Final

Security specialist and member of the GrapheneOS open source project.

Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored.

Matrix: f1nal:grapheneos.org

Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

NIP-05 Address

[email protected]

Profile Code

nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgspz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs6amnwvaz7tmwdaejumr0dsr8ed5e

Publishing to

relay.damus.io

nos.lol

Author Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

Show more details

Last Notes

2026-05-05 21:01:49 CEST

- reply

For the future, yes.
Work currently is being done on Messaging, Contacts (to be completely redone from their AOSP base) and Gallery (fork)

2026-05-05 20:47:17 CEST

#GrapheneOS version 2026050400 released.
This update implements a fix for a UDP VPN leak that Google did not choose to fix, support for lock screen widgets, and the latest security patch level.
• full 2026-05-01 security patch level
• disable registerQuicConnectionClosePayload optimization to fix VPN leak
• Sandboxed Google Play compatibility layer: add shim for BluetoothAdapter ACTION_REQUEST_ENABLE
• apply active Dynamic Code Loading restrictions for Java inside isolated processes
• add app API for checking Dynamic Code Loading restriction states
• fully enable lockscreen widget support by default to avoid the swipe gesture being missing for the Pixel 10a and the whole feature being missing for the emulator
• enable standard secure NFC mode by default which can be changed via Settings > Connected devices > Connection preferences > NFC > Require device unlock for NFC (note this only disables card emulation while locked rather than all uses of NFC)
• backport upstream fix for getBubblePackageForLogging() crash
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.170
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.130
• kernel (6.12): update to latest GKI LTS branch revision
• hardened_malloc: fix slightly non-uniform distribute of random u16 values used for randomizing slot selection, slab allocation quarantining and free slab quarantining
• hardened_malloc: improve the robustness of disabling memory tagging against theoretical issues by making it fork-safe and adding more synchronization to avoid technically undefined parallel reads of the memory tagging state
• hardened_malloc: improve handling of out-of-memory edge cases
• hardened_malloc: improve sized deallocation hardening
• libpng: backport fix for CVE-2026-33636
• App Store: update to version 36
• Vanadium: update to version 147.0.7727.111.0
• Vanadium: update to version 148.0.7778.49.0
• Vanadium: update to version 148.0.7778.60.0
• Vanadium: update to version 148.0.7778.60.1
• Vanadium: update to version 148.0.7778.96.0
• adevtool: add update-gservices-flag command for fetching gservices flags
All of the Android 16 security patches from the current June 2026, July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026050401 security preview release. List of additional fixed CVEs:
• Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0051, CVE-2026-0052, CVE-2026-0080, CVE-2026-0097, CVE-2026-21352, CVE-2026-21353, CVE-2026-27280, CVE-2026-28590, CVE-2026-28591
• High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0008, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079, CVE-2026-0084, CVE-2026-0085, CVE-2026-0086, CVE-2026-0087, CVE-2026-0088, CVE-2026-0089, CVE-2026-0091, CVE-2026-0093, CVE-2026-0094, CVE-2026-0095, CVE-2026-0096, CVE-2026-0098, CVE-2026-0099, CVE-2026-0100, CVE-2026-28572, CVE-2026-28574, CVE-2026-28577, CVE-2026-28578, CVE-2026-28580, CVE-2026-28581, CVE-2026-28582, CVE-2026-28583, CVE-2026-28585, CVE-2026-28586, CVE-2026-28588, CVE-2026-28594, CVE-2026-28596, CVE-2026-28602
https://grapheneos.org/releases#2026050400

2026-05-05 00:40:26 CEST

- reply

Yes
https://blossom.primal.net/6199a1ae40f65eb21fe666516b3a33939c93b39e6c581836f8e49acb76b96646.jpg

2026-05-04 21:54:32 CEST

The #GrapheneOS Gallery app is going to be replaced with a fork of ReFra. Here is how the app looks. It is far more complete and full of features than the original AOSP Gallery. I am sure you will like it.
https://blossom.primal.net/fff593a72e79f93448fe238f510479c1c15c8772515102b7a7870e5cf196684a.jpg
https://blossom.primal.net/52abbf4c8bfd07350448fbc3b728029b19369a754f2db2ec1e980d1093ac163c.jpg

2026-05-04 21:25:02 CEST

- reply

Reading the post, it looks like this leak was reported upstream into AOSP and was just ignored by them outright. What a mess.
We'll look into producing a fix for this ourselves and forward to the right people since they won't. If the researchers themselves also sent these things to us we could work on fixing them sooner.
Fortunately a native app needs to go out of their way to be designed to do this and certainly no app beyond this PoC is doing it right now.

2026-04-26 02:29:05 CEST

- reply

It is very real! Put a link to one race in my comment above. Also @bitcoin_racing on (not) nostr.
https://blossom.primal.net/6f1316eb1d59db7a80ec5a34af08272788d0979354c523099307f75d930bd8eb.jpg

2026-04-18 09:47:07 CEST

- reply

Not right now. The system apps handle many OS/app intents, like camera, contact management, webview and file management.

