KindnessInfinity

Changes in version 132:

• add workaround for chain crash on unsupported Android 12.1 devices end-of-life for almost 3 years as a special exception which won't be followed with other fixes for known issues (not realistic for us to indefinitely support devices and users need to move to supported devices)

A full list of changes from the previous release (version 131) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.

Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger.

Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms.

A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: https://words.filippo.io/dispatches/telegram-ecdh/.

The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats.

Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government.

Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE.

Apps like Signal and SimpleX can't access messages, media and profiles. Telegram has access to all content in private group chats and regular private messages unless people used a secret chat. They can automatically scan it, moderate and provide data to authorities based on it.

Telegram chose to have the technical capability to see all private group chats and regular direct messages. In doing so, they put private user data at risk of seizure by governments. The scramble to try to delete data shows lack of basic threat modelling:

https://x.com/sambendett/status/1827712700299821277

Even Facebook's WhatsApp uses end-to-end encrypted direct messages and group chats and WhatsApp is clearly not a private messaging app. It's not a niche feature. Telegram shouldn't have been heavily marketed as private/encrypted when most user data can be handed to governments.

Changes in version 131:

• disable Play services OS update services to avoid errors being shown for some users
• update max supported version of Play services to 24.33
• update max supported version of Play Store to 42.4

A full list of changes from the previous release (version 130) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS support for the Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL is now available via our official site in addition to our staging site.

https://grapheneos.org/install/web

Most users don't have any issues. 2 people reported an occasional Wi-Fi connectivity issue not happening for others.

Our third release for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available with a fix for adjusting volume levels and support for configuration vibration intensity. There have been 2 reports of occasional Wi-Fi connectivity issues which we're currently investigating.

The first update for GrapheneOS on the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available. It now has a full port of our hardware-level + software-level USB-C port control feature as a replacement for our legacy USB peripheral control feature: https://grapheneos.org/features#usb-c-port-and-pogo-pins-control.

Currently, the only known issue with support for 9th generation Pixels is all volume levels above 0% currently acting the same way. We're actively working on this and should have a fix for it available soon. Once that's resolved, we're already close to a production release.

Experimental releases of GrapheneOS for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL can already be installed with the web installer on our staging site:

https://staging.grapheneos.org/install/web

Can also use the CLI install guide with the releases listed on the staging site releases page.

Our USB-C port control feature with both hardware-level and software-level enforcement hasn't been ported to them yet. They temporarily have our old USB peripherals toggle not depending on changes to device-specific USB HAL and USB-C kernel driver. We aim to get this done soon.

These are production builds signed with the official keys with our standard update system. They'll get updated to future releases without needing to reinstall the OS.

For now, please report issues to our testing chat room rather than our issue tracker: https://grapheneos.org/contact#community-chat.

Changes in version 128.0.6613.88.1:

• rebuild to resolve regression caused by x86_64 build used for the emulator being done with the arm64 configuration

A full list of changes from the previous release (version 128.0.6613.88.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024082200-redfin (Pixel 4a (5G), Pixel 5)
• 2024082200 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024082000 release:

• Settings: fix regression in the previous release which blocked it reaching the Stable channel by making the duress PIN/password configuration unavailable in secondary users again (it was only usable when the secondary user had the same unlock PIN/password as the Owner user)
• adevtool: remove non-functional repair mode support
• adevtool: remove non-functional digital car key support (requires privileged Google Play)
• adevtool: remove invalid clock font family overlay (google-sans-clock font not included)
• adevtool: update out-of-band carrier settings
• Pixel 8a: add Let's Encrypt (ISRG) roots for Samsung gnssd SUPL connections via adevtool instead to share the implementation with 9th generation Pixels
• kernel (6.1): update to latest GKI LTS branch revision
• Auditor: update to version 83
• Vanadium: update to version 128.0.6613.88.0

Changes in version 128.0.6613.88.0:

• update to Chromium 128.0.6613.88

A full list of changes from the previous release (version 127.0.6533.104.3) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Notable changes in version 83:

• add support for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL with either the stock OS or GrapheneOS
• mark legacy devices which are no longer supported as explicit unsupported
• update Android Gradle plugin to 8.5.2
• update Android NDK to 27.0.12077973
• update Gradle to 8.10
• update Guava library to 33.3.0

A full list of changes from the previous release (version 82) is available through the Git commit log between the releases.

The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version.

It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section.

This app is available through the Play Store with the app.attestation.auditor.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.attestation.auditor app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the GrapheneOS App Store on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with adb install-multiple with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

• 2024082000-redfin (Pixel 4a (5G), Pixel 5)
• 2024082000 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets)

Changes since the 2024080600 release:

• Settings: enable Safety Center and port all of the relevant GrapheneOS settings to it both to provide the more modern user interface and to prepare for the release of Android 15
• hide Safety Center camera extensions fallback toggle when it's not relevant (not used on Pixels)
• Package Installer: fix upstream bug causing null pointer exception in rare edge cases including a rare race condition
• require Owner user credential to check whether a duress PIN/password is enabled as hardening against potential UI bugs such as the upstream predictive back gesture issue we patched in the Settings app
• apply upstream change for 6th generation Pixels making snapuserd available in recovery to avoid a problem in a rare edge case where a factory reset occurs before finishing booting a new update
• apply minor upstream fixes for Settings which were temporarily only shipped for certain Pixels
• add fastboot to otatools.zip for optimized factory images generation
• flash-all: raise minimum fastboot version to 35.0.1
• kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.223
• kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.164
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.95
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.45
• remove duplicate Android.bp from unpacked otatools.zip to avoid breaking subsequent builds when it's unpacked in the source tree
• add Android 15 Beta build configuration for early development/testing of our Android 15 port via an ap2f release configuration enabling all of the available Android 15 feature flags
• port GrapheneOS changes to new code for Android 15 used by our Android 15 Beta build configuration
• Vanadium: update to version 127.0.6533.104.0
• Vanadium: update to version 127.0.6533.104.1
• Vanadium: update to version 127.0.6533.104.2
• Vanadium: update to version 127.0.6533.104.3
• GmsCompatConfig: update to version 128
• GmsCompatConfig: update to version 129
• GmsCompatConfig: update to version 130