Final

Digital forensics and security specialist part of the GrapheneOS project.

Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored.

Matrix: f1nal:grapheneos.org

Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

NIP-05 Address

[email protected]

Profile Code

nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgspz3mhxue69uhhyetvv9ujuerpd46hxtnfdu42ql40

Publishing to

relay.damus.io

Author Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

Show more details

Last Notes

2026-03-07 17:24:39 UTC

- reply

McDonalds when they are requiring strict device integrity and OS enforcement they can be 100.00% sure that I like burgers
https://blossom.primal.net/784ae564927621a16743a487ef2fff4407b727e3680e824545691ecbed48abab.jpg

2026-03-07 17:21:52 UTC

The official microG OS project (https://lineage.microg.org) leaked their private keys for logging into their servers and signing releases:
https://github.com/lineageos4microg/l4m-wiki/wiki/December-2025-security-issues
We make our official builds on local machines. Our signing machine's keys aren't ever on any storage unencrypted.
Our roadmap for improving security of verifying updates is based on taking advantage of the reproducible builds. We plan to have multiple official build locations and a configurable signoff verification system in the update clients also usable with third party signoff providers.
We don't have faith in any available commercial HSM products being more secure than keeping keys encrypted at rest on the primary local build machine. Instead, we're planning to develop software for using the secure element on #GrapheneOS phones as an HSM for signing our releases.

2026-03-07 02:19:35 UTC

Proton on the news, again!? So let's bring it back!
#nevent1q…tkkc

2026-03-05 08:05:06 UTC

- reply

This comment, but I'm mostly talking about recieving funds online. A monero user wouldn't store any funds in Lightning, they simply swap what they recieve into Monero or swap out to make a transaction immediately.
If I had problems with swap services or Spark knowing too much I'd roll funds out to other wallets. This is including both the LN or XMR side. For a long time I off-ramped zaps into other LN wallets or swapped them already.

2026-03-04 21:26:41 UTC

- reply

XMR can be difficult to receive for new users. Having a lightning address to receive funds that can be swapped is significant. Lightning is very popular amongst smaller purchases and online stores. I buy a fair amount of living resources using ZEUS.
I mention Nostr specifically since Nostr is almost entirely oriented around Lightning. Nostr clients oriented around other assets are often lesser maintained and more risky. These clients are a security haunted houses to begin with. Better to have some sort of LN address to receive and then swap for people into that imo.

2026-03-04 21:19:41 UTC

- reply

Yes. Swapping opening up access to a lot of vendors in both teams to make private purchases with one another.
Especially helpful at this current moment since on-chain BTC privacy features like Silent Payments are seldom adopted except for Cake Wallet and partially in Sparrow Wallet. SP to XMR swap far less likely to be than XMR/LNBTC as of right now.

2026-03-04 20:36:08 UTC

Lightning support in Cake Wallet should be huge for XMR nostr users
https://blossom.primal.net/d93fa65cb5fc9f0ed35c9a1371fd3be9273c7693b1912e76072ee6296eaab767.jpg

2026-03-04 20:22:14 UTC

- reply

If you mean modified as in installed another OS, barely any in this case. They're all non-Google certified operating systems so Play Integrity hardware attestation can force apps not to work on LineageOS, CalyxOS etc.

2026-03-04 20:20:24 UTC

- reply

There's nothing to mitigate in the first place. It has nothing to do with GrapheneOS or smartphones. Every Windows laptop vendor has bundled sketchy bloatware in the past and many still do in the present. Security research targets are encouraged, feel free to find something, anything, in these devices that you think are off. Use a non-Motorola device if you want to choose based on pure vibes or you don't like them for any other reason. If you're an OEM, contact us and work with us.
If you really have to get to the details then Superfish is not installed by the firmware but was bundled operating system software and was trivially discovered. Obviously, there's no such thing that will happen here or GrapheneOS, it would be caught by our (very) vigilant users and I know I put the rep on the line saying that.
>now these assholes control the bootloader, the baseband
The bootloader is a standard littlekernel-based Android bootloader. The baseband is Qualcomm's, part of their SoC. Our device requirements on the site state explicitly radios must be isolated and that sensitive data cannot be accessed at the bootloader (working verified boot, zeroing memory left over from the OS, etc.), we are very conscious about that and received bounties for discovering and patching security deficiencies in bootloaders targeting Pixels that were exploited in the wild.
We'll be having involvement in the driver and firmware side of things. Working to improve their security posture and harden their stock OS and firmware is part of the partnership.

2026-03-03 20:56:10 UTC

New update of #GrapheneOS with this month's full security patch level. With the security preview release, all of the Android 16 security patches from the current March 2026, April 2026, May 2026, June 2026, July 2026 and August 2026 Android Security Bulletins are here too.
#nevent1q…jy3v

2026-03-03 06:40:42 UTC

- reply

As a non-profit we do not take funding with strings attached.
We advise Motorola on what they need for their next devices and in return we can get a device supporting GrapheneOS. We'll be working to also provide lower level hardening for them. They'll also work to introduce some features to their stock OS. We are using partnership to get help with their partner access to see sources to better prepare ourselves for porting to major versions.
We will be working on GrapheneOS for Motorola and it will be the exact same as Pixels in that regard, we distribute updates, etc.
The other contents of the announcements are other, unrelated topics.

