Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
GrapheneOS Profile picture
@GrapheneOS
Jun 18 1 tweets 2 min read Read on X
We built an initial release of GrapheneOS based on Android 17 (2026061700) but aren't going to release it through our Alpha channel due to discovering a serious upstream bug. Android 17 broke support for sideloading updates via recovery unless the OS images are large enough to exhaust COW space.

The stock Pixel OS is drastically larger than GrapheneOS due to having a massive amount of additional bundled app code for Google Mobile Services, many other Google apps and various Pixel apps. It's always above the threshold triggering the fallback code path for sideloading OS updates in recovery.

Over-the-air updates from both older versions to Android 17 and Android 17 to Android 17 work fine. It's only sideloading impacted by this. We don't want to release an OS version with broken OS update sideloading so we've cancelled 2026061700 and are building 2026061800 with a workaround for it.

Our current workaround is to force enable the fallback code path triggered by large OS images. This will fix sideloading an Android 17 version of GrapheneOS to another Android 17 version of GrapheneOS. However, sideloading Android 17 updates to older versions won't work without a further workaround.

We've tried making a build with a randomly generated 1GiB file included to make GrapheneOS about as large as the stock Pixel OS which fully works around the issue. We're not actually going to do that but rather we'll use the workaround forcing the fallback path for now and we'll find a proper fix.

Our workaround will provide working sideloading from our initial Android 17 release to a future release. However, it isn't currently possible to sideload from 16 QPR2. We could make an extra 16 QPR2 update for people who only sideload updates with the workaround to use until we make a proper fix.

Google didn't run into this because they add so much bloat to the OS for Google Mobile Services including Google Play services along with a bunch of other Google and Pixel apps. Pixel OS is a lot smaller than the OS on most Android devices but it's drastically larger than AOSP and even GrapheneOS.

GrapheneOS uses ahead-of-time compilation for Java/Kotlin code which greatly increases the size of the apps in the OS images. Despite this, it's still drastically smaller than the Pixel OS. It would be substantially larger if we bundled as much code as they do but instead it's the opposite...

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with GrapheneOS

GrapheneOS Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @GrapheneOS

GrapheneOS Profile picture
Apr 30
GrapheneOS is immune to the Copy Fail vulnerability due to the deep integration of SELinux in the Android Open Source Project (AOSP). AOSP only permits using specific types of sockets throughout the OS. It only permits the dumpstate process used to create bug report zips to access AF_ALG sockets.

SELinux is based on explicitly listing out everything that's permitted and anything not listed isn't allowed. AOSP uses strict, fine-grained SELinux policies for the whole OS. Instead of simply permitting everything that's used in a fine-grained way, the rest of the OS is developed with it in mind.
Android makes extensive use of neverallow rules to define and enforce the security goals for the SELinux. Since SELinux uses an allowlist approach, neverallow rules don't directly disallow anything at runtime but rather prevent creating rules violating the constraints. It does this for socket types.

Here's where Android defines a neverallow for many types of sockets including AF_ALG for regular sandboxed apps:

android.googlesource.com/platform/syste…

Android has a versioned app sandbox which gets stricter for new API levels. The versioned domains inherit from that untrusted_app_all domain.
Android's usage of SELinux is drastically different from mainstream desktop and server Linux distributions where it's only lightly used in a very targeted way. This is a nice example showing how it massively reduces Linux kernel attack surface on AOSP-based operating systems including GrapheneOS.

Android splits SELinux into system and vendor policies. Both of these must conform to the extensive neverallow rules. The vendor policies are defined as part of implementing hardware support for a device and permit what's required by the drivers. Most of the driver code is sandboxed userspace code.

Android extended SELinux with support for ioctl command allowlists to reduce kernel attack surface. These ioctl command allowlists are used for sockets and many other core kernel devices to limit attack surface. It's also used with drivers in the vendor policies such as GPU ioctl command allowlists.
Read 6 tweets
GrapheneOS Profile picture
Apr 20
We've added a JSON API making it easier for services to permit GrapheneOS in addition to Google-certified operating systems:

