enforcement action against both was done based on claims of ties to criminals. In some of the cases, it was clear the companies were tied to criminals. One of those companies was an FBI sting operation from early on which was advertising itself as being based on GrapheneOS. Maybe some of the ones they're conflating with us are also sting operations too. They're conflating shady companies selling products they say are based on GrapheneOS with us. ANOM was a sting operation by the FBI paying criminals to sell phones to criminals while advertising it as being based on GrapheneOS. Since when is the FBI facilitating crimes in France our fault?

Have you been noticing? It happens: When we succeed despite shortcomings, When we just released a major update, When we are working on more devices, When we get patches early, When new leaks confirm we protect users, When we are the first, or the only, to do it, and much more... Tyrants are threatened when you defend yourself against their invasive control and oppression. Keep paying attention. nostr:nevent1qqs0hrfthwzc3dr8gjws66vz7dtz3x6rk80fwg3hh0nmhnsg5u283vspr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgsrqsqqqqqph7kcye