#GrapheneOS version 2025112100 released. • fix regression from our Android 16 QPR1 port causing enabling the Network permission to not work without a reboot • adevtool: fix SELinux policy handling issue causing fingerprint registration issues on the devices with power button fingerprint readers (Pixel Tablet, Pixel Fold, Pixel 9 Pro Fold) with Android QPR1 • fix port of our notification forwarding between user profiles feature to Android 16 QPR1 • enable new UI customization picker UI from Android 16 QPR1 • Wallpaper Picker: don't use the CuratedPhotos categories which aren't setup in AOSP • Wallpaper Picker: hide the always-empty wallpaper carousel • Wallpaper Picker: enable integration of the embedded photo picker • System Updater, Sandboxed Google Play compatibility layer: switch to Material 3 Expressive theme for Settings app menus • Cell Broadcast Receiver: fix presidential alerts toggle added by GrapheneOS not being enabled without the main emergency alerts toggle being toggled off and on • Vanadium: update to version 142.0.7444.171.0 All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025112101 security preview release. List of additional fixed CVEs: • Critical: CVE-2025-48631, CVE-2026-0006 • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008 2025112101 provides at least the full 2025-12-01 Android and Pixel security patch level but will remain marked as providing 2025-11-05.

Releases | GrapheneOS

Interview of French federal prosecutor saying that not providing them with backdoors is unacceptable and they'll go after us with charges if we don't cooperate with them: archive.is/UrlvK There's a very direct threat towards us in that article. They've made it clear they do not consider it acceptable for there to be devices they cannot break into. In that interview, there's a clear statement they'll go after us as they did others if we don't "cooperate" with them. The demands they have from us are unspecified but we're not going to wait around to find out what they expect from us. #GrapheneOS will exit remaining global infrastructure in France and OVH as soon as possible. We do not feel safe operating in a country with federal law enforcement agencies lying about us and threatening us. France's government is a strong supporter of backdoors for secure messaging apps including heavily supporting Chat Control. They appear to have the same position on secure devices. Their previous law enforcement action against both was done based on claims of ties to criminals. In some of the cases, it was clear the companies were tied to criminals. One of those companies was an FBI sting operation from early on which was advertising itself as being based on GrapheneOS. Maybe some of the ones they're conflating with us are also sting operations too. They're conflating shady companies selling products they say are based on GrapheneOS with us. ANOM was a sting operation by the FBI paying criminals to sell phones to criminals while advertising it as being based on GrapheneOS. Since when is the FBI facilitating crimes in France our fault?

Have you been noticing? It happens: When we succeed despite shortcomings, When we just released a major update, When we are working on more devices, When we get patches early, When new leaks confirm we protect users, When we are the first, or the only, to do it, and much more... Tyrants are threatened when you defend yourself against their invasive control and oppression. Keep paying attention. View quoted note →

Here's another French journalist participating in fearmongering about GrapheneOS. That article is not measured. It provided a platform to make both unsubstantiated and provably false claims about GrapheneOS while providing no opportunity to see and respond to those claims.

Bluesky Social

Gabriel Thierry (@gabrielthierry.bsky.social)

Un point qui devrait alerter. Je trouve l'article du @leparisien.fr mesuré: il signale les craintes policières d'une dérive vers un usage crimin...

The claims the article platforms are conflating closed source products from European companies infringing on our copyright and trademarks with GrapheneOS. GrapheneOS doesn't have the features they claim it does, isn't distributed in the ways they claim and they don't understand open source software. GrapheneOS is obtained from

Web installer | Install | GrapheneOS

and https://grapheneos.org/releases. There are a bunch of legitimate companies in Europe selling devices with real GrapheneOS including NitroKey. We aren't partnered with those companies and don't get funding from it but there's nothing shady about it. Products using operating systems partially based on our code are not GrapheneOS. There's no such thing as a fake Snapchat app wiping the device in GrapheneOS. It has no remote management or remote wiping built into it. It does not have a subscription fee / licensing system built into it either. Vast majority of the code for those products comes from elsewhere: Android Open Source Project, Linux kernel, Chromium, LLVM and other projects. Of course the non-profit open source project writing a small portion of the code being used by those companies being targeted rather than IBM, Google, etc. Both Android and iOS try to defend users from the same attack vectors we do. We developed far better protections against exploits which we release as open source code. Open source means anyone can freely use it for any purpose, exactly like the Android Open Source Project used by GrapheneOS itself. Open source is why we can build GrapheneOS based on the Android Open Source Project. It doesn't make Linus Torvalds, IBM, Google, etc. responsible for what we do. Similarly, others can make their own software based on GrapheneOS. A fork of GrapheneOS contains a small portion of code written by us. France supposedly has a right to reply which we intend to exercise to respond at length to these articles containing libel from the French state. We're going to be ending the small amount of operations we have in France as we don't feel the country is safe for open source privacy projects anymore. GrapheneOS doesn't host services storing sensitive user data. We have signature verification and downgrade protection for updates to the OS, apps and app store metadata. We're going move our website and discussion server away from OVH. Our update mirrors and authoritative DNS are already elsewhere. Our discussion forum, Matrix, Mastodon, etc. in OVH Bearharnois can be moved to local or colocated servers in Toronto instead. We can use Netcup (owned by Anexia, both German) as one of the main providers for website/network service instances. The majority of our servers are already not on OVH. We won't travel to France including avoiding conferences and will avoid having people working in the country too. A simple heuristic for the EU is avoiding countries supporting Chat Control. We genuinely believe we cannot safely operate in France anymore as an open source project privacy project. Our pinned post on this platform shows a great example of why they're actually upset with us:

X (formerly Twitter)

GrapheneOS (@GrapheneOS) on X

In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protection. Fastboot mode now z...