2026-04-18 09:44:42 CEST

- reply

GrapheneOS doesn't persistently store notifications unless users explicitly enable notification history. For users enabling notification history, it's a 24 hour log that's cleared as soon as the feature is disabled again. This is the standard Android Open Source Project approach.
#nevent1q…mu5c

2026-04-15 21:18:45 CEST

Privacy and security on computing devices need to become far stronger to protect people from pervasive violations of their rights. Users have their privacy pervasively violated by corporations, criminals and governments. There are endless privacy and security weaknesses in software with exploits of those happening on a large scale. Operating systems, browsers and other apps need to do a much better job protecting users. Enormous progress is needed on both privacy and security.
#GrapheneOS provides a massive upgrade for privacy and security over the standard Android Open Source Project. GrapheneOS is nowhere near good enough and we have an enormous amount of work to do improving both. Our work is an ongoing process and doesn't have an end point. Privacy and security heavily involve competition between attackers and defenders. Most defenders are making little progress and falling increasingly far behind.
Attackers continue improving their exploits of privacy and security weaknesses. Commercial exploit tools are increasingly widely deployed for broad attacks. Software has a very high density of privacy and security vulnerabilities. LLMs are accelerating both vulnerability discovery and exploit development. For most computing devices, defense is increasingly far behind offense. iOS and GrapheneOS are exceptional cases not representative of degrading privacy and security across computing devices.
Growing numbers of internet connected devices are incorporated into botnets. This harms the privacy and security of the internet as a whole through heavily pushing it towards centralization behind services such as Cloudflare. Insecure devices without security patches harm the internet as a whole. It isn't only embedded devices but also desktops, mobile devices and servers being used as part of these botnets. It isn't only people with these insecure devices who are harmed. It can get much worse.
We're building GrapheneOS to protect everyone's privacy and security. It's aimed at widespread adoption and is highly usable. It's compatible with the vast majority of Android apps. It has major privacy benefits for every user including stopping a lot of data collection by apps and services with a better permission model increasingly addressing being coerced to grant access. GrapheneOS has many users with little technical knowledge and isn't hard to install or use.
We're continuing to work on improving privacy, security, usability and app compatibility for all of our users. Contact Scopes, Storage Scopes, per-app Sensors toggle, VPN leak protection and many other features we provde are very important privacy protections. We're building alternatives to the Camera, Microphone and other permissions too. Our major improvements to exploit protections are there to protect user privacy. Privacy depends on security and that's why we heavily work on security too.
Contrary to what's often claimed, GrapheneOS is far more usable and requires far less sacrifice compared to other alternatives. Providing far better protection against sophisticated exploits isn't at the expense of that. Our opt-in sandboxed Google Play compatibility layer combines privacy and high usability. We're gradually making replacements for more Google services apps rely on. Location services, network-based location, geocoding and more has already been replaced and much more is coming.

2026-04-10 18:17:55 CEST

- reply

We are replacing the Gallery app and this will have that kind of UI.

2026-04-09 23:56:33 CEST

The alignment on the app drawer is fixed now.
https://blossom.primal.net/708e1d9d1933708aebdc37d1e6752f7298f35b75df4f62bfc355104d0640fdd8.jpg

2026-04-06 23:42:29 CEST

We need more apps with widgets. Can't make my home screen look good...

2026-04-06 14:55:09 CEST

- reply

It's an AOSP distribution like Android, but I guess for sake of where this is posted I can see why this is separate. Great to see so many people using it.

2026-04-06 14:52:12 CEST

- reply

Where have you seen this? We have the build instructions here at https://grapheneos.org/build

2026-04-06 12:17:04 CEST

- reply

Use what you want, but I really can't recommend Telegram in general when it comes to stuff like this.

2026-04-05 23:06:57 CEST

- reply

As far as I know it's not released there. Additionally not every app on F-Droid is reproducible. For the most part F-Droid are simply compiling apps from source and signing it with their own keys.

2026-04-05 15:16:25 CEST

- reply

The source code does not match the compiled binary they distribute. There is only blank example code with the bot IDs empty, while the compiled binary had it configured.

2026-04-05 13:26:29 CEST

- reply

Use the Telegram official app if you use Telegram. You're using Telegram anyway. There's not really a "hardened" alternative I recommend like Molly for Signal.

2026-04-05 12:39:57 CEST

(updated post) The Nekogram telegram client contains code that grabs your Telegram ID and phone number to send to their own bots, also some other OSINT bots mentioned. They admitted to it in their channel (@NekoUpdates) and are insulting users in the comments. Assume your number and user can be correlated at a worst case. Keep away from third party clients.
https://github.com/Nekogram/Nekogram/issues/336
https://github.com/RomashkaTea/nekogram-proof-of-logging

2026-03-27 21:39:05 CET

- reply

We are an AOSP distribution because of all the security properties it already comes with like the mandatory sandboxing of apps, permission controls, file-based disk encryption, verified boot and more. It compliments what we want out of GrapheneOS. It's an entirely reproducible free and open source project. We don't want to make an operating system using the traditional desktop Linux OS stack which sets us back on all of these things.
There's a lot of things we are against when it comes to big companies like Google but we aren't forcing people to see black and white. A lot of things of AOSP and Pixels we like, but we don't want Google to be the only company producing those things either. We don't call ourselves a degoogling project because people can use what they want on GrapheneOS. Influencing you to create an opposition is politician behavior.

