#GrapheneOS version 2026010800 released.

• raise declared patch level to 2026-01-05 which has been provided since we moved to Android 16 QPR2 in December due to Pixels shipping CVE-2025-54957 in December

• re-enable the system keyboard at boot if it's disabled

• switch to the system keyboard when device boots to the Safe Mode

• add "Reboot to Safe Mode" power menu button in Before First Unlock state to make Safe Mode much more discoverable for working around app issues such as a broken third party keyboard

• add workaround for upstream UsageStatsDatabase OOM system_server crash

• add workaround for upstream WindowContext.finalize() system_server crash

• disable buggy upstream disable_frozen_process_wakelocks feature causing system_server crashes for some users

• Sandboxed Google Play compatibility layer: fix phenotype flags not working in Play services clients

• Sandboxed Google Play compatibility layer: add MEDIA_CONTENT_CONTROL as a requested permission for Android Auto as part of our toggles for it to avoid needing to grant the far more invasive notification access permission

• Sandboxed Google Play compatibility layer: extend opt-in Android Auto Bluetooth support to allow A2dpService.setConnectionPolicy() to fix Bluetooth functionality (previously worked around with a GmsCompatConfig update avoiding a crash)

• switch to new upstream PackageInstallerUI implementation added in Android 16 QPR2 and port our changes to it

• update SQLite to 3.50.6 LTS release

• add an extra layer of USB port protection on 10th gen Pixels based on upstream functionality to replace our USB gadget control which was causing compatibility issues with the Pixel 10 USB drivers

• allow SystemUI to access NFC service on 10th gen Pixels to fix the NFC quick tile • disable the upstream Android USB data protection feature since it conflicts with our more advanced approach and causes issues

• issue CHARGING_ONLY_IMMEDIATE port control command in more cases

• fix an issue in our infrastructure for spoofing permission self-checks breaking automatically reading SMS one-time codes for certain apps

• add workaround for upstream KeySetManagerService system_server crash causing a user to be stuck on an old OS version due to it causing a boot failure when booting a the new OS version after updating

• wipe DPM partition on 10th gen Pixels as part of installation as we do on earlier Pixels since it's always meant to be zeroed on production devices

• Settings: disable indexing of the unsupported "Parental controls" setting which is not currently available in AOSP

• Settings: disable redundant indexing of widgets on lockscreen contents which is already indexed another way

• skip all pseudo kernel crash reports caused by device reboot to avoid various false positive crash reports

• Vanadium: update to version 143.0.7499.192.0

All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2026010801 security preview release. List of additional fixed CVEs:

• High: CVE-2025-32348, CVE-2025-48561, CVE-2025-48615, CVE-2025-48630, CVE-2025-48641, CVE-2025-48642, CVE-2025-48644, CVE-2025-48645, CVE-2025-48646, CVE-2025-48649, CVE-2025-48652, CVE-2025-48653, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018, CVE-2026-0020, CVE-2026-0021, CVE-2026-0022, CVE-2026-0023, CVE-2026-0024, CVE-2026-0025

https://grapheneos.org/releases#2026010800

Nitrokey is a cyber security company. They are just a third party that sell GrapheneOS devices, not related.

update for nostr clients without edits: 'unlocked' changed to 'locked'

Worth noting stock Android also added 'Advanced Protection' which does similar, but still the same as Lockdown Mode where it does less than what GrapheneOS does, many of which is part of GrapheneOS *by default*.

Most of what makes GrapheneOS secure is set up by default. Many of the features are simply additions for people with greater needs and are described on the site page.

Advanced Data Protection is related to iCloud, not the iPhone device or iOS. If you aren't storing data on iCloud it is mostly irrelevant but still useful to enable. Keep in mind your iCloud emails are not encrypted with ADP too. iCloud data is also not all Apple Account data.

Some countries have also blocked ADP, including the United Kingdom.

GrapheneOS doesn't have a cloud service like that, so it is moot. A new GrapheneOS device only connects to update servers (to deliver device updates), a network time service and a blank connectivity check page for captive portals, most of which are configurable.

