KindnessInfinity

joined 2 years ago
MODERATOR OF
androidofficial
androidapps
grapheneos
twoxchromosomes
sorted by: new top controversial old
17
GrapheneOS version 2023123100 released (grapheneos.org)
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2023123100-redfin (Pixel 4a (5G), Pixel 5)
  • 2023123100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023123000 release:

  • Keyboard: avoid spell checker crash after keyboard's spell checking service is stopped by the OS (regression in the last Alpha channel only release fixing multi-locale spell checking)
  • backport upstream fix for Wi-Fi background scan system_server crash
  • hardened_malloc / bionic: restore default SIGABRT handler in fatal_error to work around crashlytics bug caused by it using fork instead of clone which triggers a deadlock when malloc locks are held already
  • skip missing sensors permission notification with wrong app id
  • Sandboxed Google Play compatibility layer: avoid crashes in Android Auto and potentially elsewhere from missing Google Search app to make it a proper optional dependency
  • Sandboxed Google Play compatibility layer: fix handling of while-in-use permissions
  • Sandboxed Google Play compatibility layer: drop ACCESS_BACKGROUND_LOCATION permission for Android Auto now that while-in-use permission works
  • Sandboxed Google Play compatibility layer: add workaround for rare foreground service crash (may be upstream bug)
50
GrapheneOS version 2023123000 released (Supports Android Auto) (grapheneos.org)
 

cross-posted from: https://lemmy.ml/post/9939705

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2023123000-redfin (Pixel 4a (5G), Pixel 5)
  • 2023123000 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets

Changes since the 2023121200 release:

  • Keyboard: add new implementation of multi-locale spell checking support to fix crashes and other issues
  • Sandboxed Google Play compatibility layer: add Android Auto support with the compatibility layer eliminating the need for most of the permissions and a permission menu with 4 toggles for granting the minimal special access required for wired Android Auto, wireless Android Auto, audio routing and phone calls
  • Settings: remove confusing mention of Android Auto from Connected devices screen
  • exempt non-app system processes from Sensors permission enforcement (fixes some issues including gpsd crashes)
  • fix Bluetooth auto-turn-off race condition to avoid crashes
  • work around upstream race condition bug in biometric service
  • disable support for pre-approving PackageInstaller sessions due to incompatibility with Network permission toggle
  • fix several upstream bugs in handling crash reports mainly to improve our user-facing crash reporting system
  • use GrapheneOS Widevine provisioning proxy by default
  • add settings for changing Widevine provisioning server
  • add configuration for setupdesign and setupcompat libraries to improve system UI theme
  • kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.204
  • kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.142
  • kernel (Generic 6.1): initial port of GrapheneOS changes for use with emulator builds
  • force disable network ADB in early boot to improve verified boot security (no user-facing change since it's currently disabled by default later in the boot process, but not robustly)
  • Vanadium: update to version 120.0.6099.115.0
  • Vanadium: update to version 120.0.6099.144.0
  • AppCompatConfig: update to version 2
  • GmsCompatConfig: update to version 88
  • GmsCompatConfig: update to version 89
  • GmsCompatConfig: update to version 90
  • Auditor: update to version 78
65
GrapheneOS version 2023123000 released (Supports Android Auto) (grapheneos.org)
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2023123000-redfin (Pixel 4a (5G), Pixel 5)
  • 2023123000 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets

Changes since the 2023121200 release:

  • Keyboard: add new implementation of multi-locale spell checking support to fix crashes and other issues
  • Sandboxed Google Play compatibility layer: add Android Auto support with the compatibility layer eliminating the need for most of the permissions and a permission menu with 4 toggles for granting the minimal special access required for wired Android Auto, wireless Android Auto, audio routing and phone calls
  • Settings: remove confusing mention of Android Auto from Connected devices screen
  • exempt non-app system processes from Sensors permission enforcement (fixes some issues including gpsd crashes)
  • fix Bluetooth auto-turn-off race condition to avoid crashes
  • work around upstream race condition bug in biometric service
  • disable support for pre-approving PackageInstaller sessions due to incompatibility with Network permission toggle
  • fix several upstream bugs in handling crash reports mainly to improve our user-facing crash reporting system
  • use GrapheneOS Widevine provisioning proxy by default
  • add settings for changing Widevine provisioning server
  • add configuration for setupdesign and setupcompat libraries to improve system UI theme
  • kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.204
  • kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.142
  • kernel (Generic 6.1): initial port of GrapheneOS changes for use with emulator builds
  • force disable network ADB in early boot to improve verified boot security (no user-facing change since it's currently disabled by default later in the boot process, but not robustly)
  • Vanadium: update to version 120.0.6099.115.0
  • Vanadium: update to version 120.0.6099.144.0
  • AppCompatConfig: update to version 2
  • GmsCompatConfig: update to version 88
  • GmsCompatConfig: update to version 89
  • GmsCompatConfig: update to version 90
  • Auditor: update to version 78
7
AppCompatConfig version 2 released (github.com)
 

