Final's avatar
Final
final@stacker.news
npub1hxx7...g75y
Digital forensics and security specialist part of the GrapheneOS project. Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored. Matrix: f1nal:grapheneos.org
Final's avatar
Final 7 months ago
Bluesky Social
ICEBlock Official (@iceblock.app)
Sorry, there will not be an Android version because there is no way to provide 100% anonymity. Each person's device ID would have to be stored and ...
 Apple stores which devices/users install which apps. They have the device IDs. US government could obtain a list of people who installed the app if a court authorized it. Not clear what they mean by having to storing device IDs. Those IDs aren't accessible to Android apps. ANDROID_ID is a per-app-per-profile random ID. Not clear why they would need it. Android has privacy-preserving hardware-based attestation if they're talking about making it harder to spoof a location. Can't prevent either iOS or Android users making false reports via attestation APIs regardless.
Bluesky Social
ICEBlock Official (@iceblock.app)
Posting "why isn't this on Android", is not helpful. User anonymity is far more important than supporting multiple platforms. 54% of the country us...
 Making posts with inaccurate technical claims about Android doesn't inspire confidence. It's a closed source app with a closed source service fully under their control. Why is that the approach if their goal is helping people rather than monetizing interest in it?
Bluesky Social
ICEBlock Official (@iceblock.app)
While you can write something like this for Android, it will never be ๐Ÿ’ฏ anonymous because to send notifications to an Android device you need to...
 Apple records which apps people install and requires an account to use their app store. Apple Push Notification Service (APNs) has comparable privacy to Firebase Cloud Messaging (FCM). However, iOS apps must use APNs for push while Android apps do not have to use FCM. Android apps can implement their own push service or allow the user to choose a service via the UnifiedPush framework. Play Store has a policy of requiring FCM for most use cases for battery reasons but there are exceptions. Unlike iOS, Android allows installing apps from other app stores / sources. ICEBlock app is very clearly misleading people about privacy and their safety. Apple has a list of which accounts/devices have installed the app. They will provide it to the US government if they receive a court order. FCM is also not less private than APNS and FCM doesn't work the way they claim. iPhones have good overall privacy and security but Apple does collect telemetry, forces people to have accounts and knows which apps each user/device has installed. They do not have magical privacy and security properties. An app like this claiming iOS gives them 100% anonymity is very strange. iOS has significantly worse support for VPNs than Android and requires using Apple services. Android exists without Google services and people can install apps from elsewhere. The mandatory or effectively mandatory services on Google Mobile Services devices and iOS have comparable privacy.
Final's avatar
Final 7 months ago
#GrapheneOS Android 16 builds are now available in the Alpha channel. We did it.
Final's avatar
Final 7 months ago
#GrapheneOS version 2025070100 released. More bug fixes since the first Android 16 release for testing users. - Exynos 5400 modem Pixels (Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold): temporarily disable hardened_malloc and hardware memory tagging for shared_modem_platform executable due to an upstream write-after-free bug - Launcher: fix upstream bug causing a crash for the interface to add lockscreen widgets (currently a tablet only feature until Android 16 QPR1) - Vanadium: update to version 138.0.7204.63.0 - add debug build functionality for toggling off hardened_malloc usage for vendor processes to make narrowing down issues quicker
Releases | GrapheneOS
Final's avatar
Final 7 months ago
#GrapheneOS version 2025063000 released. This is the initial official release of GrapheneOS based on Android 16 after the June 10th release of Android 16. Device support for Pixels was removed from the Android Open Source Project for Android 16 and had to be reimplemented which is why it took so much longer than usual. Please join our testing chat room if you're interesting in testing this experimental release. We'll be making a series of releases this week to fix several known issues and other issues. - full Android 16 port (we previously shipped some parts of Android 16 backported to Android 15 QPR2 to provide the 2025-06-05 and then 2025-07-01 Pixel patch level) - migrate to using adevtool to handle a much larger portion of device support since the Android Open Source Project no longer includes device support for Pixels - adevtool: add new arcslib infrastructure for extracting resource overlays from the stock Pixel OS - adevtool: use fixed build number and build date for state regeneration to reduce diffs - don't disable external ports at boot on debug builds for internal development for debugging early boot failures
