KindnessInfinity

One of our community members has been doing testing of Android VPN apps to check for leaks. They've found and reported 2 issues where leak blocking functionality doesn't appear to work as intended: one occurs with local network multicast and the other with DNS while VPN is down.

We're actively looking into these issues. Local network multicast not being blocked as expected is likely an OS bug caused by special handling of multicast. DNS issue may be another missed special case or a race condition, but it's possible the apps are handling it incorrectly.

One of the two issues (DNS) has spread to discussions about VPN apps elsewhere. Responsibility for blocking leaks is shared between the OS and VPN apps. It's a good thing that the OS provides standard infrastructure for this. Since the OS controls most of it, we can improve this.

This release is only being done for the Pixel 8 and Pixel 8 Pro due to lack of changes relevant to other devices.

Tags:

• 2024042200 (Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024042100 release:

• kernel (5.15): revert another broken f2fs change from the 5.15.149 release (entirely separate from what was fixed in our last release)

We found another regression introduced by a recent f2fs change in the Linux 5.15 LTS branch so we'll have to make another release for Pixel 8 and Pixel 8 Pro before it can reach Beta. Only 2 users doing Alpha channel testing ran into this and one has confirmed reverting it works.

It's possible that this change in the upcoming Linux 6.9 release may resolve the issue properly rather than needing to revert another fix: https://github.com/torvalds/linux/commit/42a80aacb76bed85f453b10f662877ed60d37164. The issue is that we only had 2 users able to reproduce this and now neither can help test potential fixes.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024042100-redfin (Pixel 4a (5G), Pixel 5)
• 2024042100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024042000 release:

• kernel (5.10): update to latest GKI LTS branch revision
• kernel (5.15): backport upstream f2fs patch for a kernel panic caused by another upstream f2fs patch included in the last GKI LTS update
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.78

https://grapheneos.social/@GrapheneOS/112307439457892688

Our latest release will remain in the Alpha channel due to upstream Linux kernel regressions in the latest 5.15 GKI LTS release causing crashes on the Pixel 8 and Pixel 8 Pro for some users. Very likely caused by f2fs backports in the newer LTS release.

If you're having any crashes with the most recent Alpha channel release on the Pixel 8 and Pixel 8 Pro, please join our testing chat room and help test an official build with a potential fix. We'll only be making a new release after confirming we have a working fix for the issue.

Only 2 users have reported kernel crashes with the new release for Pixel 8 and Pixel 8 Pro. Based on the error logs from the kernel, we suspect the cause is one of 3 f2fs kernel changes in the latest 5.15 GKI LTS release. We aren't getting the feedback we need to determine this.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024042000-redfin (Pixel 4a (5G), Pixel 5)
• 2024042000 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024040900 release:

• add toggle in Settings > Security for opting into memory tagging in vendor processes currently excluded from it with the end goal of having it force enabled without a toggle as we do for the rest of the base OS
• allow eSIM activation app to interact with Google Fi app when installed to fix Google Fi activation
• use ro.vendor.build.svn system property from adevtool instead of AOSP to make sure it always matches the stock OS
• Pixel Fold: update to AP1A.240405.002.A2 vendor files
• Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro: update to AP1A.240405.002.B1 vendor files
• Log Viewer: include kernel log buffer in default log output
• Log Viewer: show "Save" instead of "Copy" button for logs that are over ~50 KB
• Log Viewer: improve handling of log saving
• backport mainline APEX module patches for Android Health, ART, DNS Resolver, Media Provider, Network Stack, PermissionController and Wi-Fi
• TalkBack (screen reader): update base code to 14.1 and massively overhaul our changes to it
• kernel (5.10): update to latest GKI LTS branch revision
• kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.148
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.76
• Vanadium: update to version 123.0.6312.118.0
• Vanadium: update to version 124.0.6367.42.0
• Vanadium: update to version 124.0.6367.54.0
• Camera: update to version 67
• Camera: update to version 68
• Auditor: update to version 79
• GmsCompatConfig: update to version 103
• GmsCompatConfig: update to version 104
• Setup Wizard: layout and style improvements
• Setup Wizard: add functionality for testing on debug builds

Changes in version 104:

• update max supported version of Play Store to 40.6

A full list of changes from the previous release (version 103) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Notable changes in version 79:

• modern Material 3 UI overhaul
• use edge-to-edge layout
• update CameraX library to 1.3.3
• update AndroidX Core library to 1.13.0
• update Bouncy Castle library to 1.78
• update Guava library to 33.1.0
• update ZXing library to 3.5.3
• update Gradle to 8.7
• update Android Gradle plugin to 8.3.2
• update Kotlin to 1.9.23

A full list of changes from the previous release (version 78) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Notable changes in version 68:

• temporarily disable support for 4:3 aspect ratio video recording added in version 67 due to breaking on devices where it's not supported

A full list of changes from the previous release (version 67) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS app repository and on GitHub. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Notable changes in version 67:

• add support for 4:3 aspect ratio video recording
• use new blur bitmap implementation based on RenderEffect for Android 12+
• avoid crashes in rare case when tabParent is not initialized
• update CameraX library to 1.4.0-alpha05
• update ZXing (barcode library) to 3.5.3
• update AndroidX Core library to 1.13.0
• update Gradle to 8.7
• update Android Gradle plugin to 8.3.2
• update Kotlin to 1.9.23
• replace deprecated APIs

A full list of changes from the previous release (version 66) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS app repository and on GitHub. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Changes in version 124.0.6367.54.0:

• update to Chromium 124.0.6367.54

A full list of changes from the previous release (version 124.0.6367.42.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

There's a site impersonating the GrapheneOS project for scamming people (grapheneos dot fr). GrapheneOS does not currently sell phones or work with any company/individual selling phones.

We strongly recommend using the very easy to use web installer: https://grapheneos.org/install/web.

The site is hosted via Wix and uses Tucows as the domain registrar.

Tucows permits using their services for scamming, impersonation, harassment, etc. until they get a court order to stop doing it (https://tucows.com/news/why-tucows-doesnt-take-down-domains-for-website-content-issues) so that's a dead end.

Do we know anyone at Wix?

Wix has taken down the site, but nothing has been done about the domain by Tucows or AFNIC yet. They may simply point the domain at another host. We'll continue trying to get AFNIC to deal with it. We're currently aware of 8 grapheneos.tld domains people registered...