#GrapheneOS GmsCompatLib version 100 released. - extend shim for background service starts to address edge cases where a foreground service is required - add shim implementation of GmsFontProvider to prevent crashes of apps depending on Play services when it's missing or disabled (restores support for using Pixel Camera without Play services) - fix NoOpPrewarmService chain crash in Pixel Camera caused by lack of privileged OS integration

GitHub

Release lib-100 · GrapheneOS/platform_packages_apps_GmsCompat

Changes in version 100: add shim implementation of GmsFontProvider to prevent crashes of apps depending on Play services when it's missing or disa...

#GrapheneOS version 2025102200 released. • adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111 • kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52 • System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1 • System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels • Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions • Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib • Vanadium: update to version 141.0.7390.111.0 • Vanadium: update to version 141.0.7390.122.0 • raise emulator super / dynamic partition size due to reaching the limit in some cases • adevtool: prefer prebuilt AOSP JDK 21 All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs: • Critical: CVE-2025-48593, CVE-2025-48631 • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634 2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

Releases | GrapheneOS

GmsCompat (sandboxed Google Play compatibility layer in GrapheneOS) will have it's library signed with a separate key to allow for out-of-band updates. Should allow faster delivery of app compatibility fixes without waiting on new releases of GrapheneOS for the most part.

FYI: "Lockdown" button does not put an Android device BFU. It is still AFU, attack surface still applies. It just forces the user to use the primary credentials the next time. In GrapheneOS, the button "End Session" or "Power Off" is what you want.

Here is my scheduled corpo posting of a collage of software, now Please Buy My Fucking Products View quoted note →

Privacy is a human right. View quoted note →

Let me post cheesy one-liners like a pro-privacy product company real quick

Please don't get #GrapheneOS from weirdos on TikTok. You have no idea what your money would end up going to. It would likely be less productive than us using it to fund developer salaries and new deals. Anyways, here is how one of them replied to us when we told them to stop making pages selling a product claiming to be GrapheneOS. (Shit. I got cyber bullied...)

Also glad many of the startup 'just build' 'accelerate' San Francisco bros aren't here. A very creepy group. I guess I come from a different culture. View quoted note →

Twitter for you feed is so awful. Even after following accounts the recommendations stink.

Since he is attacking us again, did you know that Rob Braxman's 'private' and 'encrypted' chat service is backdoored with fake end to end encryption? It's been like this for years. Make two accounts, and create an 'encrypted' chat with a room password to your other account. Make it anything you want. Then, on the browser of the user who did not create the room, go to your chat page then open the browser dev tools, go to the Network tab. Open the encrypted chat, then find "chatkey.php" in the resources section of the browser. You can then go to "Payload". The password of the room is sent to you by the server in plain text.

What I can say for now: - #GrapheneOS has partnered with a major Android OEM. One of the top ten. - We aim to have a device by H2 2026, but potentially 2027. - We have early source access for patches and, soon, major releases through our partner. - We are aiming to get their next generation flagship devices able to support installing GrapheneOS. - The device will have the flagship Snapdragon 8 Elite 2 (SM8850) SoC. - We will continue to support Pixels if they continue to release with support. We will also aim to have Pixel 10 support once Android 16 QPR1 sources are available. View quoted note →

Cool View quoted note →

Just saying... #GrapheneOS 2025100300: - add support for force enabling VoLTE, VoNR and 5G for carriers where those aren't supported with the standard configurations