It almost makes us willing to contribute to AOSP again to try to wipe out their ability to exploit a subset of unon-GrapheneOS Android devices too. Google is welcome to reach out.

If you see me fucking around at a conference soon, no you didn't 🫡

If I wasn't GrapheneOS maxi before then I am now. Fucking love these guys.

We ported the Android 16 security preview patches to 16 QPR1. 2025111801 is our first 16 QPR1 with December 2025, January 2026, February 2026 and March 2026 ASB patches:

Releases | GrapheneOS

We'll fix a few more QPR1 regressions and then it should be able to reach Stable. View quoted note →

We at #GrapheneOS were contacted by a journalist at Le Parisien newspaper with this prompt: > I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue? Absolutely no further details were provided about what was being claimed, who was making it or the basis for those being made about it. We could only provide a very generic response to this. Our response was heavily cut down and the references to human rights organizations, large tech companies and others using GrapheneOS weren't included. Our response was in English was translated by them: "we have no clients or customers" was turned into "nous n’avons ni clients ni usagers", etc... GrapheneOS is a freely available open source privacy project. It's obtained from our website, not shady dealers in dark alleys and the "dark web". It doesn't have a marketing budget and we certainly aren't promoting it through unlisted YouTube channels and the other nonsense that's being claimed. GrapheneOS has no such thing as the fake Snapchat feature that's described. What they're describing appears to be forks of GrapheneOS by shady companies infringing on our trademark. Those products may not even be truly based on GrapheneOS, similar to how ANOM used parts of it to pass it off as such. France is an increasingly authoritarian country on the brink of it getting far worse. They're already very strong supporters of EU Chat Control. Their fascist law enforcement is clearly ahead of the game pushing outrageous false claims about open source privacy projects. None of it is substantiated. iodéOS and /e/OS are based in France. iodéOS and /e/OS make devices dramatically more vulnerable while misleading users about privacy and security. These fake privacy products serve the interest of authoritarians rather than protecting people. /e/OS receives millions of euros in government funding. Those lag many months to years behind on providing standard Android privacy and security patches. They heavily encourage users to use devices without working disk encryption and important security protections. Their users have their data up for grabs by apps, services and governments who want it. There's a reason they're going after a legitimate privacy and security project developed outside of their jurisdiction rather than 2 companies based in France within their reach profiting from selling 'privacy' products.

GrapheneOS Discussion Forum

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

Here's that article: https://archive.is/AhMsj

I will play around with the improved Desktop Mode (still a developer option, more complete but not entirely) when I have the time tomorrow. I'll get some footage too.

What's next in the coming weeks? -> Finish some regressions with A16 QPR1 porting of GrapheneOS. Next release will fix notification forwarding for user profiles among some other stuff. -> Release a security preview variant of our new builds once they are Stable. -> Port to Pixel 10. -> Prepare for Android 16 QPR2 which is uncomfortably close.

Welcome to Material 3 Expressive on GrapheneOS.

#GrapheneOS VERSION 2025111800 BASED ON ANDROID 16 QPR1 RELEASED! Following our experimental releases, this is our first non-experimental release based on Android 16 QPR1, the first quarterly release of Android 16. Android 16 QPR1 was pushed to the Android Open Source Project on November 11 rather than September 3 as expected. This is a very large quarterly release with more prominent user-facing improvements than Android 16 provided compared to Android 15 QPR2. • rebased onto BP3A.250905.014 Android Open Source Project release (Android 16 QPR1) • Terminal (virtual machine management app): re-enable GUI support now that the surfaceflinger crashes are resolved upstream by Android 16 QPR1 • adevtool: massive overhaul entirely replacing the small remnants of the Pixel device trees to fix several regressions introduced since Android 16 such as charging mode booting into the regular OS and to prepare for adding 10th gen Pixel devices via automated device support without any need for device trees to use as a reference • kernel (6.12): update to latest GKI LTS branch revision • raise declared patch level to 2025-11-05 which has already been provided in GrapheneOS since our regular 2025090200 release (not a security preview) since the patches were included in the September security preview and were then pushed to AOSP despite not being listed in the bulletin along with there being no Pixel Update Bulletin patches for November 2025 • Vanadium: update to version 142.0.7444.158.0

Releases | GrapheneOS

We've resolved all the major regressions reported during testing of our experimental 2025111700 release based on Android 16 QPR1. Our upcoming 2025111800 release will likely be our initial production release based on Android 16 QPR1. It should reach our Alpha and Beta channels. View quoted note →

Releases of #GrapheneOS based on Android 16 QPR1 are available for public testing. These are highly experimental and aren't being pushed out via the Alpha channel yet. Join our testing chat room if you have a spare device you can use to help with testing.

Contact | GrapheneOS

I understand the hype is real but please do not download our testing builds from our servers. They're internal testing builds for a reason and one of the builds had broken updating and Wi-Fi. If you brick then it is not our fault! Updates will be announced officially when public ready.

The Pixel 10 porting effort is a second task and won't be going through until after this is done. View quoted note →

Our port of #GrapheneOS to Android 16 QPR1 which was to AOSP on November 11 is currently being tested internally. Several important regressions have been discovered and we're working on resolving those before we release it for public testing. A few minor features also still need to be ported.

Check out our interview with #GrapheneOS project member @MetropleX [GrapheneOS] ⚡🟣 and David Bombal

Sounds familiar... (2x) #GrapheneOS View quoted note →

Sounds familiar... #GrapheneOS View quoted note →