Changes in version 2:

  • suppress harmless native debugging notification for Vanadium, Brave and Chrome
  • enable all exploit protections for Android Auto by default
  • update Gradle to 8.5
  • update Android Gradle plguin to 8.2.0

A full list of changes from the previous release (version 1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

89
GrapheneOS Should Support Android Auto In Next Release (grapheneos.social)
 

Android Auto support for our sandboxed Google Play compatibility layer has been merged into GrapheneOS and should be available in the next release. It's currently going through final review and internal testing leading up to being able to make a public Alpha channel release.

The implementation uses the compatibility layer to eliminate most of the special privileges that are usually required. It provides 4 permission toggles for enabling different access for wired Android Auto, wireless Android Auto, audio routing control and phone call control.

No special access is granted by default. We've made subsets of the standard privileged permissions for these toggles for granting only minimal required access. Wired Android Auto is close to working with 0 special access required but not quite so it still needs a toggle.

1
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 90 released (github.com)
 

Changes in version 90:

  • add shims for Android Auto support which will provide support for it alongside changes in the next OS release
  • update Gradle to 8.5
  • update Android Gradle plguin to 8.2.0

A full list of changes from the previous release (version 89) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig)

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release

-1
Vanadium version 120.0.6099.144.0 released (github.com)
 

Changes in version 120.0.6099.144.0:

  • update to Chromium 120.0.6099.144

A full list of changes from the previous release (version 120.0.6099.115.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

0
Auditor app version 78 released (github.com)
 

Notable changes in version 78:

  • update CameraX library to 1.3.1
  • update Bouncy Castle library to 1.77
  • update Guava library to 33.0.0
  • update Material Components library to 1.11.0
  • update Gradle to 8.5
  • replace deprecated Gradle functionality

A full list of changes from the previous release (version 77) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

-1
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 88 released (github.com)
 

Changes in version 88:

  • suppress sendBroadcastAsUser() crashes on GrapheneOS 12.1 (end-of-life 3rd generation Pixels

A full list of changes from the previous release (version 87) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

-3
Vanadium version 120.0.6099.115.0 released (github.com)
 

Changes in version 120.0.6099.115.0:

  • update to Chromium 120.0.6099.115

A full list of changes from the previous release (version 120.0.6099.43.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

0
GrapheneOS version 2023121200 released (grapheneos.org)
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2023121200-redfin (Pixel 4a (5G), Pixel 5)
  • 2023121200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets

Changes since the 2023120800 release:

  • stop reporting forced reboot (long press power) as a kernel crash
  • filter out SoC ID from kernel crash logs (logged by Little Kernel firmware boot stage before the OS)
  • temporarily disable memory tagging and hardened_malloc for surfaceflinger process to work around upstream use-after-free bug(s)
  • raise max open files for system_server to 256k from the baseline 32k limit used for all processes on Android due to situations where the 32k limit is exhausted, which has become much more common for a small number of users with Android 14 QPR1
  • kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold): backport fix for glibc 2.38 build error to device-specific driver source tree too to end the need for mounting a modified features.h for building host executables
  • kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.201
  • kernel (Pixel 8, Pixel 8 Pro, Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.138
  • GmsCompatConfig: update to version 87
  • suppress repetitive sendHistogramChannelIoctl logging (upstream issue)
0
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 87 released (github.com)
 

Changes in version 87:

  • update max supported version of Play services to 23.49
  • update max supported version of Play Store to 38.7

A full list of changes from the previous release (version 86) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

view more: ‹ prev next ›