GrapheneOS

I really like GrapheneOS but I hate pixel UI. I know you can use a launcher, but I would prefer something like color OS. Is there any timeline on when graphene might be ported to other devices?

Tags:

• 2025032100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025031400 release:

• Sandboxed Google Play compatibility layer: improve support for overriding Gservices flags to avoid situations where our overrides aren't used leading to compatibility issues (this should fix a recent Play services crash that's being reported)
• Sandboxed Google Play compatibility layer: improve support for overriding phenotype flags and fix flag overrides not being applied in some cases
• fix 2 upstream lockscreen layout bugs with split shade used on folding phones (for the inner screen) and tablets
• fix upstream lockscreen layout bug with placement of alarm and Do Not Disturb information
• fix upstream lockscreen layout bug hiding date text when media is playing
• enable support for the new desktop mode as an additional developer option toggle (Pixel Tablet already has this as the main toggle)
• Terminal (virtual machine management app): backport upstream improvements
• System Updater: raise download buffer size
• System Updater: delete update package immediately after completion
• System Updater: fall back to downloading and installing a full update if an incremental (delta) update fails initialization which occurs when a firmware or OS image has been corrupted (extremely rare edge case due to verified boot)
• System Updater: retry faster if installation fails
• System Updater: improve error checking to provide better error messages
• System Updater: close update package zip file earlier
• Network Location: require TLSv1.3 for GrapheneOS services instead of either TLSv1.2 or TLSv1.3
• kernel (6.6): update to latest GKI LTS branch revision
• Seedvault: update to 15-5.4 (will be replaced with a better backup implementation in the future)
• stop disabling inclusion of device diagnostics functionality now that it's available in the Android Open Source Project
• Vanadium: update to version 134.0.6998.108.0

Changes in version 134.0.6998.135.0:

• update to Chromium 134.0.6998.135

A full list of changes from the previous release (version 134.0.6998.135.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Android 15 QPR2 introduced a bug where the Microphone indicator will sometimes remain active after Microphone usage ends. We've confirmed this issue is present in the stock Pixel OS for both Android 15 QPR2 and Android 16 Beta 3. We're working resolving the regression but haven't figured it out yet.

Here are several upstream issue reports:

https://issuetracker.google.com/issues/388151378 https://issuetracker.google.com/issues/392596949 https://issuetracker.google.com/issues/401832184

It does not mean that apps are actually continuing to use the Microphone. They introduced a bug where the OS can miss that it stopped.

Second donation to GrapheneOS by the Proton Foundation:

https://discuss.grapheneos.org/d/21033-second-donation-to-grapheneos-by-the-proton-foundation

Latest release of Vanadium has support for passkeys without Google Play services via the Android 15 credential manager:

https://grapheneos.social/@GrapheneOS/114186195115859187

Proton Pass and Bitwarden are examples of apps providing passkeys without Play services.

Chromium team developed a new font rendering library (Skrifa) as part of their Fontations library written in Rust. Skrifa now provides memory safe rendering for all web fonts since Chromium 133 for Android, ChromeOS and other Linux distributions:

https://developer.chrome.com/blog/memory-safety-fonts

This is a post from 2022 about Android:

https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html

Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language.

Android has much more heavily adopted Rust since then. It’s nice to see Chromium starting.

Android is using Rust as the low-level language of choice for new low-level components outside of the Linux kernel and is working towards enabling using it for new drivers. They’re not mass porting code to it but rather it has largely replaced C++ for new components and rewrites.

