KindnessInfinity

We're continuing to work on addressing the remaining regressions in Android 14:

https://github.com/GrapheneOS/os-issue-tracker/labels/priority-max

We'll likely have a release available by tomorrow with fixes for both issues impacting sandboxed Google Play.

We've also made major progress on Pixel 8 / 8 Pro support.

It will be very difficult to restore ahead-of-time compilation to the way it worked before. There are significant upstream regressions in Android 14. They broke background compilation as part of the Finalizing step for updates and also broke precompiled Java/Kotlin code support.

For the moment, we're going to work on adding support for compiling apps in the background after boot and displaying a progress bar. This will avoid boots being delayed by compiling apps which is a major issue due to the background Finalizing and precompilation not working in 14.

We still need to restore precompilation and work towards it providing complete coverage to fully provide our verified boot improvements.

Android 14 fixed a bunch of information leaks between profiles which they didn't test properly and causes regressions which we're addressing.

The user profile isolation improvements in Android 14 are causing one of the sandboxed Google Play issues. Simply don't grant Location permission to sandboxed Google Play in secondary users to work around it. You don't need to grant that for working location in apps anyway.

Wise sent us an email 4 hours ago informing us that our US bank account information has changed without warning. They changed bank partners in the US. We've updated the donation page at https://grapheneos.org/donate#wise-us. If you use the old information or your donation will get refunded.

Notable changes in version 76:

• add support for Pixel 8 and Pixel 8 Pro
• update Guava library to 32.1.3

A full list of changes from the previous release (version 75) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

You can see our max priority issues here, which are all Android 14 regressions:

https://github.com/GrapheneOS/os-issue-tracker/labels/priority-max

None of these is a severe problem, but we plan to get them all fixed for our next release in a couple days. They're being prioritized over Pixel 8 and Pixel 8 Pro support.

Android 14 introduced issues causing app crashes within secondary users as part of a series of changes fixing data leaks between user profiles. GrapheneOS users make heavier use of secondary users and are running into this more often. The most common issue can be worked around.

If you're experiencing crashes with sandboxed Google Play in a secondary user since Android 14, it's likely because you granted Location permission to Play services. Android 14 broke one of the APIs it uses for secondary users. Revoke Location permission and it won't happen.

You don't need to grant the Location permission to sandboxed Google Play to have working geolocation in apps using the Google Play geolocation API. By default, GrapheneOS reroutes Play location requests to the OS location service. If you disabled that, turn it back on for now.

We're aware some users want to use the Google Play network location service with sandboxed Google Play and it's meant to work. It still works in the Owner user but Android 14 broke one of the APIs it uses for all apps in secondary users. We'll try to fix it for our next release.

AOSP Launcher bug we fixed in our latest release appears to have been caused by generating shortcuts with apps like Shortcut Maker. The shortcuts some of these apps generate are no longer accepted on Android 14. Users with this issue need to update to latest GrapheneOS release.

If you have broken shortcuts causing launcher crashes, you can still access Settings via drop-down quick settings to launch apps, clear app data, check for updates without waiting, etc. Can either clear launcher app data or update to the current release: https://grapheneos.org/releases#2023101100

Most AOSP bugs are also bugs in the stock Pixel OS since it's built from unmodified AOSP repositories. However, a bunch of apps are replaced with their own including the launcher. Pixel Launcher is a fork of AOSP Launcher and may have had this patched before stable release of 14.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023101100 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100900 release:

• enable customizing lock screen shortcuts
• Launcher: set target API level to 33 since it doesn't properly support 34 and it prevents adding widgets among other potential issues (Pixel Launcher fork in the stock Pixel OS still uses 33 too, so this is an AOSP-specific upstream bug)
• Launcher: delete broken legacy shortcuts instead of crashing (upstream bug)
• Sandboxed Google Play compatibility layer: avoid crash in TelephonyManager.requestCellInfoUpdate()
• Sandboxed Google Play compatibility layer: enable DynamiteLoader v2
• fix per-app hardening configuration for apps missing from the Owner user
• fix Bluetooth auto-turn-off
• Settings: avoid crashes when changing user restrictions for guest users (upstream bug)
• do not delete compiled code of hibernated apps
• curl: update to 8.4.0 to fix CVE-2023-38545 and assorted minor issues (Android may not use this functionality, but it should be fixed in case it does
• Vanadium: update to version 118.0.5993.65.0
• remove unnecessary wrapper for registering receivers

We'll be making another release today with more fixes for minor regressions introduced by Android 14. We have fixes for Bluetooth/Wi-Fi timeout, some sandboxed Google Play compatibility layer improvements and other minor improvements. Our Android 14 port is already quite solid.