2026-03-03 04:52:00 UTC

- reply

You will have devices to install GrapheneOS onto, hopefully we can have a device able to come with GrapheneOS as well. The former is much more important.

2026-03-02 22:48:32 UTC

- reply

Devices will be worked for 2027. Motorola and us will announce further progressions with the partnership in the future.

2026-03-02 22:40:39 UTC

With Motorola, there will be at least one officially supported flagship device to run GrapheneOS around 2027, but once we have one we should be able to add the other flagship variants too and we will work to broaden our device support where possible.
If you want examples of Motorola devices that have been close to meeting GrapheneOS requirements so far, then the latest Motorola Signature, Motorola razr fold and razr ultra are some. You can expect possible successors to these devices to have support.
Through this partnership we also hope to see some security improvements provided in #GrapheneOS implemented into the Motorola stock operating system. We want OEMs to improve their security practices across the board.
GrapheneOS for Motorola devices, like on Pixels, will be developed by us, with updates distributed by us. You will not be missing any features either.
#nevent1q…wxlv

2026-03-02 17:57:16 UTC

- reply

Unfortunately GrapheneOS will not be a Google certified operating system. We are still continuing taking actions to try and stop these anticompetitive practices from Google. We also hope additional partnerships with major brands can create pressure to support GrapheneOS.
We hope to work with Motorola to provide some GrapheneOS features to their stock operating system too.

2026-03-02 15:33:46 UTC

- reply

Signature is about 3.3XMR on retail right now but everyone knows prices fluctuate and offers come around. Also that device itself is still pretty new with a 7 year update commitment.

2026-03-02 15:33:07 UTC

- reply

It will initially be Motorola's flagship devices but could trickle down to other devices in the future. If you want an idea of their flagships look at the Motorola Signature (2026) and Motorola Razr Fold (2026) for the current generation ones not quite meeting our requirements yet. It will be upcoming devices similar to these.

2026-03-02 12:37:31 UTC

An important announcement from us at the #GrapheneOS project:
#nevent1q…lea5

2026-03-02 05:13:20 UTC

- reply

As announced it will be their next-generation smartphone.

2026-03-02 05:03:29 UTC

We are happy to announce a long-term partnership with Motorola. Together, we will collaborate on new future devices that meet our stringent privacy and security standards.
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
#GrapheneOS

2026-02-27 18:36:23 UTC

- reply

Like WiFi calling, you can also send and receive texts over WiFi if your network provider supports it. This is expected behaviour.
Airplane Mode disables the cellular radio and works as it should, mobile network features outside of the cell network is a separate thing.

2026-02-21 15:07:18 UTC

- reply

They will be announcing it, not us ☝️

2026-02-21 11:11:01 UTC

This March we hope to officially announce our OEM partner whose future devices shall work to support GrapheneOS.

2026-02-01 15:57:41 UTC

- reply

Not my npub anymore! But see the Project Account mastodon bridge reply.

2026-02-01 13:23:30 UTC

Finally working to go all in on using ZEUS.

2026-01-31 18:27:38 UTC

- reply

It's a hardened Signal fork with passphrase encryption for the message database, better notifications on devices without Google Play and support for pairing your messages to multiple devices. If you use Signal I strongly recommend it.
It's available in Accrescent so there is a root of trust between GrapheneOS -> Accrescent -> Molly.

2026-01-31 10:10:21 UTC

- reply

The video is very old and most Android devices didn't use disk encryption by default, so a physical extraction (image of the entire flash storage) could allow recovering deleted files from carving unallocated space. Nowadays Android uses a "file-based encryption" (FBE) where all data is encrypted with separate derived keys for each file, directory and symbolic link. Deleting the file loses the keys and recovery is impossible.
If you can recover data that is deleted from an app, it means the app is caching it when it shouldn't be and it's a flaw they would need to fix. I don't recall this being an issue with Signal but if you can extract the app data before the message database is rebuilt for deleted messages then you'd be in luck. You could kill an app and prevent it cleaning up it's DB. This is something you can apply to every messenger though.
Getting this data requires as much as a full filesystem extraction (FFS) to extract the application /data directory where the message databases are. Cellebrite has no extraction support for GrapheneOS according to themselves. No specification on what the most they can extract from an unlocked device is, but assume that all forensic tools get this data anyway.
Molly lets you encrypt the message database with a passphrase, so it wouldn't be accessible regardless of if there was a FFS extraction and a flaw in Signal keeping the messages.