Changes in version 134.0.6998.108.0:

• update to Chromium 134.0.6998.108
• add support for using passkeys without Play services via the Android 15 credential manager (not every passkey provider supports this)
• disable barcode and text detection features depending on Play services dynamite modules to avoid violating Dynamic Code Loading (DCL) via Storage restrictions especially since it can't be turned off for base OS apps by users

A full list of changes from the previous release (version 134.0.6998.95.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Tags:

• 2025031400 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025031300 release:

• Sandboxed Google Play compatibility layer: add back default values to the API definitions for our reimplementation of the Google Play location service since dropping them in the previous release (2025031300) broke compatibility with a subset of apps and prevented us moving it past our Alpha channel (all the improvements from the previous release are still present)
• adevtool: fix support for checking stock OS kernel revision

Since 6th/7th/8th generation Pixels have moved to the Linux 6.1 LTS branch with Android 15 QPR2 from 5.10 (6th/7th gen) and 5.15 (8th gen), we've closed issues filed about kernel crashes for those devices. Many kernel bugs will be gone and any remaining ones need updated reports.

GrapheneOS adds user-facing system crash reporting to make up for us not having automated crash reporting for privacy reasons. Any hardware lockup or hard reset is called a kernel crash, including holding power, so most aren't useful since they just show a hardware lockup/reset.

We report some forms of system crashes by default including memory corruption detected by hardware memory tagging in both the kernel and userspace. Full reporting can be enabled in Settings > Security & privacy > More security & privacy > Notify about system process crashes.

We don't have it fully enabled by default because we'd get a flood of reports about hardware lockups/resets while devices are asleep and not being used, etc. Rest are near entirely upstream bugs and we can't fix all of them. We focus on the ones detected by our security features.

Workaround for very rare fingerprint firmware glitch with Android 15 QPR2:

https://discuss.grapheneos.org/d/20636-workaround-for-very-rare-fingerprint-firmware-glitch-with-android-15-qpr2

This applies to the stock Pixel OS, GrapheneOS or another OS based on Android 15 QPR2 running on Pixel devices with the OS providing the latest firmware released this month.

This issue appears to be specific to the non-Pro Pixel 9. We have no reports of it happening on any other device models. We're continuing to look into it. Perhaps we can find a workaround for it before there's a patch for the stock OS / AOSP such as retrying connecting to it.

For our next release after 2025030800, we've added support for the Android 15 QPR2 Terminal for running other operating systems using hardware virtualization. It's currently only a terminal but Android is adding support for graphics and GPU acceleration for a future release.

Android has a greatly overhauled desktop mode on the way to replace the current primitive proof of concept in developer options. 6th gen Pixels added hardware-based virtualization support and 8th gen Pixels added USB-C DisplayPort alternate mode. It will all come together soon.

Overhauled desktop mode is already partially shipped as a disabled-by-default feature. Android enables some of it for the Pixel Tablet already but not Pixel phones. We plan to enable the same feature flags for phones too. Either way, it's an experimental developer option for now.

Beyond using a phone or tablet as a desktop by connecting a display, keyboard, mouse, etc. to the USB-C port, we want to eventually have support for GrapheneOS on laptops. There's currently no laptop close to meeting the hardware requirements we cover at https://grapheneos.org/faq#future-devices.

On Pixels, virtualization implemented based on pKVM (see https://source.android.com/docs/core/virtualization/security for how it's different from KVM) and CrosVM from extended with Android specific code. CrosVM is written in Rust so it fits in well with Android using Rust for new or rewritten low-level components.

This release adds support for the experimental virtual machine management app introduced in Android 15 QPR2. It currently only provides support for managing a single VM and interacting with it via a WebView-based terminal. Android is in the process of adding support for graphics and GPU acceleration for a future release. For now, it's only available in developer options due to being highly experimental. We don't recommend using developer options on a production device, but you can temporarily enable it to turn on this feature and turn them back off without it being disabled like most developer options. The data inside it should currently be treated as disposable rather than relying on it not losing it from a bug or a backwards incompatible update. We plan to support choosing other guest operating systems beyond the Debian-based image provided by Android along with taking far more advantage of the virtualization infrastructure.

