GrapheneOS: Difference between revisions

GrapheneOS
Developer	GrapheneOS team led by Daniel Micay
OS family	Android (Linux)
Working state	Current
Source model	Open source
Initial release	April 2019; 5 years ago
Repository	github.com/GrapheneOS/platform_manifest ;
Marketing target	Privacy/Security-focused smartphones
Update method	Over-the-air (OTA) or locally
Package manager	APK-based
Kernel type	Monolithic (Linux)
License	MIT, Apache License, various permissive open-source
Official website	grapheneos.org

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 19:27, 5 August 2022

GrapheneOS (formerly Android Hardening) is an Android-based, open source, privacy and security-focused mobile operating system^[1] for selected Google Pixel smartphones.

History

The main developer, Daniel Micay, originally worked on CopperheadOS, until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.^[2]^[a]^[3]^[4] After the incident, Micay continued working on the Android Hardening project,^[2]^[b]^[5] which was renamed as GrapheneOS^[5] and announced in April 2019.^[2]^[c]

According to Joseph Cox of Vice Motherboard in July 2021, Pixel phones used in the ANOM messaging app sting operation were reportedly advertised to be based on GrapheneOS, however, it is not known with any certainty.^[6]

In February 2022, a high-severity security exploit named "Dirty Pipe" (CVE-2022-0847) was disclosed in the Linux kernel by researcher Max Kellermann of Ionos, also affecting Android-based distributions based on a vulnerable Linux kernel version.^[7] Google fixed the vulnerability in the Android codebase on 23 February, and "many third-party ROMs like GrapheneOS"^[d] reportedly applied the patch in early March 2022.^[9]^[e]

According to Damien Wilde of 9to5Google, sourced to GrapheneOS Twitter, in In March 2022, GrapheneOS released Android 12L for Pixels before Google did.^[11] According to Skanda Hazarika of XDA Developers, sourced to GrapheneOS Twitter, GrapheneOS applications Secure Camera and Secure PDF Viewer (based on pdf.js) were released to the Google Play Store and GitHub.^[12]

Features

GrapheneOS includes a number of security and privacy focused changes compared to standard Android distributions.^[13]

No Google Play Store or other Google applications included by default,^[8]^[14] but available to install from an ‘Apps’ app included in GrapheneOS.^[14]
Sandboxed Google Play Services: a compatibility layer allowing the installation of the proprietary Google Play Service in the standard application sandbox.^[14]
- Google Play dependent features including push notifications and in-app payments^{[failed verification]} are only supported when the sandboxed Google Play Services are installed.^[14]
A hardened WebView implementation provided by the Chromium-based Vanadium browser.^[2]^[15]^[16]^[f]
A hardened low-level kernel memory allocator.^[17]^[18]
A revocable network access permission toggle for apps.^[8]^[16]
A sensors permission toggle for apps.^[16]^[19]
Non-persistent per-connection MAC address randomization by default.^[16]^[20]^[g]

Several applications have been developed by the GrapheneOS team for Android devices.^[12]^[13]

Auditor: A hardware-backed operating system authenticity verification solution.^[5]^[17]^[18]
Camera: A camera app based on the CameraX library with support for QR and barcode scanning.^[12]^[16]
PDF Viewer: A simple and secure PDF viewer based on a sandboxed version of pdf.js.^[12]^[16]

Compatibility

As of March 2022,^[update] GrapheneOS only supports smartphone models in the Google Pixel product line.^[8] GrapheneOS supports certain end-of-life devices through extended support releases, but they will not receive comprehensive security updates. Older devices are no longer supported.^[22]

Device support comparison

Device support comparison (as of 19 July 2022^[update])
Device	OEM security updates^[23]	GrapheneOS support^[15]^[24]
Pixel	Old version, no longer maintained: End-of-life	?
Pixel XL	Old version, no longer maintained: End-of-life	?
Pixel 2	Old version, no longer maintained: End-of-life	Old version, no longer maintained: End-of-life
Pixel 2 XL	Old version, no longer maintained: End-of-life	Old version, no longer maintained: End-of-life
Pixel 3	Old version, no longer maintained: End-of-life	Old version, yet still maintained: Extended support
Pixel 3 XL	Old version, no longer maintained: End-of-life	Old version, yet still maintained: Extended support
Pixel 3a	Old version, yet still maintained: Security updates until May 2022	Old version, yet still maintained: Extended support
Pixel 3a XL	Old version, yet still maintained: Security updates until May 2022	Old version, yet still maintained: Extended support
Pixel 4	Old version, yet still maintained: Security updates until October 2022	Current stable version: Supported
Pixel 4 XL	Old version, yet still maintained: Security updates until October 2022	Current stable version: Supported
Pixel 4a	Old version, yet still maintained: Security updates until August 2023	Current stable version: Supported
Pixel 4a (5G)	Old version, yet still maintained: Security updates until November 2023	Current stable version: Supported
Pixel 5	Old version, yet still maintained: Security updates until October 2023	Current stable version: Supported
Pixel 5a (with 5G)	Old version, yet still maintained: Security updates until August 2024	Current stable version: Supported
Pixel 6	Current stable version: Security updates until October 2026	Current stable version: Supported
Pixel 6 Pro	Current stable version: Security updates until October 2026	Current stable version: Supported
Pixel 6a	Current stable version: Security updates until July 2027	Future release: Planned support

