GrapheneOS [Unofficial]

Android 14 introduced issues causing app crashes within secondary users as part of a series of changes fixing data leaks between user profiles. GrapheneOS users make heavier use of secondary users and are running into this more often. The most common issue can be worked around.

If you're experiencing crashes with sandboxed Google Play in a secondary user since Android 14, it's likely because you granted Location permission to Play services. Android 14 broke one of the APIs it uses for secondary users. Revoke Location permission and it won't happen.

You don't need to grant the Location permission to sandboxed Google Play to have working geolocation in apps using the Google Play geolocation API. By default, GrapheneOS reroutes Play location requests to the OS location service. If you disabled that, turn it back on for now.

We're aware some users want to use the Google Play network location service with sandboxed Google Play and it's meant to work. It still works in the Owner user but Android 14 broke one of the APIs it uses for all apps in secondary users. We'll try to fix it for our next release.

AOSP Launcher bug we fixed in our latest release appears to have been caused by generating shortcuts with apps like Shortcut Maker. The shortcuts some of these apps generate are no longer accepted on Android 14. Users with this issue need to update to latest GrapheneOS release.

If you have broken shortcuts causing launcher crashes, you can still access Settings via drop-down quick settings to launch apps, clear app data, check for updates without waiting, etc. Can either clear launcher app data or update to the current release: https://grapheneos.org/releases#2023101100

Most AOSP bugs are also bugs in the stock Pixel OS since it's built from unmodified AOSP repositories. However, a bunch of apps are replaced with their own including the launcher. Pixel Launcher is a fork of AOSP Launcher and may have had this patched before stable release of 14.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023101100 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100900 release:

• enable customizing lock screen shortcuts
• Launcher: set target API level to 33 since it doesn't properly support 34 and it prevents adding widgets among other potential issues (Pixel Launcher fork in the stock Pixel OS still uses 33 too, so this is an AOSP-specific upstream bug)
• Launcher: delete broken legacy shortcuts instead of crashing (upstream bug)
• Sandboxed Google Play compatibility layer: avoid crash in TelephonyManager.requestCellInfoUpdate()
• Sandboxed Google Play compatibility layer: enable DynamiteLoader v2
• fix per-app hardening configuration for apps missing from the Owner user
• fix Bluetooth auto-turn-off
• Settings: avoid crashes when changing user restrictions for guest users (upstream bug)
• do not delete compiled code of hibernated apps
• curl: update to 8.4.0 to fix CVE-2023-38545 and assorted minor issues (Android may not use this functionality, but it should be fixed in case it does
• Vanadium: update to version 118.0.5993.65.0
• remove unnecessary wrapper for registering receivers

We'll be making another release today with more fixes for minor regressions introduced by Android 14. We have fixes for Bluetooth/Wi-Fi timeout, some sandboxed Google Play compatibility layer improvements and other minor improvements. Our Android 14 port is already quite solid.

Changes in version 118.0.5993.65.0:

• update to Chromium 118.0.5993.65

A full list of changes from the previous release (version 118.0.5993.48.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023100900 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100800 release:

• temporarily unsuspend work profiles when resuming them to avoid our stricter pause approach causing issues
• Settings: split title/summary for automatic exploit protection compatibility mode
• Settings: fix upstream bug causing crash when accessing tethering settings from secondary users where they're unavailable
• System Updater: set foreground service type to special
• System Updater: update minimum and target API level to 34 (Android 14)
• fix port of our change enabling usage timeline for all permission groups
• add back compiling code not built with signed integer overflow checking using -fwrapv to make it well defined
• add back very minor hardening involving making more data read only
• Seedvault: update to latest revision
• Health Fitness: disable functionality for showing available apps, updating apps and sending feedback when Google Play is unavailable (these options may be removed completely in the future)
• Health Fitness: check for Google Play via signature instead of whether it's a system app to support sandboxed Google Play

GrapheneOS based on Android 14 is now available in the Alpha channel. In theory, this release could reach the Beta channel and then Stable. However, we expect more minor regressions will be reported and we'll make another release replacing it before Beta.

https://grapheneos.org/releases#2023100800

This is the initial non-experimental release of GrapheneOS based on Android 14. Our initial public experimental release (2023100600) was published on October 6th so there have already been a couple days of public testing. All of our documented features are now ported to Android 14. We'll be continuing to work on fixing regressions including new Android bugs and new compatibility issues caused by our features. However, it's already stable and usable.

This release provides the full 2023-10-06 patch level for all supported devices along with the recommended security patches only included in Android 14.