2026-03-27 08:32:13 CET

- reply

The CIA could definitely hire anyone from any country they wanted to lol. Devs aren't able to commit their own code to our repos regardless and it must be peer reviewed through PRs anyone can see.

2026-03-26 09:11:57 CET

BTW, we don't have to pay you in fiat.
#nevent1q…tgwe

2026-03-25 22:32:07 CET

- reply

More things like Messaging, Keyboard, Gallery, Dialer, the prebuilt apps. Terminal is something we can look at as well but there's a lot of user experience improvements we want to make with the everyday apps.

2026-03-25 20:38:40 CET

We are hiring Android app software engineers to develop and take ownership of maintaining new #GrapheneOS default applications. This is a fully remote, worldwide position.
If you have experience in Kotlin, Jetpack Compose and shipping production Android applications with commitment to security and privacy principles, come help fruit the next chapters of GrapheneOS.
Apply:
https://grapheneos.org/hiring#android-apps-software-engineer

2026-03-21 15:07:00 CET

- reply

Those are for project account pages. There is no project page for GrapheneOS. I'm just one guy.
Updating GrapheneOS can be done via Settings app but it is usually done seamlessly and in the background. You'll receive a notification once it's installed requesting to restart. For most people it restarts on its own overnight.

2026-03-21 00:06:36 CET

Pixel 10a users can now try out our experimental release of #GrapheneOS. Help us fix any potential regressions for a stable release!
#nevent1q…jppy

2026-03-20 21:57:36 CET

#GrapheneOS version 2026032000 released. This release introduces experimental support for the Pixel 10a.
- add experimental Pixel 10a support
- Launcher: change app drawer search bar to cancelling search when the back action is invoked instead of the query becoming empty
- backport SELinux policy for CameraX extensions property used by the Pixel Camera HAL from Android 16 QPR3
- hardened_malloc: multiple small optimizations to improve performance
- kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.166
- kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.127
- kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.76
- Vanadium: update to version 146.0.7680.153.0
- adevtool: add support for keeping only certain unpacked images to help with constrained storage
- switch to cross-device gmscompat_lib key for 10th gen Pixels
- Auditor: update to version 91
All of the Android 16 security patches from the current April 2026, May 2026, June 2026, July 2026 and August 2026 Android Security Bulletins are included in the 2026032001 security preview release.
List of additional fixed CVEs:
Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0049, CVE-2026-0052, CVE-2026-0073, CVE-2026-0080
High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079
https://grapheneos.org/releases#2026032000

2026-03-20 21:47:30 CET

- reply

This is not LineageOS but MicroG's distribution of it. A confusing name.

2026-03-20 19:58:19 CET

- reply

We're yet to see this implemented in AOSP. We won't be adding sideloading restrictions.

2026-03-20 13:26:16 CET

GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our online services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.

2026-03-07 18:24:39 CET

- reply

McDonalds when they are requiring strict device integrity and OS enforcement they can be 100.00% sure that I like burgers
https://blossom.primal.net/784ae564927621a16743a487ef2fff4407b727e3680e824545691ecbed48abab.jpg

2026-03-07 18:21:52 CET

The official microG OS project (https://lineage.microg.org) leaked their private keys for logging into their servers and signing releases:
https://github.com/lineageos4microg/l4m-wiki/wiki/December-2025-security-issues
We make our official builds on local machines. Our signing machine's keys aren't ever on any storage unencrypted.
Our roadmap for improving security of verifying updates is based on taking advantage of the reproducible builds. We plan to have multiple official build locations and a configurable signoff verification system in the update clients also usable with third party signoff providers.
We don't have faith in any available commercial HSM products being more secure than keeping keys encrypted at rest on the primary local build machine. Instead, we're planning to develop software for using the secure element on #GrapheneOS phones as an HSM for signing our releases.

2026-03-07 03:19:35 CET

Proton on the news, again!? So let's bring it back!
#nevent1q…tkkc

2026-03-06 00:29:26 CET

- reply

No future devices based on current ones looking at as targets appear to be that small. Closest is the Motorola Signature which is 6.8, assuming the next gen successor is the same size as the Signature. The razr ultra is a little slimmer but 7 inches, but folds.

2026-03-06 00:25:35 CET

- reply

The device / OS pair is certified. It has some requirements that if the OEM follows them they are able to be certified. For example, Google services available, many as privileged components. While we have sandboxed Google Play that is still not sufficient. Some users don't have a play services implementation at all.
So while some OEMs make awfully changed Android releases, ours is left in the dirt there. We don't try for Google certifications.

2026-03-06 00:20:00 CET

- reply

Imagine it is too late. Will be using the Qualcomm SOC secure element. OpenTitan also isn't built for Android (Titan M2 is based off of this), so there would have to be someone willing to manufacture secure elements and support the Android APIs, etc.
Regardless this article is seriously great news.