2026-01-31 03:24:55 UTC

This is a tablet PC with Cellebrite UFED, a mobile forensics acquisition software. Users plug a target device into it where it then will attempt to extract as much data on the device as possible. The software on the laptop is Physical Analyser which is for forensic analysis.
This video is dated, and Cellebrite UFED's UI, logo and capabilities have changed a lot since the video was released. This tool is also not exclusive to UK law enforcement and there are also competitor solutions, which many countries around the world use plus the competitors.
Cellebrite sell a variant of this product named Cellebrite Premium. The difference to standard UFED and Premium is that Premium comes with wider device extraction support through zero-day exploits. As described it also allows extraction of vulnerable devices that are locked.
https://blossom.primal.net/70c8041bacfdf399f99091a738b2e84f6a8be2f0b9cff4b497fd23ff2a153db9.jpg
https://blossom.primal.net/9b70e3d06fb8614a14b3d0a60d336987797cd6ca1d1815debb31a3ab29daa9bb.jpg
This business model is not exclusive. XRY Pro (MSAB) and GrayKey (Magnet Forensics) are other exclusive forensic tools. Cellebrite are the second-oldest of the three companies (on joining the forensics market) but are one of the most capable thanks to their funding and location.
How and if these tools are able to extract your device's data depends on:
- The device you are using
- The installed OS and version
- The lock state of the device
- Configured security settings of the device
- Strength of your phone's unlock credential
For a locked device exploiting security vulnerabilities is required to extract data almost all of the time. There are two different device lock states on Android and iOS: After first unlock (AFU, Hot) and before first unlock (BFU, Cold). This is due to how encryption works.
Modern Android and iOS encrypt all users' data by default with keys derived from the user's credentials. When a device is unlocked once, data is no longer encrypted at rest and is accessible during that boot session. When a device is BFU, all sensitive data is at rest.
Data not being at rest provides more OS attack surface to exploit bypassing lock screens or other measures and access to the data without needing the original PIN/password to decrypt it. For BFU devices brute forcing is required to decrypt data first and the only data not encrypted is a minimal footprint of the OS used for unlocking the device and global OS configuration and metadata.
To make extraction impossible make sure your device is powered off and you use a secure, high-entropy passphrase before seizure. GrapheneOS provides a configurable, automatic inactivity reboot feature.
We also provide several other countermeasures to these tools as well. GrapheneOS locked devices as a whole is unsupported by Cellebrite.
If you are an opposition activist in a high-risk country you should be concerned about potential attacks from such tools. They have been abused to target activists in numerous countries like Serbia and Jordan.
https://citizenlab.ca/research/from-protest-to-peril-cellebrite-used-against-jordanian-civil-society/
https://www.amnesty.org/en/latest/news/2024/12/serbia-authorities-using-spyware-and-cellebrite-forensic-extraction-tools-to-hack-journalists-and-activists/
Despite if a business claims this use of their product like this is unauthorised, it doesn't change the fact that they will be used like this again, that they don't know about it until after it has violated someone's rights and that the security vulnerabilities remain unpatched.
GrapheneOS provides an auto-reboot to put data at rest, a USB-C port control to disable data transfer or the port entirely when booted into the OS, clearing sensitive data of memory and exploit protection features.
#nevent1q…u038

2026-01-31 03:14:54 UTC

- reply

The post says: We've built our own text-to-speech system with an initial English language model we trained ourselves with fully open source data. It will be added to our App Store soon and then included in GrapheneOS as a default enabled TTS backend once some more improvements are made to it.
We're going to build our own speech-to-text implementation to go along with this too. We're starting with an English model for both but we can add other languages which have high quality training data available. English and Mandarin have by far the most training data available.
Existing implementations of text-to-speech and speech-to-text didn't meet our functionality or usability requirements. We want at least very high quality, low latency and robust implementations of both for English included in the OS. It will help make GrapheneOS more accessible.
Our full time developer working on this already built their own Transcribro app for on-device speech-to-text available in the Accrescent app store. For GrapheneOS itself, we want actual open source implementations of these features rather than OpenAI's phony open source though.
Whisper is actually closed source. Open weights is another way of saying permissively licensed closed source. Our implementation of both text-to-speech and speech-to-text will be actual open source which means people can actually fork it and add/change/remove training data, etc.

2026-01-30 21:39:54 UTC

You may have been aware of my posts about TTS / SST. Heres more info:
#nevent1q…30n0

2026-01-25 14:23:50 UTC

Seeing Proton get heat on social media for their marketing again so lets repost this. Treat these email services for what they are: Alternatives to Gmail or Outlook with a security perspective and automated encryption features.
Yes, people on social media can't read, but IMO they should approach their service in a different way ("A reasonably secure email provider" is my suggestion) If they don't want people ratioing them all the time... Most of these people getting the wrong answer is because their site can be pretty ambiguous about the technical details without searching a few pages deep for it. Posteo is an email provider that does openly clarify they can be compelled to intercept incoming emails in a better way than how Proton says it.
Still doesn't mean these services are a bad thing though.
#nevent1q…ltja