Releases | GrapheneOS

View quoted note →

#GrapheneOS version 2025100900 released: RCS compatibility fixes, kernel updates and opt-in dialog for security preview updates in this new version. The first January 2026 ASB security patches are also now available in the 2025100901 security preview. One of the changes in this release should result in Google Messages RCS working for users receiving a verification error caused by Play Store checking for an emulator with an easy to bypass check. It was already working for many users without this but this should get it working for everyone else. • raise security patch level to 2025-10-05 since it's already provided without applying any additional patches • System Updater, Setup Wizard: integrate support for recommending opting into security preview releases during the initial Owner user setup and for existing users via a persistent notification which is disabled after making an explicit choice on whether to use security preview releases (this is necessary to inform all users about the option with an explicit choice) • Settings: add support for forcing VoWiFi availability • Settings: improve the carrier configuration override by improving the summaries, adding detailed descriptions and using clarifying the options force features to be available since there are also toggles for directly enabling/disabling the features in the main SIM settings screen • Sandboxed Google Play compatibility layer: fix a Google Messages RCS compatibility issue by removing the error string for the missing privileged permission from SurfaceFlinger::doDump() to make a DroidGuard check pass • Sandboxed Google Play compatibility layer: make Play Store ignore app auto-install config • Sandboxed Google Play compatibility layer: fix Build.getSerial() shim to fix an Android Auto issue • Sandboxed Google Play compatibility layer: add stub for TelephonyManager.getImei() • Sandboxed Google Play compatibility layer: add stub for Window.setHideOverlayWindows() to replace reliance on a feature flag override via GmsCompatConfig • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.155 • update test suite to handle our carrier overrides support • Vanadium: update to version 141.0.7390.70.0 • Camera: update to version 90 All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025100901 security preview release. List of additional fixed CVEs: • Critical: CVE-2025-48593 • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48544, CVE-2025-48555, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48581, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48607, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629 CVE-2025-48595 was fixed in the regular GrapheneOS 2025100300 release and is no longer listed.CVE-2025-48611 patch was retracted.2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

Releases | GrapheneOS

See more about information on how OEMs like Samsung provide patches and our early patching through security preview releases. View quoted note →

Next #GrapheneOS security preview will contain the security patch scheduled for the January 2026 Android Security Bulletin. This adds patches to 5 High severity vulnerabilities. This increases the amount of early patched Critical/High vulnerabilities to 58. One vulnerability was fixed in the previous regular GrapheneOS release. One other was retracted. These are not in the count.

Redox OS was ported to a Pixel. Currently, only the screen works.

This Month in Redox - September 2025 - Redox - Your Next(Gen) OS

The Redox official website

I am never calling EnCase 'OpenText Forensic', don't be silly

Our security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure. Our current security preview releases provide the current revision of the November 2025 and December 2025 patches for the Android Open Source Project. We recommend enabling this. The only difference between our regular releases and security preview releases are the future Android Security Bulletin patches being applied with any conflicts resolved. The downside of security preview releases is we cannot provide the sources for the patches until the official disclosure date. The delay for being able to publish the sources is why we're now going through the significant effort of building 2 variants of each release. Our most recent 3 releases have both a regular and security preview variant: 2025092500 and 2025092501 2025092700 and 2025092701 2025100300 and 2025100301 You can enable security preview releases via Settings > System > System update > Receive security preview releases. Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We'll prompt users on existing installs to choose. We're maintaining the upcoming Android security patches in a private repository where we've resolved the conflicts. Each of our security preview releases is tagged in this private repository. Our plan is to publish what we used once the embargo ends, so it will still be open source, but delayed. The new security update Android is using provides around 3 months of early access to OEMs with permission to make binary-only releases from the beginning. As far as we know, #GrapheneOS is the first to take advantage of this and ship the patches early. Even the stock Pixel OS isn't doing this yet. During the initial month, many patches are added or changed. By around the end of the month, the patches are finalized with nothing else being added or changed. Our 2025092500 release was made on the day the December 2025 patches were finalized, but we plan to ship the March 2026 patches earlier. Previously, Android had monthly security patches with a 1 month embargo not permitting early releases. For GrapheneOS users enabling security preview releases, you'll get patches significantly earlier than before. We'd greatly prefer 3 day embargoes over 3 month embargoes but it's not our decision. Security preview releases currently increment the build date and build number of the regular release by 1. You can upgrade from 2025100300 to 2025100301 but not vice versa. For now, you can switch back to regular releases without reinstalling such as 2025092701 to 2025100300, but this may change.