Share this page!

GrapheneOS Profile picture
Twitter logo
24 Oct, 7 tweets, 2 min read
Pixel 3 and Pixel 3 XL are near the end of their minimum guarantee of full security support. It's not yet known when that will actually end. It's possible they'll be fully supported for another 6 months, but only a few devices like Pixel C have been supported that much longer.
We'll mark them as legacy devices once the full security support has ended and they're no longer receiving firmware updates or maintenance for the rest of the device support code in the OS. GrapheneOS will continue providing extended support releases for them until Android 13.
Pixel 6 and Pixel 6 Pro have been announced as having a minimum of 5 years of full security support. It's a major improvement over the 3 year guarantee.

Once 6th generation Pixels are properly launched and our developers have them, it'll likely take a few months to support them.
Qualcomm has moved to providing a guarantee of 4 years of security support for their smartphone Snapdragon SoC from launch.

In order for a device to be considered for official GrapheneOS support, we'll be requiring at least 4 years of full security support rather than 3 years.
We also expect devices to provide at least comparable hardware security to the three year old Pixel 3 along with full support for using the hardware-based security features with an alternate OS. It currently disqualifies every non-Pixel phone but we hope that will change soon...
We're still working on finding hardware partners:



We're in touch with a few companies but most aren't in a position to produce a phone meeting the requirements in the near future. Making secure devices is a lot different than marketing devices as secure.
Qualcomm is providing a secure element in their flagship SoC products but it likely doesn't provide everything that's expected yet. It would be nice if it was as simple as licensing a flagship Qualcomm SoC, doing a decent job with other components and configuring it securely.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with GrapheneOS

GrapheneOS Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @GrapheneOS

GrapheneOS Profile picture
24 Oct
If you're using our sandboxed Play services compatibility layer, you should update the Play services apps to the Android 12 releases after you update the OS.

Our mirror of the official releases at apps.grapheneos.org/packages/?C=N&… has been updated to use the current Android 12 releases.
Android 11 releases of Play services still work with our compatibility layer on Android 12 but the new functionality is missing.

GSF isn't distributed through the Play Store since it's usually only updated as part of OS releases, so that's why the Play Store can't update GSF.
Play Store can be used to update Play services (GMS) but it may not work well if GSF is still for Android 11.

In theory, the Play Store should also be able to update itself rather than just GMS, but we haven't figured out how to add support for it to the compatibility layer yet.
Read 6 tweets
GrapheneOS Profile picture
13 Oct
GrapheneOS is well into the migration to Android 12. Many unexpected issues have cropped up and progress is going much slower than anticipated.

It's a better time than ever to start working on the project since so much work needs to be done over the next few weeks in many areas.
Starting with making a development build of Android 12 GrapheneOS for the emulator via grapheneos.org/build is the best way to start. Most of the work can be done in the emulator.

Since there aren't official releases of Android 12 yet, building for devices has extra steps.
Temporary instructions on using android-prepare-vendor with the Android 12 Beta 5 releases has been added to grapheneos.org/build#extracti…. Our recommendation is to start with the emulator target. We also haven't yet finished initial device support for all of the supported devices yet.
Read 4 tweets
GrapheneOS Profile picture
18 Sep
GrapheneOS developers/moderators are being impersonated across different platforms (Matrix, Telegram, Reddit) as part of the attacks on the project.

They're copying our display names, avatars and usernames. Make sure to confirm it's one of our accounts and not someone malicious.
This is one of the tactics being used to cause harm to GrapheneOS. See github.com/bromite/bromit… for a particularly damaging past incident where they impersonated Bromite's developer.

Happening more frequently now and multiple developers/moderators are being targeted this way.
People have fallen for this trick repeatedly and a lot of harm has been caused with it. It's not going to keep working for them when they're doing it so frequently.

It's unfortunate CalyxOS/Techlore have encouraged their communities to engage in these relentless attacks on us...
Read 11 tweets
GrapheneOS Profile picture
13 Sep
microG does NOT provide an open source implementation of Play services. Apps using Play services integrate the closed source Google libraries which are fully capable of contacting Google services regardless of whether Play services is present, and also do so in practice too.
The implementation of the services is also still closed source. It's only an open source middleman and the Google libraries are perfectly capable of communicating with the Google services without it. It doesn't provide better privacy or security and doesn't make Play open source.
It's not as secure as the official Play services implementation and doesn't provide comparable privacy for user data. It leaks user data across apps, doesn't properly enforce the API security model and doesn't provide comparable transport security via pinning and other measures.
Read 20 tweets
GrapheneOS Profile picture
11 Sep
Auditor (attestation.app/about) uses very dense QR codes for response from the Auditee device to the challenge from the Auditor device. It relies on specialized certificate chain compression with a pre-shared DEFLATE dictionary for the attestation to fit into a QR code at all.
In order to improve security of chaining trust from hardware attestation to the app, Auditor uses the very niche android:useEmbeddedDex="true" feature to disable on-device ahead-of-time compilation for the app's Kotlin/Java code. It makes the QR scanning harder on GrapheneOS.
Android uses a mix of on-device ahead-of-time (AOT) compilation and just-in-time (JIT) compilation for Java/Kotlin.

GrapheneOS disables JIT to improve security. It compensates by using full AOT compilation which results in better overall Java/Kotlin performance and battery life.
Read 5 tweets
GrapheneOS Profile picture
8 Aug
GrapheneOS is just as focused on improving privacy as security. A few of the many added features:

* Sensors permission toggle
* Network permission toggle
* Wi-Fi anonymity (per-connection MAC randomization, anonymous DHCP, anonymous IPv6)

See grapheneos.org/features for more.
App sandbox on GrapheneOS also leaks significantly less data to apps. Most of our privacy improvements are under the hood and don't require user-facing interfaces.

Our improvements requiring configuration are natively integrated into the Settings app and match the standard UI.
Sensors/Network toggles are part of the standard permission UI.

Sensors toggle disables access to all sensors not covered by existing permissions and returns zeroed data.

Network toggle fully disables both direct network access and indirect via APIs requiring the permission.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @GrapheneOS has new unrolls!

Check out other threads from @GrapheneOS!

Read all threads by @GrapheneOS

:(