KindnessInfinity

Stable release of Android 14 is expected to be released in early October. We've spent months preparing for it and we've completed a lot of porting in advance. This has been much more difficult than it should be since we have to rely on unofficial access to pre-launch sources.

Stable releases of Android are open source. Pixel stock OS source tree matches the AOSP source tree with additional private repositories added for the Google/Pixel components/overlays. Beta releases and the development branches are mostly internal. Most isn't done in AOSP main.

The Android security team wanted to collaborate with us and gave us security partner access. We hoped this would lead to us getting full partner access so that we could port to new major releases much earlier with the ability to build and test nearly all of the port in advance.

The engineering side appreciates our work and multiple prominent people have tried to get full partner access for the GrapheneOS Foundation. Android's business side had our security partner access revoked and blocked progress. We've decided to stop making upstream contributions.

Many of the privacy and security features we're built could be included in Android. It was always difficult to contribute without partner access, but we put in significant effort and achieved some positive results. We also reported a lot of firmware and software vulnerabilities.

Not having partner access makes quickly porting to major releases into an ordeal, but we still have to do it for security reasons. We only managed to have it done within around a week of launch of Android 13 and past releases via superhuman amounts of work hours and productivity.

Despite our We've deferred shipping most of our newly developed features until after Android 14 including duress PIN/password and several new per-app toggles for enabling additional security features we already had implemented but couldn't enable globally due to some apps being incompatible.

Changes in version 12:

• raise class region size to 32GB for arm64 Android (requires kernel providing 48-bit address space via 4 level page tables)
• add configuration for disabling self-init
• enable Intel CET support
• drop support for legacy compilers and libc versions
• merge fprintf/fputs calls in malloc_info
• preserve error for free calls (future POSIX requirement)
• support versioned Clang
• when arenas are enabled, properly handle threads making their first allocation by resizing a slab allocation from another thread to another slab allocation size class with realloc instead of triggering a crash by trying to lock a field in the internal allocator state that's not a lock
• minor implementation and code style improvements

A full list of changes from the previous release (version 11) is available through the Git commit log between the releases.

See the README for this release for an overview of the project and many details about the design goals and implementation. versions These integer tags are the standalone releases, while date style tags such as 2023091800 and 2023091800-felix are part of GrapheneOS releases and may contain GrapheneOS-specific changes such as workarounds for latent memory corruption bugs encountered in the wild while waiting for an upstream or downstream fix.

Changes in version 117.0.5938.140.0:

• update to Chromium 117.0.5938.140

A full list of changes from the previous release (version 117.0.5938.60.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 75:

• update max supported version of Play Store to 37.6

A full list of changes from the previous release (version 74) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

The September releases of AOSP and the stock OS came out on 2023-09-18 and are incorporated into this release. Unusually, they still set the patch level to 2023-09-01 despite having all listed patches for 2023-09-05 for some of the devices such as the Pixel 6 and Pixel 7. We left the listed patch level alone to avoid delaying the release for aesthetic reasons while we figured out where it could be raised due to delayed Qualcomm firmware patches. We shipped 2023-09-01 in our much earlier 2023090600 release but this is the official September release from AOSP and the stock OS rather than just applying the Android Security Bulletin backports to Android 13.

The strange timing and inclusion of only a single patch (Mali GPU kernel driver fix) in the September Pixel Update Bulletin is due to Android 14 being scheduled for this month but delayed to October. The Pixel Update Bulletin for Android 14 will include a large number of recommended AOSP security patches and many hardware related patches, neither of which will be backported to Android 13, so we've already put a significant effort into porting to Android 14 via our limited early access to the source code. We aim to have our Android 14 port available as soon as possible after the stable release is published due to the importance for security. It's unfortunate we don't have full access to the sources in advance like Android partners, but we've had access to more than we usually do this year and for longer due to the delay.

We've also included additional Mali GPU kernel driver patches and a libwebp patch in this release, similar to the kernel.org LTS patches we ship on a regular basis many months before Android. We'll do more of this in the future as our resources and partnerships grow, but we don't have much ability to ship firmware patches earlier until there's hardware built to run GrapheneOS.

Tags:

• 2023091800-coral (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level
• 2023091800 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023091800-tangorpro (Pixel Tablet)
• 2023091800-felix (Pixel Fold)

Changes since the 2023090600 release:

• integrate official September update as a replacement for the backports in the last release
• rebased onto TQ3A.230901.001 (generic, coral), TQ3A.230901.001.B1 (tangorpro) and TQ3C.230901.001.A1 (felix) Android Open Source Project releases
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold): backport additional Mali GPU driver security fixes from Android 14 Beta 5.3
• webp: backport fix for CVE-2023-4863 not included in the Android September security patch level
• Settings: remove Storage manager toggle since it lacks an implementation without Play services integrated into the OS
• kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.131
• Vanadium: update to version 117.0.5938.44.0
• Vanadium: update to version 117.0.5938.44.1
• Vanadium: update to version 117.0.5938.60.0
• GmsCompatConfig: update to version 73
• GmsCompatConfig: update to version 74
• adevtool: add command for fetching info about stock OS kernels from AOSP repositories

Changes in version 74:

• update max supported version of Play services to 23.36
• update max supported version of Play Store to 37.5

A full list of changes from the previous release (version 73) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 117.0.5938.60.0:

• update to Chromium 117.0.5938.60.0

A full list of changes from the previous release (version 117.0.5938.44.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 73:

• update max supported version of Play services to 23.35
• update max supported version of Play Store to 37.4

A full list of changes from the previous release (version 72) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Changes in version 117.0.5938.44.1:

• add back cross-origin referrer override toggle with a fix for WebView compatibility

A full list of changes from the previous release (version 117.0.5938.44.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Changes in version 117.0.5938.44.0:

• update to Chromium 117.0.5938.44

A full list of changes from the previous release (version 116.0.5845.172.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Tags:

• 2023090600-coral (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level
• 2023090600 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023090600-tangorpro (Pixel Tablet)
• 2023090600-felix (Pixel Fold)

Changes since the 2023090200 release:

• full 2023-09-01 security patch level (early release based on AOSP 13 security backports since the AOSP/stock monthly release is not available yet)
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.194
• kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.130
• Vanadium: update to version 116.0.5845.172.0

Changes in version 116.0.5845.172.0:

• update to Chromium 116.0.5845.172

A full list of changes from the previous release (version 116.0.5845.163.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.