KindnessInfinity

Changes in version 62:

• update max supported version of Play Store to 36.5
• update Gradle to 8.2
• update Android Gradle plugin to 8.0.2

A full list of changes from the previous release (version 61) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

July release of the Android Open Source Project and stock OS for the Pixel Fold is delayed, likely only for a few days. The device was just released on June 27th with official support shipped in a GrapheneOS release on June 28th so it doesn't make sense to do an incomplete early release. We'll include it as part of this release when the official July release is available.

Tags:

• 2023070500-coral (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level
• 2023070500 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets
• 2023070500-tangorpro (Pixel Tablet)

Changes since the 2023062800 release:

• full 2023-07-01 security patch level
• full 2023-07-05 security patch level
• rebased onto TQ3A.230705.001 (generic, coral) and TQ3A.230705.001.B4 (tangorpro) Android Open Source Project releases
• do not report pseudo-"network" location provider to be always disabled (resolves regression with network location compatibility from 2023062300)
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): update to latest GKI LTS branch revision including update to 5.10.185
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): revert 2 f2fs garbage collection optimizations backported in the Android GKI tree since at least one of them appears to be broken which we ran into in our previous 2023061400 release and now multiple OEMs including Xiaomi have encountered the issue in their own testing too
• kernel (Generic 5.15): update to latest GKI LTS branch revision including update to 5.15.119
• disable unused instant app features at boot
• disable problematic "Add users from lock screen" setting at boot
• Settings: remove problematic "Add users from lock screen" setting
• Dialer: re-enable false gesture detection for answering calls, which can be replaced with a newer implementation in the near future instead of it being removed
• Settings: require device restart to disable eSIM activation app via our toggle
• Seedvault: update to latest revision (we plan on replacing this with a new backup implementation since Seedvault is buggy/unreliable, has consistently needed security fixes applied downstream, has failed to provide the originally planned core features and despite being initially created by a GrapheneOS community member for GrapheneOS was taken over by a group hostile towards it)
• PDF Viewer: update to version 17
• GmsCompatConfig: update to version 61

cross-posted from: https://lemmy.ml/post/1784484

Cellebrite and others in their industry use logical extraction to refer to extracting data from a device after unlocking it, enabling developer options (requires PIN/password), enabling ADB and permitting access for the ADB key of the attached device. See https://cellebrite.com/en/glossary/logical-extraction-mobile-forensics/ The baseline doesn't involve exploitation. The next step up is exploitation via ADB to obtain more data than ADB makes available.

Obtaining data from a locked device requires an exploit. If it was unlocked since boot, the OS can access most data of the currently logged in users.

GrapheneOS includes our auto-reboot feature to automatically get data back at rest so that it's not obtainable even if the device is exploited. Can set this to a much lower value than the default 72 hours. 12 hours won't cause inconveniences for most users, but you can go lower.

User profiles that are not currently active have their data at rest. GrapheneOS provides the option to put secondary users back at rest via end session for convenience. Sensitive global system data is stored by the Owner user, which is why you can't log into another user first.

GrapheneOS also provides the option to disable keeping a secondary user active in the background, to force ending the session when switching away from it.

We provide substantial exploit protection features (https://grapheneos.org/features#exploit-protection), and we're working on some major improvements.

For user profiles that are not currently logged in, their data is protected by encryption even if the device is exploited. An attacker needs to brute force the password. If you use a strong random passphrase, they cannot do it. Otherwise, you depend on hardware-based security.

Most Android devices don't have decent hardware-based encryption security. If a typical Android device has the OS exploited, the attacker can trivially bypass any typical PIN/passphrase via brute force. We only support devices defending against this (https://grapheneos.org/faq#encryption).

iPhones, Pixels and certain other Android devices provide hardware-based throttling of unlock attempts via a secure element. We explain how this works at https://grapheneos.org/faq#encryption. This protection depends on security of the secure element, which is quite good for Pixel 6 and later.

Cellebrite and others in their industry use logical extraction to refer to extracting data from a device after unlocking it, enabling developer options (requires PIN/password), enabling ADB and permitting access for the ADB key of the attached device. See https://cellebrite.com/en/glossary/logical-extraction-mobile-forensics/ The baseline doesn't involve exploitation. The next step up is exploitation via ADB to obtain more data than ADB makes available.

Obtaining data from a locked device requires an exploit. If it was unlocked since boot, the OS can access most data of the currently logged in users.

GrapheneOS includes our auto-reboot feature to automatically get data back at rest so that it's not obtainable even if the device is exploited. Can set this to a much lower value than the default 72 hours. 12 hours won't cause inconveniences for most users, but you can go lower.

User profiles that are not currently active have their data at rest. GrapheneOS provides the option to put secondary users back at rest via end session for convenience. Sensitive global system data is stored by the Owner user, which is why you can't log into another user first.

GrapheneOS also provides the option to disable keeping a secondary user active in the background, to force ending the session when switching away from it.

We provide substantial exploit protection features (https://grapheneos.org/features#exploit-protection), and we're working on some major improvements.

For user profiles that are not currently logged in, their data is protected by encryption even if the device is exploited. An attacker needs to brute force the password. If you use a strong random passphrase, they cannot do it. Otherwise, you depend on hardware-based security.