2026-03-05 09:40:53 CET

- reply

I'm far from a bitcoiner... Strongly dislike maxi groupthink. That post is about funds being moved out of bitcoin and into monero. My following list is mostly devs or xmr. Not sure how praising an availability of a service to offload received funds into xmr is giving up ideals... unless the ideal was being bitcoin only or something? I think people can use what they want.
A ton of privacy features for on-chain bitcoin like Silent Payments are just under adopted (most are just users of one wallet that is on a smartphone) that recieving LN and ramping out into Monero is a much more likely outcome. You're likely to get an LN or XMR address to send/receive to a merchant than a SP address today. Hope it changes.
Nostr users are there because it is almost entirely centred around Lightning. The best clients for it are too. Monero oriented clients are often weird forks or too new to recommend anywhere for my taste. I'm pretty strict on keeping away from software that is new or experimental.
I do want to see improvements on more wallets adopting SPs (big fan of Sparrow) and Nostr clients outside of bitcoinery though

2026-03-05 09:08:26 CET

- reply

Obviously they'd avoid using a different currency to transact as much as possible.

2026-03-05 09:05:06 CET

- reply

This comment, but I'm mostly talking about recieving funds online. A monero user wouldn't store any funds in Lightning, they simply swap what they recieve into Monero or swap out to make a transaction immediately.
If I had problems with swap services or Spark knowing too much I'd roll funds out to other wallets. This is including both the LN or XMR side. For a long time I off-ramped zaps into other LN wallets or swapped them already.

2026-03-04 22:30:26 CET

- reply

It gets people to gateway into Monero far easier. A lot of concepts people are familiar with in cryptocurrency spaces do not exist or matter in Monero either due to a different climate or technical differences.
You definitely have to be a more technically inclined and aware person to use XMR (this can also be considered a merit) so I think having swaps to/from assets with greater mini economies greatly decreases the entry barrier.

2026-03-04 22:26:41 CET

- reply

XMR can be difficult to receive for new users. Having a lightning address to receive funds that can be swapped is significant. Lightning is very popular amongst smaller purchases and online stores. I buy a fair amount of living resources using ZEUS.
I mention Nostr specifically since Nostr is almost entirely oriented around Lightning. Nostr clients oriented around other assets are often lesser maintained and more risky. These clients are a security haunted houses to begin with. Better to have some sort of LN address to receive and then swap for people into that imo.

2026-03-04 22:19:41 CET

- reply

Yes. Swapping opening up access to a lot of vendors in both teams to make private purchases with one another.
Especially helpful at this current moment since on-chain BTC privacy features like Silent Payments are seldom adopted except for Cake Wallet and partially in Sparrow Wallet. SP to XMR swap far less likely to be than XMR/LNBTC as of right now.

2026-03-04 21:36:08 CET

Lightning support in Cake Wallet should be huge for XMR nostr users
https://blossom.primal.net/d93fa65cb5fc9f0ed35c9a1371fd3be9273c7693b1912e76072ee6296eaab767.jpg

2026-03-04 21:25:20 CET

- reply

...you can argue that Windows was already full of sketchy bloatware without the OEMs bundling bullshit too. it's really sad to see what has been going on with Windows in recent times.

2026-03-04 21:22:14 CET

- reply

If you mean modified as in installed another OS, barely any in this case. They're all non-Google certified operating systems so Play Integrity hardware attestation can force apps not to work on LineageOS, CalyxOS etc.

2026-03-04 21:20:52 CET

- reply

Thanks!

2026-03-04 21:20:24 CET

- reply

There's nothing to mitigate in the first place. It has nothing to do with GrapheneOS or smartphones. Every Windows laptop vendor has bundled sketchy bloatware in the past and many still do in the present. Security research targets are encouraged, feel free to find something, anything, in these devices that you think are off. Use a non-Motorola device if you want to choose based on pure vibes or you don't like them for any other reason. If you're an OEM, contact us and work with us.
If you really have to get to the details then Superfish is not installed by the firmware but was bundled operating system software and was trivially discovered. Obviously, there's no such thing that will happen here or GrapheneOS, it would be caught by our (very) vigilant users and I know I put the rep on the line saying that.
>now these assholes control the bootloader, the baseband
The bootloader is a standard littlekernel-based Android bootloader. The baseband is Qualcomm's, part of their SoC. Our device requirements on the site state explicitly radios must be isolated and that sensitive data cannot be accessed at the bootloader (working verified boot, zeroing memory left over from the OS, etc.), we are very conscious about that and received bounties for discovering and patching security deficiencies in bootloaders targeting Pixels that were exploited in the wild.
We'll be having involvement in the driver and firmware side of things. Working to improve their security posture and harden their stock OS and firmware is part of the partnership.

2026-03-03 21:56:10 CET

New update of #GrapheneOS with this month's full security patch level. With the security preview release, all of the Android 16 security patches from the current March 2026, April 2026, May 2026, June 2026, July 2026 and August 2026 Android Security Bulletins are here too.
#nevent1q…jy3v

2026-03-03 21:47:51 CET

- reply

What we need more than funding is development resources really. It would be nice to make major improvements to GrapheneOS before devices come out, especially the usability front so we have an even better experience for the tons of new users who would arrive. Motorola could try help us with this (GrapheneOS obviously will remain free and open source).
We are hiring a few new devs for this too.

2026-03-03 08:42:05 CET

- reply

This is what we will be working towards, yes. If we can get devices to come with GrapheneOS that's a plus.