Legend:	Old version, not maintained	Old version, still maintained	Current stable version	Latest preview version	Future release

Reception

In 2019, Georg Pichler of Der Standard, and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."^[25]^[26]^[27] In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.^[28] Svět Mobilně and Webtekno repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.^[29]^[17] In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android, but enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be."^[h] They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest",^[i] but "It can better secure the devices during their remaining life while protecting privacy."^[j]^[2]

In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS, were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security," however, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said "it might take two full seconds for an app—even if it’s just the Settings app—to fully load."^[30]

In March 2022, writing for How-To Geek Joe Fedewa said, unlike standard versions of Android, Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.^[8] In a review of GrapheneOS installed on a Pixel 3, after a week of use, Jonathan Lamont of MobileSyrup opined GrapheneOS demonstrated Android's reliance on Google. He called GrapheneOS install process "straightforward" and concluded to like GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.^[14] In his initial impressions post a week prior, Lamont said after an easy install there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."^[22]

References

^ "Doing these 6 difficult things may make your smartphone 'hack proof'". The Times of India. 23 September 2019. Retrieved 30 September 2019.
^ ^a ^b ^c ^d ^e Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" [GrapheneOS: A hardened Android without Google, please]. Golem.de (in German). Archived from the original on 15 November 2021. Retrieved 20 July 2022.{{cite web}}: CS1 maint: unfit URL (link)
^ Chua, Vaughn (3 April 2019). "GrapheneOS is a security and privacy focused mobile operating system". YugaTech. Retrieved 3 October 2019.
^ Perrone, Alessandro (12 June 2018). "CopperheadOS potrebbe non avere un futuro" [CopperheadOS may have no future]. Tuttoandroid (in Italian). Retrieved 1 August 2022.
^ ^a ^b ^c Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" [Android Hardening becomes GrapheneOS]. Pro-Linux (in German). Retrieved 17 September 2019.
^ Cox, Joseph (8 July 2021). "We Got the Phone the FBI Secretly Sold to Criminals". VICE. Retrieved 3 August 2022.
^ Goodin, Dan (7 March 2022). "Linux has been bitten by its most high-severity vulnerability in years". Ars Technica. pp. 1–2. Archived from the original on 8 March 2022. Retrieved 29 July 2022.
^ ^a ^b ^c ^d ^e Fedewa, Joe. "What Is GrapheneOS, and How Does It Make Android More Private?". How-To Geek. Retrieved 4 July 2022.
^ Amadeo, Ron (5 April 2022). "Fixing Dirty Pipe: Samsung rolls out Google code faster than Google". Ars Technica. Retrieved 25 July 2022. So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March.
^ Amadeo, Ron (3 May 2022). "Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22". Ars Technica. Retrieved 25 July 2022.
^ Wilde, Damien (11 March 2022). "Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta". 9to5Google. Retrieved 28 June 2022. After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google.
^ ^a ^b ^c ^d Hazarika, Skanda (4 March 2022). "GrapheneOS brings its camera and PDF viewer apps to the Play Store". XDA. Retrieved 22 June 2022.
^ ^a ^b "Features overview". GrapheneOS. Retrieved 21 July 2022.^{[self-published source]}
^ ^a ^b ^c ^d ^e Lamont, Jonathan (20 March 2022). "A week with GrapheneOS exposed my over-reliance on Google". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
^ ^a ^b "O que é GrapheneOS, a versão mais 'segura' do sistema Android". TechTudo (in Brazilian Portuguese). Retrieved 5 August 2022.
^ ^a ^b ^c ^d ^e ^f "Co to jest GrapheneOS? - mobiRANK.pl". mobirank.pl (in Polish). 17 June 2022. Retrieved 5 August 2022.
^ ^a ^b ^c Kalelioğlu, Eray (3 April 2019). "Android Tabanlı İşletim Sistemi 'GrapheneOS' ile Tanışın" [Meet the GrapheneOS Android-Based Operating System]. Webtekno (in Turkish). Retrieved 17 September 2019.
^ ^a ^b Joshi, Amrata (11 June 2019). "GrapheneOS comes with new device support for Auditor app and more". Packt Hub. Retrieved 5 August 2022.
^ By (18 November 2021). "Privacy Report: What Android Does In The Background". Hackaday. Retrieved 5 August 2022.
^ "O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular?". Oficina da Net (in Brazilian Portuguese). Retrieved 5 August 2022.
^ "MAC Randomization Behavior". Android Open Source Project. 6 June 2022. Archived from the original on 25 July 2022. Retrieved 25 July 2022.
^ ^a ^b Lamont, Jonathan (13 March 2022). "I replaced Android on a Pixel 3 with an Android-based privacy OS". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
^ "Learn when you'll get software updates on Google Pixel phones - Pixel Phone Help". support.google.com. Retrieved 5 August 2022.
^ Fiscutean, Andrada (24 June 2020). "Want better mobile security or privacy? Try these Android and iOS alternatives". CSO Online. Retrieved 5 August 2022.
^ Pichler, Georg (24 September 2019). "Wie Edward Snowden sein Smartphone einrichten würde" [How Edward Snowden would set up his smartphone]. Der Standard (in Austrian German). Retrieved 29 October 2019.
^ "Edward Snowden da a conocer las condiciones de seguridad para usar su smartphone" [Edward Snowden reveals the security conditions to use his smartphone]. La República (in Spanish). 2 October 2019. Retrieved 29 October 2019.
^ Rall, Philipp (23 June 2022). "„Ich würde zu Hause kein WiFi benutzen": Edward Snowden empfiehlt Alternativen" ["I wouldn't use WiFi at home": Edward Snowden recommends alternatives]. Futurezone (in German). Retrieved 3 August 2022.
^ Mühlenmeier, Lennart (19 July 2019). "Warum Post, Bank und Co. ihre Kunden nicht zwingen sollten, Apps zu benutzen" [Why Post, Bank and Co. shouldn't force their customers to use apps]. netzpolitik.org (in German). Retrieved 18 November 2019.
^ Šlik, Jáchym (6 April 2019). "GrapheneOS chce napravit bezpečnostní prohřešky Androidu" [GrapheneOS wants to fix Android security violations]. Svět Mobilně (in Czech). Retrieved 17 September 2019.
^ Diane (28 June 2021). "GrapheneOS: A Hardened Android Alternative (Review)". CellularNews. Retrieved 4 July 2022.