2026-01-24 20:18:27 UTC

- reply

2027

2026-01-23 13:22:38 UTC

- reply

There is also a way bigger flaw beyond this, and that is this Device Encryption feature (and by extension BitLocker) has **no PIN or password**. The device will just decrypt itself by powering on as it only uses the PC's TPM. The only threat this kind of protects against is the hard disk being removed from the PC. It doesn't prevent someone exploiting the OS to extract data like you commonly see in mobile device forensic tools...
This request for the recovery key is just to allow law enforcement to access the data while the hard disk is removed from the seized PC, because they insert hard disks into write blocked imaging kits to create a forensic clone of it's data to analyse with.
Back before TPMs were widely embedded into CPU firmware it wasn't common to see them get sniffed to get the keys. Anyone could do it too:
https://pulsesecurity.co.nz/articles/TPM-sniffing
BitLocker has a TPM+PIN, TPM+Key and TPM+PIN+Key pre-boot authentication setting but you need to tinker on Group Policy to do that. You'd also need to enable other policies to make the PIN an alphanumeric password...

2026-01-16 02:50:11 UTC

- reply

Fantastic work from Project Zero as always.
Thanks to security preview release channels these were patched in GrapheneOS before anywhere else. Considering memory corruption is involved and it was predominantly centered around Google Messages first, there would need to be a substantial effort to design an exploit chain around GrapheneOS if it was even possible. See what we said about it in November:
#nevent1q…rlzn

2026-01-15 05:03:30 UTC

- reply

You also have NextPush for Nextcloud too if Mozilla isn't your thing. Choices are pretty limited without hosting your own UnifiedPush infra unfortunately.
It is planned to work on having less features depend on sandboxed Google Play to reduce the need of people installing it for apps to work. We already do these efforts for apps like Google Messages and Pixel Camera.

2026-01-15 04:57:55 UTC

What this means that notifications will work for users not wishing to use play services sandboxed or otherwise.
Most android apps do notifications via FCM, which is Google's, and depends on a Play services implementation. If you ever wonder why app notifications barely work on AOSP distributions without Google services then now you know.
By using an app like Sunup (on Accrescent) you can use Mozilla's notification service via UnifiedPush for apps that use UnifiedPush notifications - such as this one.
Tell your developers to support notifications without Google.
#nevent1q…h0l3

2026-01-11 22:22:15 UTC

- reply

A hardened malloc notification would mean the application has a memory bug the exploit feature is detecting and forcibly crashes. Worth sending them the crash log.

2026-01-05 03:56:18 UTC

- reply

Most of what makes GrapheneOS secure is set up by default. Many of the features are simply additions for people with greater needs and are described on the site page.
Advanced Data Protection is related to iCloud, not the iPhone device or iOS. If you aren't storing data on iCloud it is mostly irrelevant but still useful to enable. Keep in mind your iCloud emails are not encrypted with ADP too. iCloud data is also not all Apple Account data.
Some countries have also blocked ADP, including the United Kingdom.
GrapheneOS doesn't have a cloud service like that, so it is moot. A new GrapheneOS device only connects to update servers (to deliver device updates), a network time service and a blank connectivity check page for captive portals, most of which are configurable.
A better and fairer comparison would be Lockdown Mode, which is a feature in iOS that lightly hardens the OS against exploits. Most of what iOS does in Lockdown Mode is also what GrapheneOS does but better:
- Lockdown Mode disables JS JIT (Just in Time compilation) for web browsing. Vanadium in GrapheneOS does too.
- Lockdown Mode prevents wired USB connections when locked, GrapheneOS does and also via hardware, including turning the USB port off in OS mode.
- FaceTime and iMessage improvements are moot as GrapheneOS doesn't bundle a messaging service. This would be dependent on the service you used. Most messaging apps give options to block unknown contacts, link previews and more.
Most iPhones are also behind on exploit protections except for the iPhone 17 and later which introduced memory tagging (which they affectionately call Memory Integrity Enforcement). Pixel 8 and later provided memory tagging for GrapheneOS years prior. iPhone 17 with Lockdown Mode and ADP is the best choice for anyone not willing to use GrapheneOS.
A great real world example of the security difference is capabilities provided by Cellebrite, a digital forensics company that leverages zero-days to extract data from devices.
Cellebrite can extract data from most unlocked iPhones and stock OS Pixels, but they can't touch Pixel 6 and later with GrapheneOS right now.
https://blossom.primal.net/6fe6ce43b109d25f92c39bcac12aa1d870a13c65fa2b26b28dcb9038e4c6fb87.png
(Note, this iOS extraction slide is old and has newer devices / OS version support by now)
https://arstechnica.com/gadgets/2025/10/leaker-reveals-which-pixels-are-vulnerable-to-cellebrite-phone-hacking/

2026-01-04 17:35:36 UTC

- reply

We don't really have an opinion on it, it's designed for GrapheneOS users so it should work. I've not heard of any reported issues myself.
In the future profiles may have their own localhost network access isolated with a toggle, which would stop it working if you enabled it, but this is a minor thing and not really being looked at as a priority.
Private Spaces (a secondary profile in the same environment as the current user) can let you share files between them via share dialogs without needing an app.

2026-01-04 11:44:14 UTC

- reply

true! the VPS is out for now. I'll put up again later when I have less on my plate and a post there.