2026-03-03 07:43:01 CET

- reply

The upcoming devices' Qualcomm processors have secure elements. They work fine to meet our functionality requirements. Not like Titan M2 in Pixels but still better than most.

2026-03-03 07:40:42 CET

- reply

As a non-profit we do not take funding with strings attached.
We advise Motorola on what they need for their next devices and in return we can get a device supporting GrapheneOS. We'll be working to also provide lower level hardening for them. They'll also work to introduce some features to their stock OS. We are using partnership to get help with their partner access to see sources to better prepare ourselves for porting to major versions.
We will be working on GrapheneOS for Motorola and it will be the exact same as Pixels in that regard, we distribute updates, etc.
The other contents of the announcements are other, unrelated topics.

2026-03-03 05:52:00 CET

- reply

You will have devices to install GrapheneOS onto, hopefully we can have a device able to come with GrapheneOS as well. The former is much more important.

2026-03-03 05:50:56 CET

- reply

You will have devices to install GrapheneOS onto. Hopefully we can have a device able to come with GrapheneOS as well. The former is much more important.

2026-03-02 23:48:32 CET

- reply

Devices will be worked for 2027. Motorola and us will announce further progressions with the partnership in the future.

2026-03-02 23:40:39 CET

With Motorola, there will be at least one officially supported flagship device to run GrapheneOS around 2027, but once we have one we should be able to add the other flagship variants too and we will work to broaden our device support where possible.
If you want examples of Motorola devices that have been close to meeting GrapheneOS requirements so far, then the latest Motorola Signature, Motorola razr fold and razr ultra are some. You can expect possible successors to these devices to have support.
Through this partnership we also hope to see some security improvements provided in #GrapheneOS implemented into the Motorola stock operating system. We want OEMs to improve their security practices across the board.
GrapheneOS for Motorola devices, like on Pixels, will be developed by us, with updates distributed by us. You will not be missing any features either.
#nevent1q…wxlv

2026-03-02 20:46:33 CET

- reply

We are absolutely open to more OEM partners providing they can produce the devices we need. They'd need to be very committed to helping us as we will have our time occupied working with Motorola as well.

2026-03-02 19:02:06 CET

- reply

The Signature is their leading flagship device outside of their foldables. We were held back from supporting this device because Qualcomm didn't have production memory tagging security features yet. With the next generation processors we have been told they absolutely will.
This could hopefully open up support for more devices down the line too with Qualcomm adopting everything we need now.

2026-03-02 18:57:16 CET

- reply

Unfortunately GrapheneOS will not be a Google certified operating system. We are still continuing taking actions to try and stop these anticompetitive practices from Google. We also hope additional partnerships with major brands can create pressure to support GrapheneOS.
We hope to work with Motorola to provide some GrapheneOS features to their stock operating system too.

2026-03-02 18:52:29 CET

- reply

We aim to have officially supported devices by 2027.

2026-03-02 18:50:32 CET

- reply

Thank you!

2026-03-02 16:33:46 CET

- reply

Signature is about 3.3XMR on retail right now but everyone knows prices fluctuate and offers come around. Also that device itself is still pretty new with a 7 year update commitment.

2026-03-02 16:33:07 CET

- reply

It will initially be Motorola's flagship devices but could trickle down to other devices in the future. If you want an idea of their flagships look at the Motorola Signature (2026) and Motorola Razr Fold (2026) for the current generation ones not quite meeting our requirements yet. It will be upcoming devices similar to these.

2026-03-02 16:16:32 CET

- reply

Completely unrelated but I see it discussed, it was Gold Apollo who were actually the manufacturers of the pagers that exploded in the pager attack. This isn't to shift blame to them since an extremely resourceful and capable agency like Mossad are obviously able to purchase a product in bulk, tamper bombs into them and redistribute without the original manufacturer's awareness. It could really have been any brand, any model.

2026-03-02 16:09:25 CET

- reply

Because they are talking about pagers, I am assuming this is about Motorola Solutions (the US telecoms and security company) which is an entirely separate company with different owners.
We're working with the subsidiary of Lenovo called Motorola Mobility. Motorola Solutions has no involvement or connection to us or our partnership. They have a shared heritage and name since both were created out of the original Motorola company which were split apart over a decade ago. Think of it like an HMD/Nokia situation where another company is using a famous historic phone brand.
We have not contacted anyone at Motorola Solutions. They don't produce smart phones so I don't think there would be much to discuss anyways.

2026-03-02 13:37:31 CET

An important announcement from us at the #GrapheneOS project:
#nevent1q…lea5

2026-03-02 12:58:45 CET

- reply

Yes it is true.
Motorola split apart over a decade ago so there are two major companies with similar branding now. We are working with the Lenovo company who has the historic smartphone brand. It shouldn't be confused with Motorola Solutions, the security and communications equipment manufacturer.

2026-03-02 06:13:20 CET

- reply

As announced it will be their next-generation smartphone.