Notes

^ Micay ist kein Unbekannter, er war Mitgründer von Copperhead, der Firma hinter dem gleichnamigen gehärteten Android-System, sowie deren Hauptentwickler. Mitte 2018 überwarfen sich die beiden Gründer.
^ Der Hauptentwickler Daniel Micay will mit GrapheneOS die Entwicklung von Copperhead OS sowie des Projekts Android Hardening weiterführen.
^ Im April 2019 kündigte Micay dann GrapheneOS als wahren Nachfolger von Copperhead OS an, das dieses funktional beerben solle.
^ According to Joe Fedewa of How-To Geek, GrapheneOS is not technically a ROM residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.^[8]
^ Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.^[10]
^ Dort geht es eher beschaulich zu: Neben den Standard-Android-Apps zum Telefonieren und SMS-Versenden finden wir eine Kamera-App sowie den Browser Vanadium vor. Letzterer basiert auf Chromium, der von den Graphene-Entwicklern gehärtet wurde.
^ In comparison to AOSP, devices running Android 10 or Android 11 use a persistent randomized MAC address by default. As of Android 12,^[update] persistent randomization is used by default but non-persistent randomization is used in specific scenarios; non-persistent randomization can also be enabled from a developer options screen by users on devices running Android 11 or Android 12.^[21]
^ Die Google-Freiheit genießen wir, von dem zusätzlichen Speicherschutz bekommen wir nichts mit, aber so soll es ja auch sein.
^ Daher werden die meisten frisch eingeführten Android-Geräte aus einer Sicherheitsperspektive spätestens nach drei Jahren zu Müll.
^ Es kann die Geräte während ihrer verbleibenden Laufzeit besser absichern und gleichzeitig die Privatsphäre schützen.

External links

Official website
GrapheneOS on GitHub

[1] "Doing these 6 difficult things may make your smartphone 'hack proof'". The Times of India. 23 September 2019. Retrieved 30 September 2019.

