Android monthly security backports were released this Monday. We expect the full monthly release to be released much later today (Tuesday). It's what happened last month, but last time we expected the monthly release to be delayed a week so we did an early release with backports. Monthly/quarterly/yearly releases include Low/Moderate severity patches not backported to older releases and are needed for Pixel firmware/driver patches. Those aren't published/disclosed for May yet. We'll do an early release with the ASB backports if it's not released today. We've reviewed the backports and can easily ship them if needed. We've included the next set of Linux kernel GKI LTS updates too. We'll have mitigations for the 3rd party VPN app DNS leaks discovered by our community soon, but likely not today's release.

#GrapheneOS version 2024050300 released. This update contains various hardening additions, fixes Google Fi eSIM activation (again) and changes OS infrastructure to prepare for an upcoming App Communication Scopes feature. See the changes: - remove special handling of the resolver activity ("Open with..." dialog) which was added to Android in order to support instant apps as preparation for our in-development App Communication Scopes feature - fix Google Fi eSIM activation - improve isolation of the eSIM activation apps - improve GrapheneOS infrastructure for per-app state - enable heap memory tagging for vendor processes by default, remove the user-facing toggle in the Settings and restrict toggling the value to debug builds - disable most handling for instant apps in the package manager as attack surface reduction - disable out-of-band APEX updates as attack surface reduction - only allow first party app source and shell to update system packages - improve robustness of original-package handling - Settings: hide GNSS SUPL and PSDS settings on devices without GNSS hardware - fix regression from our Android 14 QPR2 port causing Storage/Contact Scopes link to disappear after going back to the permissions screen - improve setup wizard theme to more closely match the stock Pixel OS configuration - backport mainline APEX module patches for Android Health, Media Provider, Network Stack, and Wi-Fi - kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.212 - kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.150 - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.80 - Log Viewer: use human readable UTC time for logcat timestamps - GmsCompatConfig: update to version 109 - Vanadium: update to version 124.0.6367.113.0 - Apps: update to version 23 - work around our app repository client taking ownership of updates for the debug toggle we use to test new Android Auto releases - fix debug build option for testing same versionCode package updates

If I had a dollar for every time someone made GrapheneOS anime girl fanart I'd have about 10,000 sats And no, AI doesn't count.

Vivaldi UI and features with Brave state partitioning, anti-fingerprinting and content blocking would kill the browser game

#GrapheneOS version 2034042100 released. This update backports an upstream Linux kernel patch for a kernel panic caused by another patch in the last update. These are the changes from the previous update (2024042000) that are relevant: - add toggle in Settings > Security for opting into memory tagging in vendor processes currently excluded from it with the end goal of having it force enabled without a toggle as we do for the rest of the base OS - allow eSIM activation app to interact with Google Fi app when installed to fix Google Fi activation - use ro.vendor.build.svn system property from adevtool instead of AOSP to make sure it always matches the stock OS - Pixel Fold: update to AP1A.240405.002.A2 vendor files - Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, Pixel 8 Pro: update to AP1A.240405.002.B1 vendor files - Log Viewer: include kernel log buffer in default log output - Log Viewer: show "Save" instead of "Copy" button for logs that are over ~50 KB - Log Viewer: improve handling of log saving - backport mainline APEX module patches for Android Health, ART, DNS Resolver, Media Provider, Network Stack, PermissionController and Wi-Fi - TalkBack (screen reader): update base code to 14.1 and massively overhaul our changes to it - Vanadium: update to version 124.0.6367.54.0 - Camera: update to version 68 - Auditor: update to version 79 - GmsCompatConfig: update to version 104 - Setup Wizard: layout and style improvements - Setup Wizard: add functionality for testing on debug builds

Releases | GrapheneOS