Android 13 is no longer actively developed upstream and now only receives backports of the Android Security Bulletin patches, not the recommended patches included in the latest stable release of Android. Pixels are also now only supported via Android 14 and require Android 14 to achieve a patch level above 2023-10-01. Android 14 has had publicly available experimental releases since February 2023 and is already a mature OS. It also contains significant privacy and security enhancements which more than offset the attack surface from added features. These reasons are why we have so heavily prioritized porting to Android 14 and began to defer more and more of our other work until after Android 14 since around July 2023.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023100800 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100300 release:

• full 2023-10-06 security patch level
• rebased onto UP1A.231005.007 Android Open Source Project release as the initial port of all GrapheneOS features to Android 14
• add default-enabled toggle for automatic per-app exploit protection compatibility mode configuration
• temporarily add Google Camera to automatic exception list for hardened_malloc
• add back support for displaying app compilation progress at boot
• restore Android 13 work profile pause behavior by stopping the profile from running instead of only suspending apps
• fix cosmetic issue for adevtool envsetup.sh integration
• adevtool: download: add option to unpack factory images
• adevtool: collect-state: fix the output file name format
• adevtool: collect-state: add an option to automatically make prep OS build
• Vanadium: update to version 117.0.5938.153.0
• Vanadium: update to version 118.0.5993.48.0
• GmsCompatConfig: update to version 77
• Auditor: update to version 75

Notable changes in version 75:

• reschedule remote verification after OS updates to get the updated information submitted as soon as possible
• update SDK to 34 (Android 14)
• update target API level to 34 (Android 14)
• add low-level ACCESS_NETWORK_STATE permission required by API 34 to schedule jobs depending on network availability
• reduce network timeouts to 30s from 60s
• update CameraX library to 1.3.0-rc02
• update AndroidX Preference library to 1.2.1
• update Material library to 1.10.0
• update Guava library to 32.1.2
• update Bouncy Castle library to 1.76
• update ZXing library to 3.5.2
• update Kotlin to 1.9.10
• update Gradle to 8.3
• update Android Gradle plugin to 8.1.1
• update Android build tools to 34.0.0
• replace deprecated onBackPressed() callback
• remove workarounds for fixed SDK and library issues

A full list of changes from the previous release (version 74) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

graphemes users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Changes in version 77:

• update max supported version of Play services to 23.39
• update max supported version of Play Store to 37.8
• update target API level to 34 (Android 14)

A full list of changes from the previous release (version 76) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

Initial public release of GrapheneOS based on Android 14 is available. This is an experimental release with nearly all our features ported but isn't quite ready and won't be pushed out via the Alpha/Beta/Stable release channels. For more information, see

GrapheneOS is now based on Android 14. Most of our changes have been ported already but we still have a lot more porting work to do. It's all going to need to be tested before we can get it all merged, and then we can start making public experimental releases based on 14.

Changes in version 118.0.5993.48.0:

• update to Chromium 118.0.5993.48

A full list of changes from the previous release (version 117.0.5938.153.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 117.0.5938.153.0:

• update to Chromium 117.0.5938.153

A full list of changes from the previous release (version 117.0.5938.140.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Pixel 8 and Pixel 8 Pro are confirmed to have at least 7 years of full support:

https://support.google.com/nexus/answer/4457705?hl=en#zippy=%2Cpixel-later-including-fold

We expect 6th and 7th generation Pixels will also receive major OS updates until the end of their security support period. Bear in mind these are a minimum, not when it ends.

Android only has a single active stable branch, which is the latest major OS release. For example, Android 14 has now replaced Android 13.

Android 11, 12 and now 13 only have standalone backports of Critical/High severity patches and a subset of Moderate/Low severity patches

The alternative to updating 6th and 7th generation Pixels to the latest major OS release until their end-of-life would be continuing to develop an older major release and continuing to have releases for it. We think it's much more likely they give them 5 years of major updates.

It's likely they've already come to that conclusion and it's why it makes sense for the Pixel 8 and Pixel 8 Pro to have at least 7 years of major OS updates to go along with a minimum of 7 years of security patches. It's easier rather than harder for them to do both, especially with Treble.

"On GrapheneOS, you can fully disable emergency alerts in Settings → Safety emergency → Wireless emergency alerts since we add a toggle for Presidential alerts.

The naming of the alert types varies based on country which is determined by the carrier's country code, not language.

In Canada, the government sends every alert as a presidential alert instead of using the separate categories for extreme threats, severe threats and AMBER alerts. They do this to prevent disabling any of the alerts on normal operating systems and it's why we added this feature.

That also means every alert in Canada has a siren.

Many of the more severe alerts have been false positives:

https://www.nytimes.com/2018/01/13/us/hawaii-missile.html https://www.preventionweb.net/news/canada-fallout-false-nuclear-alarm

Most AMBER alerts are custody battles or false alerts.