2026-03-02 06:03:29 CET

We are happy to announce a long-term partnership with Motorola. Together, we will collaborate on new future devices that meet our stringent privacy and security standards.
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
#GrapheneOS

2026-02-27 19:36:23 CET

- reply

Like WiFi calling, you can also send and receive texts over WiFi if your network provider supports it. This is expected behaviour.
Airplane Mode disables the cellular radio and works as it should, mobile network features outside of the cell network is a separate thing.

2026-02-21 16:07:18 CET

- reply

They will be announcing it, not us ☝️

2026-02-21 12:11:01 CET

This March we hope to officially announce our OEM partner whose future devices shall work to support GrapheneOS.

2026-02-14 06:42:28 CET

Our latest #GrapheneOS release adds a sandboxed Google Play toggle for extending RCS compatibility in Google Messages to the rest of the carriers supporting it by granting ICC authentication access to sandboxed Play services. T-Mobile is the main one requiring it.
https://grapheneos.org/releases#2026021200

2026-02-07 10:09:33 CET

This update implements cross-SIM calling support (making calls using a SIM via the mobile data provided by another SIM similarly to Wi-Fi calling) and the security preview variant applies security patches previewed for upstream Android in August of 2026!
#nevent1q…fgu8

2026-02-04 20:43:58 CET

- reply

>What are you currently identifying as Graphene's weak spots?
From a security standpoint, the Linux kernel is a liability. Most patches are upstream Linux kernel security bugs. It's a large attack surface. Android distributions also don't patch the kernel completely unlike us where we push the latest GKI per update. Our Linux hardening work can be made redundant if it was replaced with a something more designed for security like a microkernel.
From a user experience, the default apps aren't great with exception to our own apps like Vanadium, Camera etc. These are AOSP apps. New apps made in Kotlin with the modern Material 3 Expressive UIs are needed. Would also need the same licensing as AOSP does.
>What about the underlying reliance on proprietary hardware?
Always will be a thing for any device you are using. You can't guarantee designs match the product nor are you TSMC making your own processors with billion dollar manufacturing plants. Even the "free" "open" devices the FSF like to promote aren't truly open, they just have entirely proprietary hardware with embedded firmware so they do not allow the user to update in the OS. Linux-Libre blocked alerts for CPU vulns like Meltdown and Spectre (can be exploited remotely) and the distros don't usually deliver microcode to patch that either.
>How do you perceive the future and how can we contribute to funding it?
We are still continuing the partnership with our OEM. We hope to have devices by the next year as their 2026 Qualcomm devices missed deploying ARMv9 security features (iirc, would need to check with another team member). The OEM should make a formal announcement in the not so late future.
A lot of usability and accessibility improvements are on the way, and it would be nice to have better default apps in time for more supported devices in 2027. We are trying to hire devs and want to expand.
Funding wise we still rely on donations, but fortunately we get regular donations and are well resourced. People and talent is important.

2026-02-04 20:19:57 CET

- reply

>Have you looked into the blocking of app trackers?
We choose to leave people into using a VPN that blocks these or a DNS app like RethinkDNS which actually allows adding a VPN to it.
DNS filtering makes users stand out from other users with the same VPN (or no VPN) unless it's provided as a standard VPN feature which most users have activated. It's why we recommend using VPN provider DNS filtering.
Most data collection is also connected through the same domains as the actual service, so you can't actually block them. If a service did not, they could easily choose to. We believe it would be bad to give users a false sense of privacy in that way when features like Storage Scopes actually do that. If you go to Exodus' page for Facebook Lite they would say it had 0 trackers, but you still wouldn't use Facebook.

2026-02-04 20:04:03 CET

- reply

BTW Vanadium now uses a JIT interpreter so WASM works without JIT now. Briefly checking your app it appears to work with JIT disabled for me.

2026-02-01 16:57:41 CET

- reply

Not my npub anymore! But see the Project Account mastodon bridge reply.

2026-02-01 15:43:43 CET

[email protected]
#nevent1q…gw72

2026-02-01 15:06:19 CET

- reply

If you were curious, I have been using Minibits ecash for recieving and then offramping to Phoenix Wallet. Phoenix provides an incredibly quick and easy set up. Just works. Hoping to combine both with using ZEUS.

2026-02-01 14:23:30 CET

Finally working to go all in on using ZEUS.

2026-02-01 03:22:31 CET

Proud to say my 'Never Went to Black Hat' award is looking very shiny right now.

2026-01-31 23:20:35 CET

- reply

We have tested running desktop Linux GUI apps before including LibreOffice. It can certainly be a thing in the future.
#nevent1q…gq9j

2026-01-31 19:27:38 CET

- reply

It's a hardened Signal fork with passphrase encryption for the message database, better notifications on devices without Google Play and support for pairing your messages to multiple devices. If you use Signal I strongly recommend it.
It's available in Accrescent so there is a root of trust between GrapheneOS -> Accrescent -> Molly.

2026-01-31 19:23:21 CET

- reply

As our original announcement mentioned it is English first. We do plan to support other languages and also internationalisation of GrapheneOS in the future.

2026-01-31 11:44:44 CET

- reply

also worth mentioning FBE is a big plus compared to Full Disk Encryption (FDE) which was the legacy Android encryption and the encryption desktop OSes like Windows and Linux use. If you have the keys to decrypt the disk then it would be possible to decrypt the unallocated space in FDE since it's all one key, so you'd be relying on TRIM if you are using an SSD to prevent recovery of deleted data.

