#GrapheneOS version 2026010800 released.
• raise declared patch level to 2026-01-05 which has been provided since we moved to Android 16 QPR2 in December due to Pixels shipping CVE-2025-54957 in December
• re-enable the system keyboard at boot if it's disabled
• switch to the system keyboard when device boots to the Safe Mode
• add "Reboot to Safe Mode" power menu button in Before First Unlock state to make Safe Mode much more discoverable for working around app issues such as a broken third party keyboard
• add workaround for upstream UsageStatsDatabase OOM system_server crash
• add workaround for upstream WindowContext.finalize() system_server crash
• disable buggy upstream disable_frozen_process_wakelocks feature causing system_server crashes for some users
• Sandboxed Google Play compatibility layer: fix phenotype flags not working in Play services clients
• Sandboxed Google Play compatibility layer: add MEDIA_CONTENT_CONTROL as a requested permission for Android Auto as part of our toggles for it to avoid needing to grant the far more invasive notification access permission
• Sandboxed Google Play compatibility layer: extend opt-in Android Auto Bluetooth support to allow A2dpService.setConnectionPolicy() to fix Bluetooth functionality (previously worked around with a GmsCompatConfig update avoiding a crash)
• switch to new upstream PackageInstallerUI implementation added in Android 16 QPR2 and port our changes to it
• update SQLite to 3.50.6 LTS release
• add an extra layer of USB port protection on 10th gen Pixels based on upstream functionality to replace our USB gadget control which was causing compatibility issues with the Pixel 10 USB drivers
• allow SystemUI to access NFC service on 10th gen Pixels to fix the NFC quick tile • disable the upstream Android USB data protection feature since it conflicts with our more advanced approach and causes issues
• issue CHARGING_ONLY_IMMEDIATE port control command in more cases
• fix an issue in our infrastructure for spoofing permission self-checks breaking automatically reading SMS one-time codes for certain apps
• add workaround for upstream KeySetManagerService system_server crash causing a user to be stuck on an old OS version due to it causing a boot failure when booting a the new OS version after updating
• wipe DPM partition on 10th gen Pixels as part of installation as we do on earlier Pixels since it's always meant to be zeroed on production devices
• Settings: disable indexing of the unsupported "Parental controls" setting which is not currently available in AOSP
• Settings: disable redundant indexing of widgets on lockscreen contents which is already indexed another way
• skip all pseudo kernel crash reports caused by device reboot to avoid various false positive crash reports
• Vanadium: update to version 143.0.7499.192.0
All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2026010801 security preview release. List of additional fixed CVEs:
• High: CVE-2025-32348, CVE-2025-48561, CVE-2025-48615, CVE-2025-48630, CVE-2025-48641, CVE-2025-48642, CVE-2025-48644, CVE-2025-48645, CVE-2025-48646, CVE-2025-48649, CVE-2025-48652, CVE-2025-48653, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018, CVE-2026-0020, CVE-2026-0021, CVE-2026-0022, CVE-2026-0023, CVE-2026-0024, CVE-2026-0025
