An important announcement from us at the #GrapheneOS project: View quoted note →

We have slightly updated our features page to document new protections against VPN leaks that are not fixed in stock Android. > #GrapheneOS closes a hole in Android's eBPF-based firewall system which made it possible to bypass the VPN by specifying a specific interface with a special system call.

Features overview | GrapheneOS

#GrapheneOS version 2025032100 released. This update enables the new, improved Desktop Mode as a developer option. Feel free to try it all out. • Sandboxed Google Play compatibility layer: improve support for overriding Gservices flags to avoid situations where our overrides aren't used leading to compatibility issues (this should fix a recent Play services crash that's being reported) • Sandboxed Google Play compatibility layer: improve support for overriding phenotype flags and fix flag overrides not being applied in some cases • fix 2 upstream lockscreen layout bugs with split shade used on folding phones (for the inner screen) and tablets • fix upstream lockscreen layout bug with placement of alarm and Do Not Disturb information • fix upstream lockscreen layout bug hiding date text when media is playing • enable support for the new desktop mode as an additional developer option toggle (Pixel Tablet already has this as the main toggle) • Terminal (virtual machine management app): backport upstream improvements • System Updater: raise download buffer size • System Updater: delete update package immediately after completion • System Updater: fall back to downloading and installing a full update if an incremental (delta) update fails initialization which occurs when a firmware or OS image has been corrupted (extremely rare edge case due to verified boot) • System Updater: retry faster if installation fails • System Updater: improve error checking to provide better error messages • System Updater: close update package zip file earlier • Network Location: require TLSv1.3 for GrapheneOS services instead of either TLSv1.2 or TLSv1.3 • kernel (6.6): update to latest GKI LTS branch revision • Seedvault: update to 15-5.4 (will be replaced with a better backup implementation in the future) • stop disabling inclusion of device diagnostics functionality now that it's available in the Android Open Source Project

Releases | GrapheneOS

Latest #GrapheneOS release (it's out) has a fix for an upstream Android security bug causing Bluetooth contact sharing to be enabled for hands-free calling devices even though the dialog shows it will be disabled. GrapheneOS disables Bluetooth contact sharing by default instead of enabling it for pairing requests made by the user in the foreground.