2026-01-31 11:10:21 CET

- reply

The video is very old and most Android devices didn't use disk encryption by default, so a physical extraction (image of the entire flash storage) could allow recovering deleted files from carving unallocated space. Nowadays Android uses a "file-based encryption" (FBE) where all data is encrypted with separate derived keys for each file, directory and symbolic link. Deleting the file loses the keys and recovery is impossible.
If you can recover data that is deleted from an app, it means the app is caching it when it shouldn't be and it's a flaw they would need to fix. I don't recall this being an issue with Signal but if you can extract the app data before the message database is rebuilt for deleted messages then you'd be in luck. You could kill an app and prevent it cleaning up it's DB. This is something you can apply to every messenger though.
Getting this data requires as much as a full filesystem extraction (FFS) to extract the application /data directory where the message databases are. Cellebrite has no extraction support for GrapheneOS according to themselves. No specification on what the most they can extract from an unlocked device is, but assume that all forensic tools get this data anyway.
Molly lets you encrypt the message database with a passphrase, so it wouldn't be accessible regardless of if there was a FFS extraction and a flaw in Signal keeping the messages.

2026-01-31 04:54:40 CET

- reply

It is a well known brand you absolutely will have heard of. The device we will support GrapheneOS will be distributed in many countries.

2026-01-31 04:50:09 CET

As our fully local text to speech engine is deployed in GrapheneOS soon, this will be the first of hopefully many major usability advancements in GrapheneOS for the year and next. With the OEM partnership developing and later generation flagship hardware providing more of what GrapheneOS needs for features, improving usability and accessibility will help for the influx of new users we will hope to welcome.
It is a good time to remind you that GrapheneOS is hiring remote developers. We have been for a while:
https://grapheneos.org/hiring

2026-01-31 04:24:55 CET

This is a tablet PC with Cellebrite UFED, a mobile forensics acquisition software. Users plug a target device into it where it then will attempt to extract as much data on the device as possible. The software on the laptop is Physical Analyser which is for forensic analysis.
This video is dated, and Cellebrite UFED's UI, logo and capabilities have changed a lot since the video was released. This tool is also not exclusive to UK law enforcement and there are also competitor solutions, which many countries around the world use plus the competitors.
Cellebrite sell a variant of this product named Cellebrite Premium. The difference to standard UFED and Premium is that Premium comes with wider device extraction support through zero-day exploits. As described it also allows extraction of vulnerable devices that are locked.
https://blossom.primal.net/70c8041bacfdf399f99091a738b2e84f6a8be2f0b9cff4b497fd23ff2a153db9.jpg
https://blossom.primal.net/9b70e3d06fb8614a14b3d0a60d336987797cd6ca1d1815debb31a3ab29daa9bb.jpg
This business model is not exclusive. XRY Pro (MSAB) and GrayKey (Magnet Forensics) are other exclusive forensic tools. Cellebrite are the second-oldest of the three companies (on joining the forensics market) but are one of the most capable thanks to their funding and location.
How and if these tools are able to extract your device's data depends on:
- The device you are using
- The installed OS and version
- The lock state of the device
- Configured security settings of the device
- Strength of your phone's unlock credential
For a locked device exploiting security vulnerabilities is required to extract data almost all of the time. There are two different device lock states on Android and iOS: After first unlock (AFU, Hot) and before first unlock (BFU, Cold). This is due to how encryption works.
Modern Android and iOS encrypt all users' data by default with keys derived from the user's credentials. When a device is unlocked once, data is no longer encrypted at rest and is accessible during that boot session. When a device is BFU, all sensitive data is at rest.
Data not being at rest provides more OS attack surface to exploit bypassing lock screens or other measures and access to the data without needing the original PIN/password to decrypt it. For BFU devices brute forcing is required to decrypt data first and the only data not encrypted is a minimal footprint of the OS used for unlocking the device and global OS configuration and metadata.
To make extraction impossible make sure your device is powered off and you use a secure, high-entropy passphrase before seizure. GrapheneOS provides a configurable, automatic inactivity reboot feature.
We also provide several other countermeasures to these tools as well. GrapheneOS locked devices as a whole is unsupported by Cellebrite.
If you are an opposition activist in a high-risk country you should be concerned about potential attacks from such tools. They have been abused to target activists in numerous countries like Serbia and Jordan.
https://citizenlab.ca/research/from-protest-to-peril-cellebrite-used-against-jordanian-civil-society/
https://www.amnesty.org/en/latest/news/2024/12/serbia-authorities-using-spyware-and-cellebrite-forensic-extraction-tools-to-hack-journalists-and-activists/
Despite if a business claims this use of their product like this is unauthorised, it doesn't change the fact that they will be used like this again, that they don't know about it until after it has violated someone's rights and that the security vulnerabilities remain unpatched.
GrapheneOS provides an auto-reboot to put data at rest, a USB-C port control to disable data transfer or the port entirely when booted into the OS, clearing sensitive data of memory and exploit protection features.
#nevent1q…u038

