We at #GrapheneOS were contacted by a journalist at Le Parisien newspaper with this prompt: > I am preparing an article on the use of your secure personal data phone solution by drug traffickers and other criminals. Have you ever been contacted by the police? Are you aware that some of your clients might be criminals? And how does the company manage this issue? Absolutely no further details were provided about what was being claimed, who was making it or the basis for those being made about it. We could only provide a very generic response to this. Our response was heavily cut down and the references to human rights organizations, large tech companies and others using GrapheneOS weren't included. Our response was in English was translated by them: "we have no clients or customers" was turned into "nous n’avons ni clients ni usagers", etc... GrapheneOS is a freely available open source privacy project. It's obtained from our website, not shady dealers in dark alleys and the "dark web". It doesn't have a marketing budget and we certainly aren't promoting it through unlisted YouTube channels and the other nonsense that's being claimed. GrapheneOS has no such thing as the fake Snapchat feature that's described. What they're describing appears to be forks of GrapheneOS by shady companies infringing on our trademark. Those products may not even be truly based on GrapheneOS, similar to how ANOM used parts of it to pass it off as such. France is an increasingly authoritarian country on the brink of it getting far worse. They're already very strong supporters of EU Chat Control. Their fascist law enforcement is clearly ahead of the game pushing outrageous false claims about open source privacy projects. None of it is substantiated. iodéOS and /e/OS are based in France. iodéOS and /e/OS make devices dramatically more vulnerable while misleading users about privacy and security. These fake privacy products serve the interest of authoritarians rather than protecting people. /e/OS receives millions of euros in government funding. Those lag many months to years behind on providing standard Android privacy and security patches. They heavily encourage users to use devices without working disk encryption and important security protections. Their users have their data up for grabs by apps, services and governments who want it. There's a reason they're going after a legitimate privacy and security project developed outside of their jurisdiction rather than 2 companies based in France within their reach profiting from selling 'privacy' products.

GrapheneOS Discussion Forum

Devices lacking standard privacy/security patches and protections aren't private - GrapheneOS Discussion Forum

GrapheneOS discussion forum

Here's that article: https://archive.is/AhMsj

I will play around with the improved Desktop Mode (still a developer option, more complete but not entirely) when I have the time tomorrow. I'll get some footage too.

What's next in the coming weeks? -> Finish some regressions with A16 QPR1 porting of GrapheneOS. Next release will fix notification forwarding for user profiles among some other stuff. -> Release a security preview variant of our new builds once they are Stable. -> Port to Pixel 10. -> Prepare for Android 16 QPR2 which is uncomfortably close.

Welcome to Material 3 Expressive on GrapheneOS.

#GrapheneOS VERSION 2025111800 BASED ON ANDROID 16 QPR1 RELEASED! Following our experimental releases, this is our first non-experimental release based on Android 16 QPR1, the first quarterly release of Android 16. Android 16 QPR1 was pushed to the Android Open Source Project on November 11 rather than September 3 as expected. This is a very large quarterly release with more prominent user-facing improvements than Android 16 provided compared to Android 15 QPR2. • rebased onto BP3A.250905.014 Android Open Source Project release (Android 16 QPR1) • Terminal (virtual machine management app): re-enable GUI support now that the surfaceflinger crashes are resolved upstream by Android 16 QPR1 • adevtool: massive overhaul entirely replacing the small remnants of the Pixel device trees to fix several regressions introduced since Android 16 such as charging mode booting into the regular OS and to prepare for adding 10th gen Pixel devices via automated device support without any need for device trees to use as a reference • kernel (6.12): update to latest GKI LTS branch revision • raise declared patch level to 2025-11-05 which has already been provided in GrapheneOS since our regular 2025090200 release (not a security preview) since the patches were included in the September security preview and were then pushed to AOSP despite not being listed in the bulletin along with there being no Pixel Update Bulletin patches for November 2025 • Vanadium: update to version 142.0.7444.158.0

Releases | GrapheneOS

We've resolved all the major regressions reported during testing of our experimental 2025111700 release based on Android 16 QPR1. Our upcoming 2025111800 release will likely be our initial production release based on Android 16 QPR1. It should reach our Alpha and Beta channels. View quoted note →

Releases of #GrapheneOS based on Android 16 QPR1 are available for public testing. These are highly experimental and aren't being pushed out via the Alpha channel yet. Join our testing chat room if you have a spare device you can use to help with testing.

Contact | GrapheneOS

I understand the hype is real but please do not download our testing builds from our servers. They're internal testing builds for a reason and one of the builds had broken updating and Wi-Fi. If you brick then it is not our fault! Updates will be announced officially when public ready.