[golem-2019-2] Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" [GrapheneOS: A hardened Android without Google, please]. Golem.de (in German). Archived from the original on 15 November 2021. Retrieved 20 July 2022.{{cite web}}: CS1 maint: unfit URL (link)

[4] Chua, Vaughn (3 April 2019). "GrapheneOS is a security and privacy focused mobile operating system". YugaTech. Retrieved 3 October 2019.

[5] Perrone, Alessandro (12 June 2018). "CopperheadOS potrebbe non avere un futuro" [CopperheadOS may have no future]. Tuttoandroid (in Italian). Retrieved 1 August 2022.

[prolinuxde-26955-7] Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" [Android Hardening becomes GrapheneOS]. Pro-Linux (in German). Retrieved 17 September 2019.

[9] Cox, Joseph (8 July 2021). "We Got the Phone the FBI Secretly Sold to Criminals". VICE. Retrieved 3 August 2022.

[10] Goodin, Dan (7 March 2022). "Linux has been bitten by its most high-severity vulnerability in years". Ars Technica. pp. 1–2. Archived from the original on 8 March 2022. Retrieved 29 July 2022.

[howtogeek-790266-11] Fedewa, Joe. "What Is GrapheneOS, and How Does It Make Android More Private?". How-To Geek. Retrieved 4 July 2022.

[13] Amadeo, Ron (5 April 2022). "Fixing Dirty Pipe: Samsung rolls out Google code faster than Google". Ars Technica. Retrieved 25 July 2022. So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March.

[14] Amadeo, Ron (3 May 2022). "Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22". Ars Technica. Retrieved 25 July 2022.

[16] Wilde, Damien (11 March 2022). "Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta". 9to5Google. Retrieved 28 June 2022. After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google.

[xda-hazarika-20220304-17] Hazarika, Skanda (4 March 2022). "GrapheneOS brings its camera and PDF viewer apps to the Play Store". XDA. Retrieved 22 June 2022.

[gosorg-features-18] "Features overview". GrapheneOS. Retrieved 21 July 2022.^{[self-published source]}

[mobilesyrup-lamont-20220320-19] Lamont, Jonathan (20 March 2022). "A week with GrapheneOS exposed my over-reliance on Google". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.

[:3-20] "O que é GrapheneOS, a versão mais 'segura' do sistema Android". TechTudo (in Brazilian Portuguese). Retrieved 5 August 2022.

[:1-21] ^ ^a ^b ^c ^d ^e ^f "Co to jest GrapheneOS? - mobiRANK.pl". mobirank.pl (in Polish). 17 June 2022. Retrieved 5 August 2022.

[Webtekno-23] Kalelioğlu, Eray (3 April 2019). "Android Tabanlı İşletim Sistemi 'GrapheneOS' ile Tanışın" [Meet the GrapheneOS Android-Based Operating System]. Webtekno (in Turkish). Retrieved 17 September 2019.

[:2-24] Joshi, Amrata (11 June 2019). "GrapheneOS comes with new device support for Auditor app and more". Packt Hub. Retrieved 5 August 2022.

[25] By (18 November 2021). "Privacy Report: What Android Does In The Background". Hackaday. Retrieved 5 August 2022.

[26] "O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular?". Oficina da Net (in Brazilian Portuguese). Retrieved 5 August 2022.

[27] "MAC Randomization Behavior". Android Open Source Project. 6 June 2022. Archived from the original on 25 July 2022. Retrieved 25 July 2022.

[mobilesyrup-lamont-20220313-29] Lamont, Jonathan (13 March 2022). "I replaced Android on a Pixel 3 with an Android-based privacy OS". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.

[30] "Learn when you'll get software updates on Google Pixel phones - Pixel Phone Help". support.google.com. Retrieved 5 August 2022.

[31] Fiscutean, Andrada (24 June 2020). "Want better mobile security or privacy? Try these Android and iOS alternatives". CSO Online. Retrieved 5 August 2022.

[32] Pichler, Georg (24 September 2019). "Wie Edward Snowden sein Smartphone einrichten würde" [How Edward Snowden would set up his smartphone]. Der Standard (in Austrian German). Retrieved 29 October 2019.

[33] "Edward Snowden da a conocer las condiciones de seguridad para usar su smartphone" [Edward Snowden reveals the security conditions to use his smartphone]. La República (in Spanish). 2 October 2019. Retrieved 29 October 2019.

[34] Rall, Philipp (23 June 2022). "„Ich würde zu Hause kein WiFi benutzen": Edward Snowden empfiehlt Alternativen" ["I wouldn't use WiFi at home": Edward Snowden recommends alternatives]. Futurezone (in German). Retrieved 3 August 2022.