2026-01-31 04:14:54 CET

- reply

The post says: We've built our own text-to-speech system with an initial English language model we trained ourselves with fully open source data. It will be added to our App Store soon and then included in GrapheneOS as a default enabled TTS backend once some more improvements are made to it.
We're going to build our own speech-to-text implementation to go along with this too. We're starting with an English model for both but we can add other languages which have high quality training data available. English and Mandarin have by far the most training data available.
Existing implementations of text-to-speech and speech-to-text didn't meet our functionality or usability requirements. We want at least very high quality, low latency and robust implementations of both for English included in the OS. It will help make GrapheneOS more accessible.
Our full time developer working on this already built their own Transcribro app for on-device speech-to-text available in the Accrescent app store. For GrapheneOS itself, we want actual open source implementations of these features rather than OpenAI's phony open source though.
Whisper is actually closed source. Open weights is another way of saying permissively licensed closed source. Our implementation of both text-to-speech and speech-to-text will be actual open source which means people can actually fork it and add/change/remove training data, etc.

2026-01-30 22:39:54 CET

You may have been aware of my posts about TTS / SST. Heres more info:
#nevent1q…30n0

2026-01-29 18:49:22 CET

- reply

This tool requires physical access. The officially described purpose of it is for digital forensics of seized evidence so how the device is handled is a big deal to them. You plug the device into the tablet or workstation and it will extract the device's data if unlocked or brute force / exploit the device to access data and extract if locked.

2026-01-25 15:23:50 CET

Seeing Proton get heat on social media for their marketing again so lets repost this. Treat these email services for what they are: Alternatives to Gmail or Outlook with a security perspective and automated encryption features.
Yes, people on social media can't read, but IMO they should approach their service in a different way ("A reasonably secure email provider" is my suggestion) If they don't want people ratioing them all the time... Most of these people getting the wrong answer is because their site can be pretty ambiguous about the technical details without searching a few pages deep for it. Posteo is an email provider that does openly clarify they can be compelled to intercept incoming emails in a better way than how Proton says it.
Still doesn't mean these services are a bad thing though.
#nevent1q…ltja

2026-01-24 21:18:27 CET

- reply

2027

2026-01-23 20:05:33 CET

- reply

TLDR: Use a secure passphrase if you want the device protected against any resourceful actor
When most distros provide encryption with LUKS they at least ask you to set up a credential. Almost all distros just ask for a password. They don't seamlessly allow setting up in other ways in a UI like BitLocker does or in the installer. You often need to read up on docs and such which can be tiresome.
LUKS full disk encryption in how most users would know it would only be safe if they used a long, secure passphrase that would be impossible to brute force. A short 6 digit numeric PIN works for some phones because a secure element throttles unlock attempts but would be brute forced very quickly on LUKS, VeraCrypt and so on because they aren't using a TPM for throttling.
Secureblue (hardened Linux distro we like) supports LUKS with TPM and also FIDO2.

2026-01-23 14:22:38 CET

- reply

There is also a way bigger flaw beyond this, and that is this Device Encryption feature (and by extension BitLocker) has **no PIN or password**. The device will just decrypt itself by powering on as it only uses the PC's TPM. The only threat this kind of protects against is the hard disk being removed from the PC. It doesn't prevent someone exploiting the OS to extract data like you commonly see in mobile device forensic tools...
This request for the recovery key is just to allow law enforcement to access the data while the hard disk is removed from the seized PC, because they insert hard disks into write blocked imaging kits to create a forensic clone of it's data to analyse with.
Back before TPMs were widely embedded into CPU firmware it wasn't common to see them get sniffed to get the keys. Anyone could do it too:
https://pulsesecurity.co.nz/articles/TPM-sniffing
BitLocker has a TPM+PIN, TPM+Key and TPM+PIN+Key pre-boot authentication setting but you need to tinker on Group Policy to do that. You'd also need to enable other policies to make the PIN an alphanumeric password...

2026-01-22 23:18:11 CET

Late to post about this but the security preview variant of this release fixes SIX **CRITICIAL** CVEs that will not be fixed elsewhere for a while except in #GrapheneOS because security patches are not included into an Android Security Bulletin until around 3-4 months after their release.
- Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044
OEMs do not deliver security patches in a timely manner. In a rare case it is sometimes only done in part, and often will only do so after the ASB is released. That dangerously long period of security vulnerabilities being known and unlatched is unacceptable.
#nevent1q…xnza

2026-01-21 14:24:52 CET

Last two Vanadium updates provided some functionality improvements:
The upstream motion sensors toggle for the browser is improved with a per-site toggle for the sensors per site (Vanadium already had the global toggle disabled by default).
Our inbuilt content filtering also adds support for additional supplementary language/regional content filters. Users with a set language will get EasyList filters plus the filter of their respective language. This supports Arabic, Bulgarian, Spanish, French, German, Hebrew, Indian, Indonesian, Italian, Korean, Lithuanian, Latvian, Dutch, Nordic, Polish, Portuguese, Romanian, Russian, Vietnamese and Chinese. #GrapheneOS
#nevent1q…l35a

2026-01-18 16:02:05 CET

- reply

This is known. It's a developer option and far from stable for daily usage. It will be looked at more once upstream improves it as well, unless we get the resources.