The Pixel 10 porting effort is a second task and won't be going through until after this is done. View quoted note →

Our port of #GrapheneOS to Android 16 QPR1 which was to AOSP on November 11 is currently being tested internally. Several important regressions have been discovered and we're working on resolving those before we release it for public testing. A few minor features also still need to be ported.

Check out our interview with #GrapheneOS project member @MetropleX [GrapheneOS] ⚡🟣 and David Bombal

Sounds familiar... (2x) #GrapheneOS View quoted note →

Sounds familiar... #GrapheneOS View quoted note →

With recent news, let me bring this back to the feed: View quoted note →

Yesterday (2025-11-11), the most recent major quarterly release of Android (Android 16 QPR1) was pushed to the Android Open Source Project after being delayed since 2025-09-03. We've completed our initial port of #GrapheneOS and all our changes to it and are building an experimental release now.

We received an ASN and IPv6 space for #GrapheneOS from ARIN: AS40806 and 2602:f4d9::/40. We've deployed 2 anycast IPv6 networks for our authoritative DNS servers to replace our existing setup: 2602:f4d9::/48 for ns1 and 2602:f4d9:1::/48 for ns2. BGP/RPKI setup is propagating. We applied for an IPv4 /24 for ns2 via NRPM 4.10 and can apply for one for ns1 after we obtain that one. Our ns1 network has New Jersey, Miami, Los Angeles, Seattle, Frankfurt and Singapore. Our ns2 network currently has New York, Las Vegas and Bern. We'll be expanding both. This provides an overview of worldwide latency for our ns1 cluster via the Rage4 anycast service we currently use for IPv4+IPv6 with ns1:

Ping, mtr, dig, TCP port check and real time BGP looking glass from multiple locations

The Best Ping+MTR combination Ever, plus TCP port checker and DNS diagnostics with dig, plus real time BGP looking glass from multiple locations.

Here's ns1 via our own IPv6 /48:

Ping, mtr, dig, TCP port check and real time BGP looking glass from multiple locations

The Best Ping+MTR combination Ever, plus TCP port checker and DNS diagnostics with dig, plus real time BGP looking glass from multiple locations.

Here's ns2 via our own IPv6 /48:

Ping, mtr, dig, TCP port check and real time BGP looking glass from multiple locations

The Best Ping+MTR combination Ever, plus TCP port checker and DNS diagnostics with dig, plus real time BGP looking glass from multiple locations.

In the future, we plan to use these 2 anycast networks to provide recursive DNS resolvers as an option for our users. For now, it's only for the authoritative DNS used to provide other GrapheneOS services which is what DNS resolver servers query after the root and TLD servers.

Android 16 QPR1 is finally being pushed to the Android Open Source Project. This should have happened on 2025-09-03. We migrated to full Android 16 QPR1 kernel code (GPLv2 tarball) and firmware in September. We couldn't migrate userspace to QPR1 without it being pushed to AOSP. #GrapheneOS

We've deployed our first Vultr server for our anycast ns1.grapheneos.org and will be migrating the whole thing to Vultr as part of improving the anycast network. We are later moving to our own ASN + IP space (we've obtained an ASN and IPv6 /40 from ARIN already and will be applying for our first IPv4 /24 via a special clause for dual stack DNS soon).

Project Zero (Google's security research team) found a remotely exploitable vulnerability impacting Google Messages and reported internally back in June 2025 but the team at Android still have not fixed for the stock OS. People can have their device remotely exploited and taken over without any interaction from the victim with a known vulnerability.

Project Zero

Another win for us, but truthfully, users shouldn't have to install a third party operating system like #GrapheneOS to have protection against such a thing. Any responsible team would have patched by now. iOS would have. The same applies to getting security patches when they are created. An embargo of up to three months for vulnerability information and patches is unacceptable. We have patches scheduled for March 2026 coming in our security preview releases while most OEMs are just following the monthly Android Security Bulletins. Google's ongoing layoffs and recent misguided changes to the security update model have significantly reduced stock Android security.

Both of the November 2025 patches have been provided in our regular non-security-preview releases for over a month, so we've already had the 2025-11-05 Android security patch level for over a month. Our patch level is set based on providing both the Android and Pixel security patches, so we're leaving it at 2025-11-01 until the Pixel stock OS release and Pixel Update Bulletin are published. The stock Pixel OS also included both November 2025 patches in early September. We expect they made a 2nd October release to ship the November carrier changes and will make a release in mid-November with patches from future Android Security Bulletins. All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025110601 security preview release. List of additional fixed CVEs: Critical: CVE-2025-48631, CVE-2026-0006 High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008 2025110601 provides at least the full 2025-12-01 Android security patch level (a Pixel Update Bulletin for November 2025 hasn't been released could have fixes we don't get early, although it's likely empty) but will remain marked as providing 2025-11-01. View quoted note →