Changes in version 118.0.5993.65.0:

• update to Chromium 118.0.5993.65

A full list of changes from the previous release (version 118.0.5993.48.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023100900 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100800 release:

• temporarily unsuspend work profiles when resuming them to avoid our stricter pause approach causing issues
• Settings: split title/summary for automatic exploit protection compatibility mode
• Settings: fix upstream bug causing crash when accessing tethering settings from secondary users where they're unavailable
• System Updater: set foreground service type to special
• System Updater: update minimum and target API level to 34 (Android 14)
• fix port of our change enabling usage timeline for all permission groups
• add back compiling code not built with signed integer overflow checking using -fwrapv to make it well defined
• add back very minor hardening involving making more data read only
• Seedvault: update to latest revision
• Health Fitness: disable functionality for showing available apps, updating apps and sending feedback when Google Play is unavailable (these options may be removed completely in the future)
• Health Fitness: check for Google Play via signature instead of whether it's a system app to support sandboxed Google Play

GrapheneOS based on Android 14 is now available in the Alpha channel. In theory, this release could reach the Beta channel and then Stable. However, we expect more minor regressions will be reported and we'll make another release replacing it before Beta.

https://grapheneos.org/releases#2023100800

This is the initial non-experimental release of GrapheneOS based on Android 14. Our initial public experimental release (2023100600) was published on October 6th so there have already been a couple days of public testing. All of our documented features are now ported to Android 14. We'll be continuing to work on fixing regressions including new Android bugs and new compatibility issues caused by our features. However, it's already stable and usable.

This release provides the full 2023-10-06 patch level for all supported devices along with the recommended security patches only included in Android 14.

Android 13 is no longer actively developed upstream and now only receives backports of the Android Security Bulletin patches, not the recommended patches included in the latest stable release of Android. Pixels are also now only supported via Android 14 and require Android 14 to achieve a patch level above 2023-10-01. Android 14 has had publicly available experimental releases since February 2023 and is already a mature OS. It also contains significant privacy and security enhancements which more than offset the attack surface from added features. These reasons are why we have so heavily prioritized porting to Android 14 and began to defer more and more of our other work until after Android 14 since around July 2023.

Pixel 4, Pixel 4 XL and Pixel 4a are end-of-life and shouldn't be used anymore due to lack of most security patches for firmware and drivers. We're considering porting them to Android 14 to continue providing extended support longer than initially planned to keep them as a way to preview the current version of the OS despite them not being secure. It will be a significant effort to port them properly without lost functionality and we're looking for a new developer to fund rather than reassigning any developers from their existing work on the OS.

Tags:

• 2023100800 (Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, emulator, generic, other targets)

Changes since the 2023100300 release:

• full 2023-10-06 security patch level
• rebased onto UP1A.231005.007 Android Open Source Project release as the initial port of all GrapheneOS features to Android 14
• add default-enabled toggle for automatic per-app exploit protection compatibility mode configuration
• temporarily add Google Camera to automatic exception list for hardened_malloc
• add back support for displaying app compilation progress at boot
• restore Android 13 work profile pause behavior by stopping the profile from running instead of only suspending apps
• fix cosmetic issue for adevtool envsetup.sh integration
• adevtool: download: add option to unpack factory images
• adevtool: collect-state: fix the output file name format
• adevtool: collect-state: add an option to automatically make prep OS build
• Vanadium: update to version 117.0.5938.153.0
• Vanadium: update to version 118.0.5993.48.0
• GmsCompatConfig: update to version 77
• Auditor: update to version 75