KindnessInfinity

Notice which will not impact most users: apps which were only installed in secondary users but not Owner before updating to Android 15 and which were then installed in Owner after updating to Android 15 will have a one-time revocation of their Network/Sensors permissions after updating to this release as a minor consequence of migrating them from Android 14 again.

Tags:

• 2024102400 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2024102100 release:

• switch back our original stricter approach to DNS leak blocking from our 2024050900 release with an additional fix for an Android DNS routing bug causing requests to the VPN DNS servers to be routed incorrectly, which should avoid the compatibility issues experienced with certain VPN apps when we tried to ship it before
• avoid resetting Network or Sensors back to the global default after app updates in a specific case when migrating the state from Android 14 or earlier
• add an extra one-time migration of Network and Sensors being disabled in Android 14 to Android 15 to work around an issue with the previous migration of the permission state which occurred for some users with some of their apps
• fix ancient Android bug causing widgets to disappear from the user's home screen when the user stops, which was a major usability issue for secondary users
• Keyboard: extend fix for upstream layout bug in landscape mode to fully fix it for 3-button navigation in addition to the default gesture navigation
• Gallery: fix upstream cropping activity bug when both the input and output URI is the same to fix setting profile pictures for user profiles
• raise backup service transport (Seedvault) timeout from 10 minutes / 5 minutes to 60 minutes / 30 minutes to handle very large backups, particularly for the device-to-device mode which includes nearly all app data
• temporarily revert enforcing minimum 64kiB stack guard size for arm64 since Facebook recently included a buggy stack overflow check for the React Native Hermes runtime that's incompatible with larger gap sizes and beginning to be shipped by apps (revert was not applied for Android 15 port)
• Sandboxed Google Play compatibility layer: add stubs for update_engine wrapper API to avoid potential Play services crashes if the existing approaches to disable the update service fail
• Pixel 8, Pixel 8 Pro, Pixel 8a: disable Wi-Fi HAL debug logging to avoid memory corruption caught by hardware memory tagging on GrapheneOS
• kernel (6.1): update to latest GKI LTS branch revision
• use hardened GrapheneOS 6.6 LTS kernel for microdroid virtual machines for both arm64 and x86_64
• Vanadium: update to version 130.0.6723.73.0
• GmsCompatConfig: update to version 144
• GmsCompatConfig: update to version 145

We're working on fixing a regression in the GrapheneOS releases based on Android 15 which resulted in a subset of users having a subset of their Network and Sensors toggle settings not migrated over from the Android 14 permission database to the Android 15 permission database.

The Network and Sensors toggles added by GrapheneOS still work fine on Android 15. Android 15 changed how permissions are stored and the way we're migrating settings from Android 14 is the problem. In a specific case, the values are being reset back to the current global default.

Android 15 includes a huge amount of important privacy and security fixes itself along with being required for the Pixel firmware/driver patches for October. Their release was on October 15th, our first public release was October 16th and we had 8 public releases before Stable.

For each of our 7 public releases based on Android 15 after our first one, we fixed every major reported issue not present on the stock Pixel OS and some of the issues impacting the stock OS too. Not much else we can do. We need more testers to catch subtle issues like this.

Our next release will also fix 2 more minor upstream bugs impacting AOSP apps and an upstream issue impacting every Android-based OS with secondary users causing widgets to be lost repeatedly. A compatibility workaround has also been added back for apps catching stack overflows.

We'll also be upgrading our current DNS leak blocking to the stricter version we shipped in May 2024 shortly after the Android DNS leaks were discovered by our community. We had to roll that back because of another Android bug which we've now finally figured out how to resolve.

Our initial strict Android DNS leak blocking in May 2024 was correct. Certain apps like ProtonVPN try to send their VPN DNS queries without an explicit network ID and relying on Android guessing they want the VPN tunnel which it handles incorrectly and broke with leak blocking.

Changes in version 145:

• update max supported version of Play services to 24.42

A full list of changes from the previous release (version 144) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims and sets the maximum supported versions for Play services and the Play Store.

