Nostr Web Client

#GrapheneOS based on Android 16 has been through extensive public Alpha/Beta testing and should reach our Stable channel today. We'll continue fixing various upstream Android 16 regressions such as the back button issue impacting the stock Pixel OS we fixed in our latest release.

July Android Security Bulletin will likely be published today. We obtained early access to the signed partner preview and confirmed no additional patches were required, so we set the 2025-07-01 patch level last month after we backported Pixel 2025-06-05 driver/firmware patches.

Tomorrow will likely be the first monthly update of Android 16 with a new Android Open Source Project and Pixel stock OS release. We won't need to backport Pixel driver/firmware patches since we're on Android 16 and can simply incorporate and ship the monthly update within hours.

Final 6mo ago

It can be extraordinarily difficult to backport driver/firmware patches due to dependencies on the new major release. We were only able to backport everything required for the 2025-06-05 security patch level because Android 15 QPR2 is much closer to Android 16 than Android 15.

Reply to this note

Please Login to reply.

Discussion

Final 6mo ago

After our Android 16 port was completed yesterday, we started fixing an Android tapjacking vulnerability disclosed last month:

https://taptrap.click

We have a fix implemented and it will be included in our next release, likely with the monthly Android 16 update tomorrow.

This vulnerability was disclosed to Google in October 2024 and Android still hasn't fixed it. Security researchers should report vulnerabilities to #GrapheneOS in addition to Google. This now joins many other fixes for serious vulnerabilities which are exclusive to GrapheneOS.

Shawn 6mo ago

If I understand correctly, this will be in Stable?

Final 6mo ago

A GrapheneOS Android 16 release SHOULD be in Stable by today. This update with patch will release shortly after then go into stable a while after.