2026-01-03 18:20:52 UTC

Would be cool to use with #GrapheneOS.
You are free to use their portable wireless charger with keyboard or even their Pixel 9 phone case. I recommend the former because you can still use it with USB disabled.
https://clicks.tech/en/powerkeyboard

2026-01-01 17:11:25 UTC

Happy new year everyone!
In 2025 GrapheneOS implemented:
- A network location provider for highly reliable location position without using Google's service and a geocoding service.
- Support for Android 16, QPR1 and QPR2 after Google's removal of device support and releases for all current Pixel devices.
- Heavily improved our automated porting tooling and server infrastructure.
- Our first security preview releases allowing users to recieve embargoed security patches for Critical/High CVEs a few months before stock Android.
- Closed out some VPN leaks from Android.
- Enabling experimental support for the developer option Terminal virtual machine manager app and other features like GUI support.
- Several improvements to Private Spaces, including use in secondary users, ending session for them, and installing available apps.
- Established a ASN for GrapheneOS and a highly reliable and widespread global network for GrapheneOS services.
This year should have some significant improvements with GrapheneOS, especially on the usage and accessibility front. There is also a lot of future Android features that will be key in delivering this, such as a fully working Desktop Mode. May this year wish us well.

2025-12-30 00:05:00 UTC

This is either a very hot or a very reasoned take and I am quoting my previous note for being potentially related but I'm not a fan of software choices being grouped together or categorised for certain types of people.
If you are using something only because a forum or a thread on social media told you to, then you are more of a sheep than the people using the platforms you are moving away from are. The latter are at least doing it out of a personal preference, not out of being alternative or contrarian. You don't need to be hardcore and use something that sticks to a specific social group.
Don't ask what the best of something is, ask WHY it is. Learn about the subject and see critically and you'll always find what the best project is for you. Don't walk in other people's shoes.
Research skills is everything. Read more. I think I read too little.
I once read a post off platform a while ago about how someone felt wrong leaving GrapheneOS to use something else because of (very justifiable) personal reasons to support their needs. The fact someone would feel really ashamed and negative that they aren't meeting some imposed values from some social group (over a software choice) is not okay. You can use and build what you want. This isn't purity testing. It comes across as a deeply toxic relationship between users.
#nevent1q…q8fg

2025-12-27 17:15:38 UTC

- reply

We are looking at replacing/forking existing inbuilt AOSP apps, keep in mind licensing makes many existing good choices incompatible.
A great gallery app that fits GrapheneOS is this one:
https://github.com/IacobIonut01/Gallery/releases
Recommend giving it a try.

2025-12-27 01:34:36 UTC

We're developing our own implementations of text-to-speech and speech-to-text to use in #GrapheneOS which are entirely open source and avoid using so-called 'open' models without the training data available. Instead, we're making a truly open source implementation of both where all of the data used for it is open source. If you don't want to use our app for local text-to-speech and speech-to-text then you don't need to use it. Many people need this and want a better option.
We are working on TTS first then SST. The TTS training data is LJ Speech https://keithito.com/LJ-Speech-Dataset/ and the model used is our own fork of Matcha-TTS.
If people want they can fork it and add/remove/change the training data in any way they see fit. It's nothing like the so-called "open" models from OpenAI, Facebook, etc. where the only thing that's open are the neural network weights after training with no way to know what they used to train it and no way to reproduce that.
Many blind users asked us to include one of the existing open source TTS apps so they could use it to obtain a better app. None of the available open source apps meets our requirements for reasonable licensing, privacy, security or functionality. Therefore, we've developed our own text-to-speech which will be shipping soon, likely in January. We'll also be providing our own speech-to-text. We're using neural networks for both which we're making ourselves.

2025-12-24 01:36:00 UTC

update: I'm an idiot and that is meant to be a Star of David not a pentagram (why the fuck is it red?)
#nevent1q…syxd

2025-12-24 00:26:07 UTC

(at the satanist conference) Alright guys we made the mobile operating system now all we need to do is set up THE CLUES
https://blossom.primal.net/59d1cd0ad65ef96e7c56775f8e787a3e66df2658e8b47557218c5458fd3b91f2.jpg