A better and fairer comparison would be Lockdown Mode, which is a feature in iOS that lightly hardens the OS against exploits. Most of what iOS does in Lockdown Mode is also what GrapheneOS does but better:

- Lockdown Mode disables JS JIT (Just in Time compilation) for web browsing. Vanadium in GrapheneOS does too.

- Lockdown Mode prevents wired USB connections when locked, GrapheneOS does and also via hardware, including turning the USB port off in OS mode.

- FaceTime and iMessage improvements are moot as GrapheneOS doesn't bundle a messaging service. This would be dependent on the service you used. Most messaging apps give options to block unknown contacts, link previews and more.

Most iPhones are also behind on exploit protections except for the iPhone 17 and later which introduced memory tagging (which they affectionately call Memory Integrity Enforcement). Pixel 8 and later provided memory tagging for GrapheneOS years prior. iPhone 17 with Lockdown Mode and ADP is the best choice for anyone not willing to use GrapheneOS.

A great real world example of the security difference is capabilities provided by Cellebrite, a digital forensics company that leverages zero-days to extract data from devices.

Cellebrite can extract data from most unlocked iPhones and stock OS Pixels, but they can't touch Pixel 6 and later with GrapheneOS right now.



(Note, this iOS extraction slide is old and has newer devices / OS version support by now)

https://arstechnica.com/gadgets/2025/10/leaker-reveals-which-pixels-are-vulnerable-to-cellebrite-phone-hacking/

We don't really have an opinion on it, it's designed for GrapheneOS users so it should work. I've not heard of any reported issues myself.

In the future profiles may have their own localhost network access isolated with a toggle, which would stop it working if you enabled it, but this is a minor thing and not really being looked at as a priority.

Private Spaces (a secondary profile in the same environment as the current user) can let you share files between them via share dialogs without needing an app.

true! the VPS is out for now. I'll put up again later when I have less on my plate and a post there.

This is a keyboard for any phone, not a phone. We can't support the communicator device.

Would be cool to use with #GrapheneOS.

You are free to use their portable wireless charger with keyboard or even their Pixel 9 phone case. I recommend the former because you can still use it with USB disabled.

https://clicks.tech/en/powerkeyboard

PR and marketing departments are for companies. GrapheneOS isn't a company and trying to have 'relations' for organisations making money shipping flawed products is for people who care more about the money than whatever they are developing. Maybe their community should learn to shame products more for having basic security deficiencies like the cyber security community does.

We never talk about GrapheneOS being "degoogled" on the docs beyond mentioning no Google apps and services are included by default. It's a sociopolitically charged buzzword used for marketing that belongs on Reddit. It has little technical merit nor does it assure something is actually safe or private to use...

Google is a megacorp motivated by profit. Their only real aim is making money. They get the best products because big money to spend equals big talent to buy. Many of their technical people have expressed how they like GrapheneOS, but their business side do not really care. We did not have any special partner access because of this until an OEM we are working with came around to do it by proxy.

The GrapheneOS Foundation is a thing. If a wealthy individual wants to donate they can send the money there. There won't be strings attached though and they shouldn't send anything expecting treatment beyond our thanks.

Happy new year everyone!

In 2025 GrapheneOS implemented:

- A network location provider for highly reliable location position without using Google's service and a geocoding service.
- Support for Android 16, QPR1 and QPR2 after Google's removal of device support and releases for all current Pixel devices.
- Heavily improved our automated porting tooling and server infrastructure.
- Our first security preview releases allowing users to recieve embargoed security patches for Critical/High CVEs a few months before stock Android.
- Closed out some VPN leaks from Android.
- Enabling experimental support for the developer option Terminal virtual machine manager app and other features like GUI support.
- Several improvements to Private Spaces, including use in secondary users, ending session for them, and installing available apps.
- Established a ASN for GrapheneOS and a highly reliable and widespread global network for GrapheneOS services.

This year should have some significant improvements with GrapheneOS, especially on the usage and accessibility front. There is also a lot of future Android features that will be key in delivering this, such as a fully working Desktop Mode. May this year wish us well.