Final's avatar
Final 7 months ago
Our initial highly experimental release based on Android 16 has been published for all sixteen of the supported devices (Pixel 6 through Pixel 9a). It should only be installed on a spare device you don't depend on. It won't brick devices but there will be broken functionality. If you have a spare device and want to help test, join our testing chat room. It can be installed either by updating an existing #GrapheneOS installation or doing a CLI install. We'll make the staging site web installer use it a bit later. Don't put it on your daily driver yet. We've received enough feedback for the initial experimental release. There were recent regressions in the port due to SELinux policy changes which resulted in the testing being less useful than expected due to major issues with third party apps which weren't present previously. We've implemented a workaround for this issue and are also addressing lockscreen UI issues caused by porting our 2-factor fingerprint authentication feature to Android 16. We'll also try to get fixes for various issues related to device-specific configuration being missing too. Our aim is to have another much more robust and functional experimental Android 16 release in around 8 hours. SELinux policy issue breaking third party app compatibility was unexpected. It only occurred on production builds, not debug builds, so we missed it in earlier testing. We've found a proper solution rather than a workaround for the SELinux issue. It was caused by an upstream Android 16 change incompatible with how we provided compatibility with several apps banning GrapheneOS including Revolut. We've also included our new overlay automation.
Final's avatar
Final 7 months ago
#GrapheneOS version 2025062700 released. - raise security patch level to 2025-07-01 since it's already provided without applying any additional patches - kernel (6.1): update to latest GKI LTS branch revision - Pixel 6, Pixel 6 Pro, Pixel 6a: remove AOSP configuration marking android.hardware.location.network as unavailable since it has meant to be declared available since our 2023062300 release adding emulated network location and we also have our own opt-in network location implementation since our 2025022700 release - Vanadium: update to version 138.0.7204.35.0 - Vanadium: update to version 138.0.7204.45.0 - Vanadium: update to version 138.0.7204.45.1 - Vanadium: update to version 138.0.7204.4
Releases | GrapheneOS
Final's avatar
Final 7 months ago
We need help testing our experimental Android 16 support. If you have a spare 6th, 7th, 8th or 9th generation Pixel, you can help us test early builds for Android 16 soon. You can join our testing chat room via Matrix or our bridged platforms if you want to help.
Contact | GrapheneOS
Final's avatar
Final 7 months ago
#GrapheneOS version 2025061900 released. - full 2025-06-05 Pixel security patch level based on Android 16 backports (full Android 2025-06-05 patch level was provided in an earlier release) - Pixels: backport Android 16 Wi-Fi firmware, Bluetooth firmware and TPU firmware - Pixels: backport Android 16 Samsung Radio Interface Layer (RIL) code - Sandboxed Google Play compatibility layer: fix rare system_server crash reported with Android Auto by adding check for a null calling package - Vanadium: update to version 137.0.7151.115.0
Releases | GrapheneOS
Final's avatar
Final 7 months ago
We previously shipped our builds of Android 16 kernel drivers along with the new Pixel SoC firmware and cellular radio firmware. Today, we'll be making a release with the new Wi-Fi/Bluetooth firmware, TPU firmware and RIL code. This will provide the Pixel 2025-06-05 patch level. We want to backport a few more things such as the userspace Mali driver library to make sure we have all the important patches. Our initial Android 16 port was finished days ago and we've made a lot of progress towards replacing the device support which was dropped from AOSP 16. Pixel patch levels include more than the baseline Android patch levels and we intend to include all of that before claiming to have the latest patch level. It's not supposed to only mean the Android Security Bulletin patches but rather ASB + a bulletin from the device vendor. #GrapheneOS
โ†‘