2025-12-18 03:13:33 UTC

#GrapheneOS is very distinct from other Android distributions and OEM configurations. There is a litany of Linux kernel and Android Runtime hardening changes and features powering GrapheneOS. This is very significant but often overlooked because most changes aren't visible to the end user.
The leading example of this is hardened_malloc, the hardened memory allocator used in GrapheneOS to protect against memory corruption vulnerabilities. You can find a technical article about it by Synacktiv, a French cyber security company:
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
Hardening in GrapheneOS are built on closing out commonly exploited attack surfaces, substituting them with more secure replacements, or giving them stronger security defaults.
If you are a blue teamer you'll already be familiar with the Pyramid of Pain:
https://blossom.primal.net/dd1714a0c2aa6daa03915a3c80ac805e22250a73783db4af223c3f3b9d3e08ba.jpg
For newcomers, this model is a layered pyramid that ranks indicators of compromise by a linear level of difficulty and cost for the threat actor to evade security measures to perform an attack; The bottom of the pyramid being very easy and trivial for the threat actor to change and the top being tough.
This model opens newcomers on how good security strategy is built: Techniques and capabilities over individual actors. Closing out tactics, techniques and procedures are far more important than blocking an IP address or a file hash. You want to protect against a type of attack, not against a particular actor who performs them.
The point of having extensive hardening features is that we need to ensure vulnerabilities that would affect Android are benign, harder to exploit or patched in GrapheneOS before they can be exploited. Android distributions carry the weight of vulnerabilities from upstream. To reduce that weight, we need to make sure a highly sophisticated exploit developer would have to uniquely design their exploit to target GrapheneOS, should they be able to at all.
Without that, GrapheneOS wouldn't be special. It would not be sensible to claim it is more security and privacy focused than Android if it was able to be exploited through the exact same mechanisms with little or no effort needed to port. An Android distribution that is just Android without Google services is mostly as exploitable as Android. Something that is "DeGoogled" (I don't use the term, it's Reddit tier buzzword nonsense) may not necessarily be safer to use either.
To earn the title of being hardened it needs more, but this isn't ever implemented well enough. Projects that have done so to the best of their ability also have died (DivestOS).
Our hardening features are available outside of GrapheneOS. Leading example of this is secureblue, a security hardened Linux distribution (https://secureblue.dev/) which is using hardened_malloc and Vanadium inspired chromium browser. A business also sells hardened Rocky Linux supporting hardened_malloc. If you are a maintainer of a leading project then implementing our hardening features and supporting is strongly encouraged.

2025-12-12 13:48:29 UTC

- reply

KDE was tested a long time ago and was a bit unstable. GNOME always worked even early on. I'll give it another try again in the future.

2025-12-12 02:09:51 UTC

Footage of highly experimental GUI Linux virtual machine (and video games) in highly experimental desktop mode in #GrapheneOS.
https://blossom.primal.net/06339de81a9838bd4cee7b84bd88762d88778dde80b6ba50927de75999849579.mp4
https://blossom.primal.net/bd1fd97a404101c130e7ad56ae9503494c7e1a724f5afabccd5ece0af10bf838.mp4
https://blossom.primal.net/3ed2e330632a2836084ed3059376077f5d0c7dd51e84a33a0c402a19847478f7.jpg
#nevent1q…urx4

2025-12-11 02:32:21 UTC

- Icons should now be themed regardless of if the app supports them.
- You can now change the shape of app icons on the home screen. This also includes PWAs(!!)
- You can add a Widget in the home screen that is a user profile switcher.
https://blossom.primal.net/54b87c485f1bf8c4024c217a33eea18ac8f6275336446aff0a7a1e206422203c.jpg
https://blossom.primal.net/94884eb3651ce95d6f8a3ae8311deb26e2adb984084f5e880237ea87b539b50c.jpg
#GrapheneOS
#nevent1q…7jzm

2025-12-09 17:50:15 UTC

This is how the Desktop Mode looks in #GrapheneOS. Here you can see how some apps look. Below is a screenshot of me typing this post in Amethyst and two instances of Vanadium on different profiles (Private Spaces) demonstrating unique VPN connections to the same applications on the same workspace.
https://blossom.primal.net/f7bb32591116ba34a66e62584b739450bd6d123fa868c2996563d9bfd7754b57.png
Here is how the apps resize.
https://blossom.primal.net/5e2a42eeb5fea10048668017aa1c4481a60585151a9bc8be717aa2e0fc91f847.png
This will continue to be improved in the Android 16 QPR2 based release of GrapheneOS on the way and possibly be available outside of a developer option in Android 17.

2025-12-09 00:07:33 UTC

Reflecting on this, likely given the poster, bait tweet, but a good discussion to be had:
You should be free and able to use what you want. What's not valuable to somebody may be valuable to somebody else. I'm a complete nobody with a normal life and I use GrapheneOS, Monero, I2P, LUKS etc. like this picture says.
However, there is a different conversation to be had that you could use this same image with. Many people treat software choices like a subculture purity test. Software choice is treated like Console Wars or sports teams.
There are certain groups of people who use things simply to be performative rather than just being honest that it is a preference. It serves no relevance in their threat model to use what they have to (counterargument: threat model doesn't need to be your sole reasoning to use something anyway). Some like to believe you need to be part of a certain group and you need to follow the rest of the trends of that group to fit in. Used Linux? Now you got to use Firefox.
It's fine to say GrapheneOS is superior to something (we say that a lot). What is not fine is believing you are a superior person for using it, same with any other software. Classical FSF bros, Reddit users, and performative activists stink up discussions like skunks with this attitude. Every major project has this problem.
If I had to TLDR this, then: Don't be sheep. Use everything in your preference, not to just reflect looking like others. You shouldn't see all these and be like "I want to use all of this!!", because really, you likely do not.
https://blossom.primal.net/cca13f70cab22652120851d1c2fe730bfb691c4bd39ac95912007ee8b3deddc9.jpg