Tags:

• 2025030900 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025030800 release:

• SystemUI: re-enable migrate_clocks_to_blueprint and communal_hub flags with workarounds for upstream issues when using standard AOSP UI components instead of Pixel OS components
• Android Debug Bridge: fix upstream crash caused by a race condition that sometimes unregistered a closed file descriptor from epoll
• Sandboxed Google Play compatibility layer: fix issue breaking RPC transactions which impacts the Terminal app
• Sandboxed Google Play compatibility layer: add implementation of isGoogleLocationAccuracyEnabled() to the location rerouting implementation always returning true to fix compatibility with apps checking for it
• Sandboxed Google Play compatibility layer: fix definition of IStatusCallback.onCompletion() to slightly improve performance
• allow Terminal app to use WebView JIT since it requires WebAssembly
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.80

Changes in version 134.0.6998.95.0:

• update to Chromium 134.0.6998.95

A full list of changes from the previous release (version 134.0.6998.39.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Our 2025030900 release currently in the Beta channel is the first one with support for managing hardware-based virtual machines via the Terminal app in Android 15 QPR2. Since then, we've backported massive improvements to the feature for an upcoming new release, maybe even today.

Backports include terminal tabs, GUI support with opt-in GPU hardware acceleration (ANGLE-based VirGL until GPU virtualization support is available), speaker/microphone support and fixes for a bunch of bugs including overly aggressive timeouts. We're working on VPN compatibility.

At the moment, the Terminal app isn't compatible with having a VPN in the Owner user. It only works if VPN lockdown (leak blocking) is disabled and the VPN allows local traffic to pass through. It's also not clear how it SHOULD interact with a VPN since VPNs are profile-specific.

As a preview of what's going to be possible in the upcoming release of GrapheneOS, here's a screenshot from a Pixel Tablet running desktop Chrome in a virtual machine with basic GPU acceleration via ANGLE on the host. The infrastructure is a lot more robust than the Terminal app.

Our next release also enables running the Terminal app in secondary users. There's still the temporary limitation of only being able to use a single VM on the device at a time because the dedicated internal network interface it uses for the Terminal app isn't split up at all yet.

GUI VM support will have 2 main use cases:

1. Running a specific app or an entire profile via GrapheneOS virtual machines seamlessly integrated into the OS.
2. Running Windows or desktop Linux applications with desktop mode + USB-C DisplayPort alt mode on the Pixel 8 and later.

This virtual machine management app (Terminal) will be handling the 2nd case. It's essentially already available in a very primitive way. We expect this to become much more usable and robust entirely from the upstream Android work on the virtual machine and desktop mode features.

Notable changes in version 83:

• improve layout on very tall screens

A full list of changes from the previous release (version 82) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

For some reason my phone isn't letting me switch to other profiles. The button "switch to 'profile name' " is grayed put completely. I have tried restarting and still no dice. Running on a google pixel 8.

Any help is appreciated and thank you for your time.

EDIT: I was able to get it figured out. I was posting on behalf of my wife, I guess she disabled the profile somehow accidentally 😂

Basically no sellers I’ve seen whether their Pixels can have their boot loader unlocked. So how did you get yours and how can I avoid getting a lemon?

How do you get apps and updates?

I get apps from Aurora and Obtanium (github, fdroid etc). I'll download the odd app from Play store where it won't work otherwise.

I have Aurora and Obtanium set up to do automatic updates. Play store is set to manual.

My concern is primarily that I am relying on Aurora when that could be a risk. I think I read somewhere that the GrapheneOS team prefer Play store to Aurora - something to do with its anonymous logins.

Are there any other risks?

So far, the only release blocking regression reported for our port to Android 15 QPR2 is the main user interface for setting the wallpaper not loading. This has blocked it reaching the Beta and Stable channels but we'll get it quickly resolved and another release pushed out.

Android 15 QPR2 added initial support for running other operating systems with the existing hardware-based virtualization support. It will be getting graphical support with acceleration upstream. It will be very useful for desktop support, especially if we add Windows 11 support.

