this post was submitted on 03 Oct 2025
22 points (100.0% liked)

GrapheneOS [Unofficial]

3274 readers
22 users here now

Official announcements from the GrapheneOS project.

Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

Search c/GrapheneOS.

For discussions about the GrapheneOS project, visit our forum or join our community chat.

Our Code of Conduct.

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility. This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

Please use our official install guides for installation and check our features pageusage guide and FAQ for information before asking questions in our discussion forum or chat rooms to get as much information as possible from what we've already carefully written/reviewed for our site.

Contact the moderators of this community if you have any questions or concerns.

founded 4 years ago
MODERATORS
KindnessInfinity@lemmy.ml
maade@lemmy.ml
akc3n@lemmy.ml
treequell@lemmy.world
other8026@lemmy.ml
Metr0pl3X@lemmy.ml
akc3n@grapheneos.social
Skorp@sh.itjust.works
22
GrapheneOS version 2025100300 released (grapheneos.org)
submitted 3 weeks ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml
2 comments fedilink hide all child comments
 

Tags:

  • 2025100300 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025092700 release:

  • add support for force enabling VoLTE, VoNR and 5G for carriers where those aren't supported with the standard configurations
  • revert backport of Pixel Wi-Fi extension APEX from Android 16 QPR1 due to it causing a system_server crash since it needs changes there too (this does not reduce the patch level)
  • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.154
  • kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.108
  • kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.49
  • update SQLite to 3.44.5 LTS release
  • Network Location, System Updater: add new Let's Encrypt roots to TLS key pinning configuration
  • GmsCompatConfig: update to version 162
  • Camera: update to version 89

Additional security patches from the November 2025 and December 2025 Android Security Bulletins are included in the 2025100301 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2025-48593
  • High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48544, CVE-2025-48555, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48581, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48607, CVE-2025-48609, CVE-2025-48611, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621

We're allowed to provide an early release with these patches and to list the CVEs but must wait until the embargo ends to publish sources or details on the patches. We strongly disagree with broadly distributing patches to OEMs 3-4 months before the official publication date. It further delays getting patches to users and sophisticated attackers will have no issue getting the patches from one of many people at Android OEMs with early access. It should be limited to at most 7 days. The lack of actual secrecy has been acknowledged through Android limiting the embargo to source code and details which allows us to fix these early. We're doing it with separate opt-in releases to keep the regular releases properly open source instead of delayed open source. We plan to integrate this choice into the initial setup wizard. The positive side is that we can now provide patches to people who truly need them without even the previous 1 month embargo delay.

top 2 comments
sorted by: hot top controversial new old
[–] zdhzm2pgp@lemmy.ml 5 points 3 weeks ago (1 children)

So, possibly off-topic here, but any thoughts from the folks at Graphene about the whole Google dev registration/F-Droid kerfuffle? with regard to possibly forking from Android?

[–] PaintedDurian@mstdn.social 3 points 3 weeks ago

@zdhzm2pgp
@KindnessInfinity

... Graphene IS a fork of Android. They don't even follow all of Google's rules.
And this impacts stock. GrapheneOS is not directly impacted, and neither are other alt-OSes. Although since F-droid will suffer, there may be less software on it for Graphene users. Apps from anonymous devs may have much less incentive to keep up development just for these alt-OSes.