2025-12-06 03:35:22 UTC

GrapheneOS news boring tiday, here is an OpSec of the year 2025 late contender.
This is an update of that guy who falsely claimed GrapheneOS was compromised by law enforcement. He posted a document showing a warrant for **premeditated murder** and claimed we were to blame despite zero evidence of a device being exploited or even data of ANY device being accessed.
https://x.com/GrapheneOS/status/1997126386968903972?s=20
The content they post across social media regularly implicates themselves in crimes they supposedly commit. They're now claiming that despite previously claiming GrapheneOS is insecure, they were using it and blame it for supposedly being charged with premeditated murder.
The whole thing appears to be a very badly run smear operation targeting GrapheneOS. They're trying to portray GrapheneOS as heavily used by criminals while also portraying it as insecure. Despite claiming it's insecure, they supposedly keep using it and getting caught due to it.
In their new story, they claim to have fled Belgium due to premeditated murder charges. They blame GrapheneOS as they claim the only way they could have been caught is Threema messages on the device. They claim the duress PIN feature many people have tested didn't trigger.
They've been making claims about GrapheneOS supposedly being compromised or insecure for a while. It's quite strange for them to now come out with the claim that they were relying on it to store incriminating messages for plotting a murder. Incredibly strange thing to admit on X.
If all of what they're saying is taken at face value, then they appear to be a career criminal who scams for people for a living and has gotten themselves into something darker. They have atrocious legal representation.
If what they've said is true, they should go back to Belgium and turn themselves in. They've made it pretty clear they have incriminating evidence on their phone they tried to wipe but misremembered the duress PIN. They ASSUME their phone was exploited to get it with no proof.
They claim to have an active investigation into themselves for murder. They claim to have tried to destroy incriminating evidence and fled the country. If it's real, their opsec approach is extraordinary. We think it's someone investing many months into smearing us this way.

2025-12-02 20:23:18 UTC

Web hosting / low spec VPS providers that accept Lightning... Go
Bonus points for domain registrar.
Time to put some value back on some sats.

2025-11-24 20:14:35 UTC

We no longer have any active servers in France and are continuing the process of leaving OVH. We'll be rotating our TLS keys and Let's Encrypt account keys pinned via accounturi. DNSSEC keys may also be rotated. Our backups are encrypted and can remain on OVH for now.
Our App Store verifies the app store metadata with a cryptographic signature and downgrade protection along with verification of the packages. Android's package manager also has another layer of signature verification and downgrade protection.
Our System Updater verifies updates with a cryptographic signature and downgrade protection along with another layer of both in update_engine and a third layer of both via verified boot. Signing channel release channel names is planned too.
Our update mirrors are currently hosted on sponsored servers from ReliableSite (Los Angeles, Miami) and Tempest (London). London is a temporary location due to an emergency move from a provider which left the dedicated server business and will move. More sponsored update mirrors are coming.
Our ns1 anycast network is on Vultr and our ns2 anycast network is on BuyVM since both support BGP for announcing our own IP space. We're moving our main website/network servers used for default OS connections to a mix of Vultr+BuyVM locations.
We have 5 servers in Canada with OVH with more than static content and basic network services: email, Matrix, discussion forum, Mastodon and attestation. Our plan is to move these to Netcup root servers or a similar provider short term and then colocated servers in Toronto long term.
France isn't a safe country for open source privacy projects. They expect backdoors in encryption and for device access too. Secure devices and services are not going to be allowed. We don't feel safe using OVH for even a static website with servers in Canada/US via their Canada/US subsidiaries.
We were likely going to be able to release #GrapheneOS for experimental Pixel 10 support very soon and it's getting disrupted because of this. The attacks on our team continue to escalate. It is rough right now and your support is appreciated. Let's release soon.
#nevent1q…as3s

2025-11-23 16:59:33 UTC

More people should have the new updates with the UI refresh now.
#nevent1q…nqup

2025-11-21 00:07:33 UTC

Interview of French federal prosecutor saying that not providing them with backdoors is unacceptable and they'll go after us with charges if we don't cooperate with them:
archive.is/UrlvK
There's a very direct threat towards us in that article. They've made it clear they do not consider it acceptable for there to be devices they cannot break into. In that interview, there's a clear statement they'll go after us as they did others if we don't "cooperate" with them.
The demands they have from us are unspecified but we're not going to wait around to find out what they expect from us. #GrapheneOS will exit remaining global infrastructure in France and OVH as soon as possible. We do not feel safe operating in a country with federal law enforcement agencies lying about us and threatening us.
France's government is a strong supporter of backdoors for secure messaging apps including heavily supporting Chat Control. They appear to have the same position on secure devices. Their previous law enforcement action against both was done based on claims of ties to criminals.
In some of the cases, it was clear the companies were tied to criminals. One of those companies was an FBI sting operation from early on which was advertising itself as being based on GrapheneOS. Maybe some of the ones they're conflating with us are also sting operations too.
They're conflating shady companies selling products they say are based on GrapheneOS with us. ANOM was a sting operation by the FBI paying criminals to sell phones to criminals while advertising it as being based on GrapheneOS. Since when is the FBI facilitating crimes in France our fault?