Changes in version 130.0.6723.73.0:

• update to Chromium 130.0.6723.73

A full list of changes from the previous release (version 130.0.6723.58.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

We've finally fixed the ancient Android bug causing widgets/shortcuts to disappear in secondary users when switching away from them. It will be included in our next release. This issue impacts every Android-based OS with secondary user support and was a major usability issue.

We've also fixed 2 more Android 15 regressions in AOSP. AOSP Gallery had a long time bug in the cropping activity which started breaking setting profile pictures for users in Android 15. We also extended our AOSP keyboard landscape layout fix for the legacy 3 button navigation.

GrapheneOS fully supports the Private Space feature in Android 15, which is essentially a separate user nested inside of the Owner user.

We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.

Private Space is an isolated workspace (profile) for apps and data similar to both user profiles and work profiles. All 3 forms of profiles also have entirely separate VPN configuration which is very useful even if you connected to the same VPN, since exit IPs can be separate.

All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.

Private Space makes it easier to share data than users. The clipboard is shared, but we could add a setting for it.

GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.

Regardless of how people choose to use sandboxed Google Play, they're regular sandboxed apps without special access. Private Space makes it easier to use a dedicated profile for sandboxed Google Play though.

It's also worth noting you can still use a work profile alongside it.

All of our features including Contact Scopes, Storage Scopes and sandboxed Google Play have full support for Private Space. We added support for it significantly before the release of Android 15, even before the initial early release of the source code was published in September.

Changes in version 144:

• update max supported version of Play Store to 43.2

A full list of changes from the previous release (version 143) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims and sets the maximum supported versions for Play services and the Play Store.

Changes in version 143:

• revert temporary Bluetooth stub changes from the previous Android 15 only release
• revert minimum SDK level temporarily changed for the previous release back to 32 (Android 12)

A full list of changes from the previous release (version 142) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims and sets the maximum supported versions for Play services and the Play Store.

This is an Android 15 exclusive release with a temporary workaround to enable us to move our 2024101600 release to the Alpha channel for broader public testing.

Changes in version 142:

• update Bluetooth stubs for 15
• temporarily raise minimum SDK version to 35 (Android 15) for this release

A full list of changes from the previous release (version 141) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims and sets the maximum supported versions for Play services and the Play Store.

This is the initial release of GrapheneOS based on Android 15 based on the October 15th stable release of Android 15. We had previously ported all of our features to Android 15 based on the Beta releases and have been finishing it up based on the early September release of the source code for Android 15. Our initial port of all our features was completed on September 3rd and we've been polishing it up while we've been working on regular development.

Tags:

• 2024101600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2024101200 release:

• full 2024-10-05 security patch level since the Pixel patches were disclosed in the Pixel Update Bulletin today
• rebased onto AP3A.241005.015 Android Open Source Project release (Android 15)
• full port of GrapheneOS features to Android 15 including integration of our features with the new Android 15 features including Private Space
• Sandboxed Google Play compatibility layer: add stubs to fully remove the need for the Google Services Framework (GSF) app for fresh installs of sandboxed Google Play, which has been removed as a dependency in our app repository for Android 15+, but it should still be kept for existing installs to avoid potential issues
• Pixel 9 Pro Fold: add assorted device-specific Settings and SystemUI changes to better match the stock OS
• disable Bluetooth auto-on feature by default
• temporarily enable system crash notifications unconditionally for the initial release based on Android 15 release
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.56
• Seedvault: update to a newer revision (will be replaced with a better backup implementation in the future)
• Seedvault: minor changes to prepare for a complete fork and overhaul in the future
• Vanadium: update to version 130.0.6723.58.0
• GmsCompatConfig: update to version 141

Our initial release based on Android 15 is now available for early testing for technical users willing to sideload the release to their device. It's a regular production release and this can be done on a locked device with USB debugging disabled, but it's not heavily tested yet.

If you're interested in helping with either the early testing via sideloading or regular public testing via our Alpha and Beta channels, join our public testing chat:

https://grapheneos.org/contact#community-chat

You can choose between Matrix, Discord or Telegram. Most people use Matrix or Discord.

Changes in version 130.0.6723.58.0:

• update to Chromium 130.0.6723.58

A full list of changes from the previous release (version 129.0.6668.100.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.