On GrapheneOS, it's up to you if you want this feature enabled." - As posted by the official GrapheneOS mastodon

Android 14 is replacing Android 13 this month. There will no longer be any monthly or quarterly releases of Android 13, only the monthly backports of Android Security Bulletin patches. This is an early October release based on the Android Security Bulletin backports. We'll need to port to Android 14 to provide the full 2023-10-05 patch level. We've spent months porting to Android 14 in advance in order to make this migration as smooth and quick as possible. We weren't accepted as an Android partner so we don't have full early access to new major releases, but we've had partial early access to the sources and were able to do a lot of the porting in advance.

There wasn't a proper Android Open Source Project or stock Pixel OS release for September since Android 14 was meant to be released. They only shipped a release marked as having the 2023-09-01 patch level, but most patches which were going to be included in 2023-09-05 were deferred to October and most of the devices ended up providing the published 2023-09-05 patch level. Devices with a Qualcomm SoC (Pixel 4a (5G), Pixel 5, Pixel 5a) or standalone Qualcomm Wi-Fi (Pixel 7a) still need firmware/driver patches for 2023-09-05. Other supported devices (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel Tablet, Pixel Fold) were already on the 2023-09-05 patch level and will now be on the 2023-10-01 patch level. All of these devices will be quickly upgraded to the full Android 14 2023-10-05 patch level once it's released.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We provide extended support for harm reduction with the displayed patch level frozen at the last obtainable value.

Tags:

• 2023100300-coral (Pixel 4, Pixel 4 XL)
• 2023100300 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023100300-tangorpro (Pixel Tablet)
• 2023100300-felix (Pixel Fold)

Changes since the 2023100100 release:

• full 2023-10-01 security patch level (early release based on AOSP 13 security backports since the AOSP/stock monthly release is not available yet)

We'll be releasing an early October security update today since there hasn't been an official Android Open Source Project and stock Pixel OS release yet. They'll likely release it with Android 14 and we'll be fully focused on quickly porting to Android 14 once it's available.

Android 14 will likely be released on October 4th and Android 13 will no longer have monthly or quarterly stable releases. Android 13 will only have the monthly release of the Android Security Bulletin (ASB) patch backports to 11, 12, 13 and soon 14. Those aren't all the patches.

The full set of patches is provided by the monthly, quarterly and yearly releases of Android. Their policy is for every Critical/High severity AOSP patch to be backported. Most Moderate/Low severity patches aren't backported. However, severity levels are often very arbitrary.

Pixels will only be supported by Android 14 going forward so the many patches for firmware, drivers and other hardware-related code will only be available via Android 14. This is why GrapheneOS has focused so much on porting to Android 14 in order to quickly migrate over to it.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We provide extended support for harm reduction with the displayed patch level frozen at the last obtainable value

Tags:

• 2023100100-coral (Pixel 4, Pixel 4 XL)
• 2023100100 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023100100-tangorpro (Pixel Tablet)
• 2023100100-felix (Pixel Fold)

Changes since the 2023091800 release:

• fix upstream bug auto-dismissing crash dialogs
• improve readability of native crash reports
• Settings: remove Private DNS setting for secondary users since it's not currently per-profile like VPN configuration but rather is global like Wi-Fi configuration
• Settings: remove connectivity check setting for secondary users
• Dialer: disable false gesture detection for answering calls until the faulty implementation in the AOSP Dialer app is replaced
• hardened_malloc: improve fatal error reporting to include the abort message in Android crash reports
• Messaging: work around upstream null pointer exception bug
• libvpx: apply patch for CVE-2023-5217 to the standalone AOSP libvpx library, which was already fixed in the 117.0.5938.140.0 release of Vanadium
• Pixel 4, Pixel 4 XL: add upstream sensor-related app compatibility fix from the September release already included for other devices
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold): add upstream build reproducibility fix
• GmsCompatConfig: update to version 75
• GmsCompatConfig: update to version 76
• Vanadium: update to version 117.0.5938.140.0
• replace GrapheneOS themes stub app with AOSP themes stub app with our configuration ported over to it (AOSP didn't used to include a themes stub app

Changes in version 76:

• update max supported version of Play services to 23.37
• update max supported version of Play Store to 37.7

A full list of changes from the previous release (version 75) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Stable release of Android 14 is expected to be released in early October. We've spent months preparing for it and we've completed a lot of porting in advance. This has been much more difficult than it should be since we have to rely on unofficial access to pre-launch sources.

Stable releases of Android are open source. Pixel stock OS source tree matches the AOSP source tree with additional private repositories added for the Google/Pixel components/overlays. Beta releases and the development branches are mostly internal. Most isn't done in AOSP main.

