grapheneos - Network

OEMs licensing GMS are blocked from including many features in GrapheneOS. They obviously can't provide sandboxed Google Play, but less...

OEMs licensing GMS are blocked from including many features in GrapheneOS. They obviously can't provide sandboxed Google Play, but less obviously can't provide our Storage Scopes, Contact Scopes, Sensors toggle, Network toggle, much broader/better MTE integration and far more.

Google has taken a similar path with the extraordinarily anti-competitive Play Integrity API, which disallows using any hardware or OS not...

Google has taken a similar path with the extraordinarily anti-competitive Play Integrity API, which disallows using any hardware or OS not licensing Google Mobile Services (GMS). Licensing GMS forces shipping Google apps with invasive access and limits allowed changes to the OS.

Google was already blocking competing app stores with their Advanced Protection Program required to properly secure a Google account, but...

Google was already blocking competing app stores with their Advanced Protection Program required to properly secure a Google account, but now they're tying Android device security to this. Want proper encryption security via inactivity reboot? You cannot use competing app stores.

Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are...

Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are installed from the Play Store. Similarly to the Play Integrity API, it's Google reinforcing their monopolies with security as an excuse for it.

Part of enabling Android's Advanced Protection feature is disallowing users from installing apps from outside of the Play Store. This...

Part of enabling Android's Advanced Protection feature is disallowing users from installing apps from outside of the Play Store. This can currently be bypassed using Android Debug Bridge via developer options, but that's awful for security and they'll likely crack down on it too.

It's entirely possible to provide the new security features standalone and then group them together in a mode enabling all of them, but...

It's entirely possible to provide the new security features standalone and then group them together in a mode enabling all of them, but with the option to disable certain features. That could then show up as a warning that the mode isn't fully enabled. Instead, they copied iOS.

Since they aren't maintaining or testing it, other Chromium-based browsers can't use this feature without taking on the...

Since they aren't maintaining or testing it, other Chromium-based browsers can't use this feature without taking on the responsibility of maintaining it. Google could easily start maintaining it to fix their very misleading "V8 Optimizer" toggle but so far has neglected to do so.

Microsoft implemented a simple WebAssembly interpreter for Microsoft Edge as part of their earlier JIT disable feature. Microsoft submitted...

Microsoft implemented a simple WebAssembly interpreter for Microsoft Edge as part of their earlier JIT disable feature. Microsoft submitted their WebAssembly interpreter to Chromium and got it merged after a long time. Chrome / Chromium doesn't use it, maintain it or test it.

Chrome's "V8 Optimizer" toggle started out as a JIT toggle. However, Chromium's WebAssembly support currently requires JIT...

Chrome's "V8 Optimizer" toggle started out as a JIT toggle. However, Chromium's WebAssembly support currently requires JIT and they quickly crippled the setting in an emergency update. It now only disables the highest 2 tiers of the JIT, so a lot of the security value is missing.

Chrome / Chromium provides a very misleading "V8 Optimizer" toggle which contrary to popular belief does not disable the...

Chrome / Chromium provides a very misleading "V8 Optimizer" toggle which contrary to popular belief does not disable the Just-In-Time compiler and therefore cannot block dynamic code generation. It's not a default JIT disable like iOS lockdown mode or default GrapheneOS.

Certain apps like Molly opt-in to MTE, but this doesn't really do anything since so far Android isn't providing any production MTE...

Certain apps like Molly opt-in to MTE, but this doesn't really do anything since so far Android isn't providing any production MTE support. This tiny minority of apps enabling the feature will finally have it on certain devices for < 0.001% of users using Advanced Protection.

The Advanced Protection mode support for the ARM Memory Tagging Extension (MTE) is misleading. It won't be using it for the kernel, most...

The Advanced Protection mode support for the ARM Memory Tagging Extension (MTE) is misleading. It won't be using it for the kernel, most of the base OS or 99.999999% of apps. It will only be enabled for certain base OS components and a tiny minority of apps explicitly enabling it.

Both GrapheneOS and iOS enabled lock device auto-reboot by default, at 18 and 72 hours respectively. It can be set between 10 minutes and 72...

Both GrapheneOS and iOS enabled lock device auto-reboot by default, at 18 and 72 hours respectively. It can be set between 10 minutes and 72 hours on GrapheneOS along with having an opt-out. Putting this behind a feature barely anyone will use makes the real world impact minimal.

GrapheneOS added locked device auto-reboot in July 2021. We proposed it to Google for Android in January 2024 as part of reporting...

GrapheneOS added locked device auto-reboot in July 2021. We proposed it to Google for Android in January 2024 as part of reporting exploitation by forensic data extraction companies. They implemented several of our other proposals, but not this until iOS added it in October 2024.

Most of the features already existed. The new ones are cloud-based intrusion logging, inactivity reboot (hard-wired to 72 hours), a new mode...

Most of the features already existed. The new ones are cloud-based intrusion logging, inactivity reboot (hard-wired to 72 hours), a new mode of USB protection and disabling auto-connect to a small subset of insecure Wi-Fi networks. Production MTE support is also essentially new.

Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which...

Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which require using all of the other features. This prevents people using new security features if they need to avoid 1 feature.

https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html

Vanadium version 136.0.7103.125.0 released:https://github.com/GrapheneOS/Vanadium/releases/tag/136.0.7103.125.0See the linked release notes...

Vanadium version 136.0.7103.125.0 released:

https://github.com/GrapheneOS/Vanadium/releases/tag/136.0.7103.125.0

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/22476-vanadium-version-136071031250-released

#GrapheneOS #privacy #security #browser

See https://grapheneos.org/usage#contact-scopes and https://grapheneos.org/usage#storage-scopes to information on our existing Contact...

See https://grapheneos.org/usage#contact-scopes and https://grapheneos.org/usage#storage-scopes to information on our existing Contact Scopes and Storage Scopes features. You can also already use the standard Android Mock Location but our per-app feature will be simpler and much more convenient than the global one.

Support for setting a per-app video stream as an alternative to granting Camera access, a per-app audio stream as an alternative to granting...

Support for setting a per-app video stream as an alternative to granting Camera access, a per-app audio stream as an alternative to granting Microphone access and a per-app location as an alternative to granting Location access will be implemented after our port to Android 16.

We can still consider the regular request we get for adding timeouts to the global toggles. However, we don't want to further encourage...

We can still consider the regular request we get for adding timeouts to the global toggles. However, we don't want to further encourage granting persistent access to apps with reliance on the global toggles to disable it. Apps using it preventing a timeout would also be an issue.