GrapheneOS version 2024100800 released:
https://grapheneos.org/releases#2024100800
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/16321-grapheneos-version-2024100800-released
#GrapheneOS #privacy #security
nostr:npub129v4vvtw2e50x87p7c6p2w05fgsmt8207qg6q54gsvmxkwpcmqsq99rm05 We refute it when we see it, but it would be far better if we had a community which was far more active at defending the project against these attacks. It would avoid us needing to spend nearly as much time on it as we do and would also help to protect us from getting attacked for debunking misinformation. A lot of the attacks are based on making false claims and then claiming our team in insane, delusional, etc. after posting detailed replies debunking low effort lies.
nostr:npub129v4vvtw2e50x87p7c6p2w05fgsmt8207qg6q54gsvmxkwpcmqsq99rm05 There are people actively trying to harm GrapheneOS through getting very low quality news sites to repeat the attacks and then trying to reference that from Wikipedia, etc. Almost all of this involves people posting dishonest attacks referencing other people doing the same in cycles. This is really the main area we need help so we can focus on development and much less on defending ourselves. It's harder for people to help us with the spurious legal system attacks, etc.
nostr:npub129v4vvtw2e50x87p7c6p2w05fgsmt8207qg6q54gsvmxkwpcmqsq99rm05 We refute it when we see it, but it would be far better if we had a community which was far more active at defending the project against these attacks. It would avoid us needing to spend nearly as much time on it as we do and would also help to protect us from getting attacked for debunking misinformation. A lot of the attacks are based on making false claims and then claiming our team in insane, delusional, etc. after posting detailed replies debunking low effort lies.
Our understanding is that there will be a stable release of Android 15 on October 15th. We fully ported all our changes to it by September 3rd after the early source code release in September. We'll aim to have a release out within 24h of the stable release being pushed to AOSP.
GrapheneOS users on 8th/9th gen Pixels are making a massive contribution to getting memory corruption bugs in the open source ecosystem thanks to the nice crash report notifications created by our hardware memory tagging feature. One of the latest fixes:
nostr:npub1578zkr7u7pekanq7r5jyw73q6ehsdcu0yt9crfqf6uwejhgdg3usnhc8qd nostr:npub1f2jmj66ulsv5p3hqngd4c8lw7q7p2v8sal5etdshspkj5yf7x0fq9z78qn Most carriers don't lock the devices they sell. It's mainly an issue in the US.
nostr:npub1f2jmj66ulsv5p3hqngd4c8lw7q7p2v8sal5etdshspkj5yf7x0fq9z78qn nostr:npub1578zkr7u7pekanq7r5jyw73q6ehsdcu0yt9crfqf6uwejhgdg3usnhc8qd It always shows that by default when locked. It doesn't mean it can't be unlocked. See https://grapheneos.org/install/web.
nostr:npub1tva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqgg2yl5 I was wondering if GrapheneOS will get Private Space as well?
nostr:npub10p76mcwj8y3lkrsf4raxq3j43lq2l043363u4g3xs08dn4v56hasagmy3g Yes, and we've already been testing it via the Android 15 flags available in Android 14 QPR3. We already ported our changes to support those things previously. We have our Android 15 port largely done now.
GrapheneOS support for the Pixel 9 Pro Fold is no longer marked experimental and is now available through our production site:
https://grapheneos.org/releases https://grapheneos.org/install/web
Our 2024083100 release has been confirmed to be working and to have a working future upgrade path.
We've published an initial experimental release for the Pixel 9 Pro Fold on our staging site:
https://staging.grapheneos.org/releases#comet-stable
https://staging.grapheneos.org/install/web
Our preordered Pixel 9 Pro Fold for our device testing farm hasn't arrived yet so we'll be relying on others to test the early builds.
Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it.
GrapheneOS support for the Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL is now available via our official site in addition to our staging site.
https://grapheneos.org/install/web
Most users don't have any issues. 2 people reported an occasional Wi-Fi connectivity issue not happening for others.
https://x.com/cryps1s/status/1824077327577591827
This is a fake story. Turns out that getting security information from the CISO of a mass surveillance company trying to build a dystopian police state providing police with "predictive policing" software largely based on racial stereotypes is a bad move.
Here's a thread from 2017 posted from our project's previous Twitter account which was stolen in 2018:
https://x.com/CopperheadOS/status/903362108053704704
Incredibly important to note that this thread directly involves the CEO of Trail of Bits that's now claiming their iVerify team discovered these apps.
GrapheneOS has publicly posted about the carrier apps included on Pixels and their privileged permissions on numerous occasions. We talked about the ones which get enabled automatically based on using a SIM from a carrier rather than a disabled demo without an automatic trigger.
GrapheneOS has gone through each of the carrier apps included on Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for ProtonAOSP and GrapheneOS in 2021:
Wired should retract the article and explain how they're going to do better. They keep publishing this kind of fearmongering misinformation from information security industry charlatans. There are real remote code execution flaws being fixed in Android and iOS but they push this.
"The most straightforward way to do this would involve having physical access to a victim's phone as well as their system password or another exploitable vulnerability that would allow them to make changes to settings. Google's Fernandez emphasized this limiting factor as well."
"iVerify vice president of research [...] points out that while Showcase represents a concerning exposure for Pixel devices, it is turned off by default. This means that an attacker would first need to turn the application on in a target's device before being able to exploit it."
This is one of multiple carrier apps in the stock Pixel OS which we don't include in GrapheneOS. We were aware of it already since we had to go through them and figure out why they exist. We could embrace this fearmongering and leverage it for marketing, but we aren't dishonest.