The Android security team wanted to collaborate with us and gave us security partner access. We hoped this would lead to us getting full partner access so that we could port to new major releases much earlier with the ability to build and test nearly all of the port in advance.

The engineering side appreciates our work and multiple prominent people have tried to get full partner access for the GrapheneOS Foundation. Android's business side had our security partner access revoked and blocked progress. We've decided to stop making upstream contributions.

Many of the privacy and security features we're built could be included in Android. It was always difficult to contribute without partner access, but we put in significant effort and achieved some positive results. We also reported a lot of firmware and software vulnerabilities.

Not having partner access makes quickly porting to major releases into an ordeal, but we still have to do it for security reasons. We only managed to have it done within around a week of launch of Android 13 and past releases via superhuman amounts of work hours and productivity.

Despite our We've deferred shipping most of our newly developed features until after Android 14 including duress PIN/password and several new per-app toggles for enabling additional security features we already had implemented but couldn't enable globally due to some apps being incompatible.

Changes in version 12:

• raise class region size to 32GB for arm64 Android (requires kernel providing 48-bit address space via 4 level page tables)
• add configuration for disabling self-init
• enable Intel CET support
• drop support for legacy compilers and libc versions
• merge fprintf/fputs calls in malloc_info
• preserve error for free calls (future POSIX requirement)
• support versioned Clang
• when arenas are enabled, properly handle threads making their first allocation by resizing a slab allocation from another thread to another slab allocation size class with realloc instead of triggering a crash by trying to lock a field in the internal allocator state that's not a lock
• minor implementation and code style improvements

A full list of changes from the previous release (version 11) is available through the Git commit log between the releases.

See the README for this release for an overview of the project and many details about the design goals and implementation. versions These integer tags are the standalone releases, while date style tags such as 2023091800 and 2023091800-felix are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

Changes in version 117.0.5938.140.0:

• update to Chromium 117.0.5938.140

A full list of changes from the previous release (version 117.0.5938.60.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 75:

• update max supported version of Play Store to 37.6

A full list of changes from the previous release (version 74) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

The September releases of AOSP and the stock OS came out on 2023-09-18 and are incorporated into this release. Unusually, they still set the patch level to 2023-09-01 despite having all listed patches for 2023-09-05 for some of the devices such as the Pixel 6 and Pixel 7. We left the listed patch level alone to avoid delaying the release for aesthetic reasons while we figured out where it could be raised due to delayed Qualcomm firmware patches. We shipped 2023-09-01 in our much earlier 2023090600 release but this is the official September release from AOSP and the stock OS rather than just applying the Android Security Bulletin backports to Android 13.

The strange timing and inclusion of only a single patch (Mali GPU kernel driver fix) in the September Pixel Update Bulletin is due to Android 14 being scheduled for this month but delayed to October. The Pixel Update Bulletin for Android 14 will include a large number of recommended AOSP security patches and many hardware related patches, neither of which will be backported to Android 13, so we've already put a significant effort into porting to Android 14 via our limited early access to the source code. We aim to have our Android 14 port available as soon as possible after the stable release is published due to the importance for security. It's unfortunate we don't have full access to the sources in advance like Android partners, but we've had access to more than we usually do this year and for longer due to the delay.

We've also included additional Mali GPU kernel driver patches and a libwebp patch in this release, similar to the kernel.org LTS patches we ship on a regular basis many months before Android. We'll do more of this in the future as our resources and partnerships grow, but we don't have much ability to ship firmware patches earlier until there's hardware built to run GrapheneOS.

Tags:

• 2023091800-coral (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level
• 2023091800 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023091800-tangorpro (Pixel Tablet)
• 2023091800-felix (Pixel Fold)

Changes since the 2023090600 release:

• integrate official September update as a replacement for the backports in the last release
• rebased onto TQ3A.230901.001 (generic, coral), TQ3A.230901.001.B1 (tangorpro) and TQ3C.230901.001.A1 (felix) Android Open Source Project releases
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold): backport additional Mali GPU driver security fixes from Android 14 Beta 5.3
• webp: backport fix for CVE-2023-4863 not included in the Android September security patch level
• Settings: remove Storage manager toggle since it lacks an implementation without Play services integrated into the OS
• kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.131
• Vanadium: update to version 117.0.5938.44.0
• Vanadium: update to version 117.0.5938.44.1
• Vanadium: update to version 117.0.5938.60.0
• GmsCompatConfig: update to version 73
• GmsCompatConfig: update to version 74
• adevtool: add command for fetching info about stock OS kernels from AOSP repositories