2025-11-19 12:05:52 UTC

We at #GrapheneOS were contacted by a journalist at Le Parisien newspaper with this prompt:
> I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue?
Absolutely no further details were provided about what was being claimed, who was making it or the basis for those being made about it. We could only provide a very generic response to this.
Our response was heavily cut down and the references to human rights organizations, large tech companies and others using GrapheneOS weren't included. Our response was in English was translated by them: "we have no clients or customers" was turned into "nous n’avons ni clients ni usagers", etc...
GrapheneOS is a freely available open source privacy project. It's obtained from our website, not shady dealers in dark alleys and the "dark web". It doesn't have a marketing budget and we certainly aren't promoting it through unlisted YouTube channels and the other nonsense that's being claimed.
GrapheneOS has no such thing as the fake Snapchat feature that's described. What they're describing appears to be forks of GrapheneOS by shady companies infringing on our trademark. Those products may not even be truly based on GrapheneOS, similar to how ANOM used parts of it to pass it off as such.
France is an increasingly authoritarian country on the brink of it getting far worse. They're already very strong supporters of EU Chat Control. Their fascist law enforcement is clearly ahead of the game pushing outrageous false claims about open source privacy projects. None of it is substantiated.
iodéOS and /e/OS are based in France. iodéOS and /e/OS make devices dramatically more vulnerable while misleading users about privacy and security. These fake privacy products serve the interest of authoritarians rather than protecting people. /e/OS receives millions of euros in government funding.
Those lag many months to years behind on providing standard Android privacy and security patches. They heavily encourage users to use devices without working disk encryption and important security protections. Their users have their data up for grabs by apps, services and governments who want it.
There's a reason they're going after a legitimate privacy and security project developed outside of their jurisdiction rather than 2 companies based in France within their reach profiting from selling 'privacy' products.
https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private
Here's that article:
https://archive.is/AhMsj

2025-11-18 22:45:33 UTC

Welcome to Material 3 Expressive on GrapheneOS.
https://blossom.primal.net/7114b019b7049a7c9f4c9db5bbf7fae33b663a5d1e773dce9b6ad8611fadddff.jpg
https://blossom.primal.net/53ab99b08920bdd08b73c6eb12fe0a65404c100f13cf87ad24b7e29ffbd091be.jpg

2025-11-09 10:59:33 UTC

Project Zero (Google's security research team) found a remotely exploitable vulnerability impacting Google Messages and reported internally back in June 2025 but the team at Android still have not fixed for the stock OS. People can have their device remotely exploited and taken over without any interaction from the victim with a known vulnerability.
https://project-zero.issues.chromium.org/issues/428075495
Another win for us, but truthfully, users shouldn't have to install a third party operating system like #GrapheneOS to have protection against such a thing. Any responsible team would have patched by now. iOS would have.
The same applies to getting security patches when they are created. An embargo of up to three months for vulnerability information and patches is unacceptable. We have patches scheduled for March 2026 coming in our security preview releases while most OEMs are just following the monthly Android Security Bulletins.
Google's ongoing layoffs and recent misguided changes to the security update model have significantly reduced stock Android security.

2025-11-05 19:39:31 UTC

Linus Tech Tips tried out #GrapheneOS. Check it out:
https://www.youtube.com/watch?v=gDR6V5OdnYg

2025-10-14 16:03:52 UTC

What I can say for now:
- #GrapheneOS has partnered with a major Android OEM. One of the top ten.
- We aim to have a device by H2 2026, but potentially 2027.
- We have early source access for patches and, soon, major releases through our partner.
- We are aiming to get their next generation flagship devices able to support installing GrapheneOS.
- The device will have the flagship Snapdragon 8 Elite 2 (SM8850) SoC.
- We will continue to support Pixels if they continue to release with support. We will also aim to have Pixel 10 support once Android 16 QPR1 sources are available.
#nevent1q…3p3p

2025-09-06 21:31:28 UTC

The Tor Project's upcoming VPN Android app has been moved to beta. Here is how it looks on #GrapheneOS:
This version uses Arti, Tor's Rust implementation, it is more modern and secure. Each app will get their own Tor circuit and exit IP. Unlike Orbot which is an on-device Tor proxy with a VPN feature, it appears app is designed to be a VPN first and foremost.
https://image.nostr.build/769542c0fe9050368278a01cd4daa28a6d5b232ea8a2251ce460f160dac596e9.jpg https://image.nostr.build/b7c81d1e5395f0c8125afc627c1df9ed8b757c5293df185503b9f97a484ee4aa.jpg https://image.nostr.build/b9f7b0ea28ed2915675d9e9b9df4ef1b6cb3e6f7f6309a3796d2dbb84fdd8c7a.jpg https://image.nostr.build/b548e3355c9f66225c09b7f25fe464de1cca7b24a9a1a9629c93891740b050a4.jpg