Most Android devices don't have decent hardware-based encryption security. If a typical Android device has the OS exploited, the attacker can trivially bypass any typical PIN/passphrase via brute force. We only support devices defending against this (https://grapheneos.org/faq#encryption).

iPhones, Pixels and certain other Android devices provide hardware-based throttling of unlock attempts via a secure element. We explain how this works at https://grapheneos.org/faq#encryption. This protection depends on security of the secure element, which is quite good for Pixel 6 and later.

Notable changes in version 17:

• set zoom ratio to fit document to window size by default
• decrease minimum zoom ratio to 0.2 from 0.5 (can zoom out much further)
• replace custom file size parsing with Android implementation
• avoid uncaught exception when parsing file sizes from certain Storage Access Framework providers
• new text layer rotation implementation based on CSS transforms
• update pdf.js to 3.8.162
• update Material library to 1.9.0
• update Kotlin to 1.8.22
• update Gradle to 8.2
• update Android Gradle plugin to 8.0.2 -:add Gradle verification metadata
• remove legacy roundIcon attribute
• add eslint integration
• improve implementation quality including porting some code to Kotlin

A full list of changes from the previous release (version 16) is available through the Git commit log between the releases.

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. Content-Security-Policy is used to enforce that the JavaScript and styling properties within the WebView are entirely static content from the apk assets. It reuses the hardened Chromium rendering stack while only exposing a tiny subset of the attack surface compared to actual web content. The PDF rendering code itself is memory safe with dynamic code evaluation disabled, and even if an attacker did gain code execution by exploiting the underlying web rendering engine, they're within the Chromium renderer sandbox with no access to the network (unlike a browser), files, or other content.

This app is available through the Play Store with the app.grapheneos.pdfviewer.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.grapheneos.pdfviewer app id are published in the GrapheneOS app repository and on GitHub. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Beta channel for both the Play Store and our app repository and then get moved to the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our app repository or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Changes in version 61:

• update max supported version of Play services to 23.25
• update max supported version of Play Store to 36.4

A full list of changes from the previous release (version 60) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS releas

We recently formed the GrapheneOS Foundation as a non-profit organization and we'll be using it for accepting most donations to the project.

We'll be accepting Stripe donations directly instead of needing to go through GitHub Sponsors once we get through our bank's KYC process.

PayPal approved our application today but we're still waiting on the bank. Each bank and financial service has their own take on KYC (Know Your Customer) compliance. Each of our directors is in a different country with different languages and in some cases incompatible laws...

We've added links to make one-time, monthly or yearly donations to our non-profit via PayPal:

https://grapheneos.org/donate#paypal

Stripe's base fee is the same (2.9% + 30 cents) but their fees for international transactions (0.6%) and currency conversion (2%) are better. We'll add it ASAP.

Tags:

• 2023062800-coral (Pixel 4, Pixel 4 XL) — extended support release for legacy devices with frozen 2022-11-01 patch level
• 2023062800 (Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, emulator, generic, other targets)
• 2023062800-tangorpro (Pixel Tablet)
• 2023062800-felix (Pixel Fold)

Changes since the 2023062300 release:

• add initial Pixel Fold support
• replace unused BUILD_ID field with device name in release channel metadata
• System Updater: add enforcement of device name in release channel metadata as a misuse resistance improvement
• Settings: mark DSUs (Dynamic System Updates) as unsupported
• Launcher: add back Storage Scopes and Contact Scopes links to launcher icon shortcuts since this is now separate from the recent apps screen
• Pixel Tablet: set default screen rotation to landscape mode (270 degrees) since we disable auto-rotation by default (due to the manual rotate button appearing after rotation) and the current default means that the device starts locked in portrait mode in the initial setup which gives a bad impression
• kernel (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Generic 5.10): add missing non-security patch
• Vanadium: update to version 114.0.5735.196.0
• Auditor: update to version 73

GrapheneOS now has experimental support for the Pixel Fold. It's available for download on our staging site:

https://staging.grapheneos.org/releases

It can also be installed with our easy to use web installer:

https://staging.grapheneos.org/install/web

It will be included in our upcoming production release.

Notable changes in version 73:

• add Pixel Fold support
• add new attestation protocol version 5 with updated DEFLATE dictionary to make QR codes easier to scan from current generation devices using remote key provisioning (protocol version 4 is still supported)

A full list of changes from the previous release (version 72) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS app repository and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS app repository client on Android 12 or later for automatic updates.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

Releases are initially pushed out through the Alpha channel channel for both the Play Store and our app repository, then get moved to the Beta channel and finally the Stable channel.

GrapheneOS users must obtain GrapheneOS app updates through our app repository since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

cross-posted from: https://lemmy.ml/post/1573082

We've almost finished adding support for the Pixel Fold but we don't have access to one yet since they weren't sold outside of a few countries.

Does anyone have one that's able to spend a few hours testing different things? You need to be able to run ADB on an attached computer.

If you want to help with this, please join #testing:grapheneos.org on Matrix. Support for the Pixel Fold will come soon but we don't have access to the device ourselves yet and are missing testers as a substitute for that. We can likely finish adding support quickly.

Thank you

Changes in version 114.0.5735.196.0:

• update to Chromium 114.0.5735.196

A full list of changes from the previous release (version 114.0.5735.131.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.