grapheneos.org/attestation.js…
grapheneos.org/attestation.js…

The verifiedBootKeys array lists GrapheneOS key fingerprints to permit via Android hardware attestation.
It can be extended with a list of key attestation root certificates once we have devices using an alternative to Google's Android key attestation ecosystem. Each of will have their own certificate revocation list for apps to check if they care. There's no need for anything more.
Apps which are forced by regulations or liability reasons to implement integrity checks should use the standard Android hardware attestation API. The Play Integrity API is insecure and anti-competitive. The Play Integrity API creates massive legal liability for the apps using it.
Read 10 tweets
GrapheneOS Profile picture
Apr 11
/e/ and Murena have been been promoting their products by misleading people about GrapheneOS for years. This has turned into an all out war on GrapheneOS by their company and supporters. We began regularly debunking their inaccurate claims and they try to frame it as aggression.
They've created widespread misconceptions about the GrapheneOS project with inaccurate claims about the purpose of the project and what it provides to users. Many people incorrectly believe they aren't our target audience or that it wouldn't be a good fit for them due to this.
GrapheneOS is a privacy project which is intended to be usable by everyone. Usability and app compatibility are top priorities. Our userbase largely isn't highly technical. It's very easy to install and use. Devices can be purchased around the world with GrapheneOS preinstalled.
Read 26 tweets
GrapheneOS Profile picture
Apr 5
Gaël Duval is the founder and president of the /e/ foundation along with the CEO of Murena. Duval and his organizations have consistently taken a stance against protecting users from exploits. In this video, he once again claims protecting against exploits is for only useful pedophiles and spies.

Translation to English:

> There's the attack surface, on that front we're not security specialists here, so I couldn't answer you precisely, but from the discussions I've had, it seems that everything we do reduces attack surface. However, we don't have a "hardened security" approach, we aren't developing a phone for pedo(censored) so they can evade justice. So there aren't difficult things to check if the memory is corrupted, really hardened security stuff that could clearly be useful for executives, in the secret service, or whatever. That's not our goal, our goal is to start from an observation: today our personal data is constantly being plundered and that wouldn't be legal in real life with the mail or the telephone, we want to change that. So we are making you a product that changes that by default for anyone.

Transcription in French:

> Il y a la surface d'attaque, là pour le coup on est pas des spécialistes de la sécurité, donc je ne pourrais pas te répondre avec précision, mais des discussions que j'ai eu, il semblerait que tout ce qu'on fait, ça réduit la surface d'attaque. Donc oui, probablement ça aide. Par contre, on a pas une approche "sécurité durcie", on développe pas un téléphone pour les pédo(bip) pour qu'ils puissent échapper à la justice. Donc il y a pas des trucs pas possibles pour voir si la mémoire est pas corrompue, des trucs de sécu vraiment durcis qui pourraient être utiles clairement pour des dirigeants, dans les services secrets ou que sais-je. C'est pas notre but, notre but c'est de partir d'un constat, aujourd'hui nos données personnelles sont pillées en permanence et ça serait pas légal dans la vraie vie avec le courrier ou le téléphone, on veut changer ça. Donc on vous fait un produit qui change ça par défaut pour n'importe quelle personne.
GrapheneOS exists to protect users from having their privacy invaded by arbitrary individuals, corporations and states. Privacy depends on security. GrapheneOS heavily improves both privacy and security while providing a high level of usability and near perfect app compatibility.
/e/ has far worse privacy and security than the Android Open Source Project. They fail to keep up with important standard privacy and security patches for Android, Linux, firmware, drivers and HALs. They fail to provide current generation Android privacy and security protections.
Read 24 tweets
GrapheneOS Profile picture
Mar 27
GrapheneOS started in 2014 and was originally named CopperheadOS. In late 2015, the Copperhead company was founded which was meant to support the project. Copperhead didn't create CopperheadOS and didn't own or control it. Copperhead made a failed takeover attempt on it in 2018.
GrapheneOS still has the original CopperheadOS repositories on GitHub. Copperhead seized a bunch of the project's infrastructure and accounts. They created a closed source fork of GrapheneOS called CopperheadOS after the split which was not the same CopperheadOS as the original.
Copperhead remained entirely dependent on GrapheneOS and had to keep forking our code for each major Android update. Despite depending on GrapheneOS, they waged a war against it trying to destroy the project and attempting to ruin the lives of our team, especially our founder.
Read 11 tweets
GrapheneOS Profile picture
Mar 26
There are at least a dozen people spending at least several hours attacking GrapheneOS across platforms on a daily basis. It's a very strange situation. How do these people have so much time and dedication to keep making posts across platforms attacking us? It's relentless.
Every day, dozens of new accounts join our chat rooms to spread the same fabrications about GrapheneOS including via direct messages.

On Hacker News, one of the accounts making personal attacks based on fabrications in most threads about GrapheneOS has been doing it for 8 years.
Y Combinator (@ycombinator) has a financial stake in numerous surveillance and exploit development companies. Hacker News is a platform they own and the moderators on it have permitted years of vile harassment towards our team which they'd normally remove if others were targeted.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(