The new virtualization feature isn't supported in our initial release because we need to set it up and make it compatible with our hardening features. It's not part of the initial porting process but will be a very high priority once that's done, and then we'll be extending it.

The desktop mode that's available in developer options is a legacy proof of concept. There's a new far better desktop mode gated behind feature flags that's far better. DisplayPort alternate mode on Pixel 8 and later + hardware virtualization will be getting much more useful.

We'll also be using virtualization for running a nested variant of GrapheneOS for improved sandboxing beyond what the Linux kernel can provide even with substantial hardening and attack surface reduction. It will play a much bigger role than the current niche microdroid usage.

Notable changes in version 82:

• downgrade CameraX to 1.5.0-alpha04 since both 1.5.0-alpha05 and 1.5.0-alpha06 crash when using Night mode on Android 15 QPR2 released this month for Pixels
• extend workaround to avoid video recording crash on a small subset of low-end devices caused by the OS wrapping the capture button drawable inside of another type we didn't request which leads to an invalid cast exception when animating it to start video recording
• update AndroidX ConstraintLayout library to 2.2.1
• update Android Gradle plugin to 8.8.2

A full list of changes from the previous release (version 81) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Tags:

• 2025030700 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025030500 release:

• Wallpaper Picker: backport upstream fix for an Android 15 QPR2 bug causing the UI for picking the wallpaper to be blank
• fix upstream system_server crash introduced in Android 15 QPR2 related to Bluetooth telephony integration
• backport upstream fixes for 13 different system_server null pointer exception crashes, an array out of bounds system_server exception and an NFC resolver activity null pointer exception
• backport upstream fix for voice volume adjustments in certain apps
• adevtool (Pixel Tablet): remove unintentional deviation from standard memory pinning configuration
• adevtool: remove unnecessary PersistentBackgroundServices app
• adevtool: filter out config_pluginAllowlist SystemUI overlay to avoid breaking the clock layout by referring to non-AOSP SystemUI clocks
• Sandboxed Google Play compatibility layer: fix Google Play Services for AR not being installable from the Play Store anymore
• Sandboxed Google Play compatibility layer: fix development option for installing the Pixel Thermometer (Pixel Health) app
• add inet group for vmnic (virtual machine networking functionality) to make it compatible with our group-based Network permission enforcement used as another layer of security
• Camera: update to version 82

Notable changes in version 30:

• work around regression in version 29 for release builds caused by removing necessary R8 rules

A full list of changes from the previous release (version 29) is available through the Git commit log between the releases.

App Store is the client for the GrapheneOS app repository. It's included in GrapheneOS but can also be used on other Android 12+ operating systems. Our app repository currently provides our standalone apps, out-of-band updates to certain GrapheneOS components and a mirror of the core Google Play apps and Android Auto to make it easy for GrapheneOS users to install sandboxed Google Play with versions of the Google Play apps we've tested with our sandboxed Google Play compatibility layer.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Our network location implementation's 3D trilateration is using far too much CPU so we're going to temporarily downgrade back to 2D until we heavily optimize it. We'll make an efficient Rust implementation to replace the initial Kotlin code and we'll see how fast we can make it.

3D is useful to take advantage of Apple's network location data having altitudes for a lot of networks. It helps a lot with estimating a position around buildings with more than a couple floors. Upgrading it to 3D helped a lot with some downtown areas but it's much too slow now.

This is an early March security update release based on the March 2025 security patch backports since the quarterly Android Open Source Project and stock Pixel OS release (Android 15 QPR2) scheduled for this month hasn't been published yet.

Tags:

• 2025030300 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, emulator, generic, other targets)

Changes since the 2025030200 release:

• full 2025-03-01 security patch level
• Network Location: temporarily disable using altitude in trilateration for now because 3D trilateration is using an excessive amount of CPU time and we need to greatly optimize it with algorithm level improvements, porting it to Rust and other optimizations before we can use 3D
• App Store: update to version 29
• App Store: update to version 30