[35] Mühlenmeier, Lennart (19 July 2019). "Warum Post, Bank und Co. ihre Kunden nicht zwingen sollten, Apps zu benutzen" [Why Post, Bank and Co. shouldn't force their customers to use apps]. netzpolitik.org (in German). Retrieved 18 November 2019.

[Svět_mobilně-36] Šlik, Jáchym (6 April 2019). "GrapheneOS chce napravit bezpečnostní prohřešky Androidu" [GrapheneOS wants to fix Android security violations]. Svět Mobilně (in Czech). Retrieved 17 September 2019.

[:0-40] Diane (28 June 2021). "GrapheneOS: A Hardened Android Alternative (Review)". CellularNews. Retrieved 4 July 2022.

[3] Micay ist kein Unbekannter, er war Mitgründer von Copperhead, der Firma hinter dem gleichnamigen gehärteten Android-System, sowie deren Hauptentwickler. Mitte 2018 überwarfen sich die beiden Gründer.

[6] Der Hauptentwickler Daniel Micay will mit GrapheneOS die Entwicklung von Copperhead OS sowie des Projekts Android Hardening weiterführen.

[8] Im April 2019 kündigte Micay dann GrapheneOS als wahren Nachfolger von Copperhead OS an, das dieses funktional beerben solle.

[12] According to Joe Fedewa of How-To Geek, GrapheneOS is not technically a ROM residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.^[8]

[15] Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.^[10]

[22] Dort geht es eher beschaulich zu: Neben den Standard-Android-Apps zum Telefonieren und SMS-Versenden finden wir eine Kamera-App sowie den Browser Vanadium vor. Letzterer basiert auf Chromium, der von den Graphene-Entwicklern gehärtet wurde.

[28] In comparison to AOSP, devices running Android 10 or Android 11 use a persistent randomized MAC address by default. As of Android 12,^[update] persistent randomization is used by default but non-persistent randomization is used in specific scenarios; non-persistent randomization can also be enabled from a developer options screen by users on devices running Android 11 or Android 12.^[21]

[37] Die Google-Freiheit genießen wir, von dem zusätzlichen Speicherschutz bekommen wir nichts mit, aber so soll es ja auch sein.

[38] Daher werden die meisten frisch eingeführten Android-Geräte aus einer Sicherheitsperspektive spätestens nach drei Jahren zu Müll.

[39] Es kann die Geräte während ihrer verbleibenden Laufzeit besser absichern und gleichzeitig die Privatsphäre schützen.

[1]

[2]

[a]

[3]

[4]

[b]

[5]

[c]

[6]

[7]

[d]

[9]

[e]

[11]

[12]

[13]

[8]

[14]

[15]

[16]

[f]

[17]

[18]

[19]

[20]

[g]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[h]

[i]

[j]

[30]

[10]

[21]

@@ Line 48: / Line 48: @@
 {{See also|CopperheadOS#History}}
 The main [[Software developer|developer]], Daniel Micay, originally worked on [[CopperheadOS]], until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.<ref name="golem-2019" />{{efn|{{lang|de|<q>Micay ist kein Unbekannter, er war Mitgründer von Copperhead, der Firma hinter dem gleichnamigen gehärteten Android-System, sowie deren Hauptentwickler. Mitte 2018 überwarfen sich die beiden Gründer.</q>|italic=no}}}}<ref>{{cite web|url=https://www.yugatech.com/news/grapheneos-is-a-security-and-privacy-focused-mobile-operating-system/|title=GrapheneOS is a security and privacy focused mobile operating system|date=3 April 2019|website=YugaTech|language=en-US|first=Vaughn|last=Chua|access-date=3 October 2019}}</ref><ref>{{Cite web |url=https://www.tuttoandroid.net/news/copperheados-futuro-fine-581614/ |title=CopperheadOS potrebbe non avere un futuro |last=Perrone |first=Alessandro |date=12 June 2018 |website=Tuttoandroid |access-date=1 August 2022 |language=it |trans-title=CopperheadOS may have no future}}</ref> After the incident, Micay continued working on the Android Hardening project,<ref name="golem-2019" />{{efn|{{lang|de|<q>Der Hauptentwickler Daniel Micay will mit GrapheneOS die Entwicklung von Copperhead OS sowie des Projekts Android Hardening weiterführen.</q>|italic=no}}}}<ref name="prolinuxde-26955"/> which was renamed as GrapheneOS<ref name="prolinuxde-26955">{{cite web|url=https://www.pro-linux.de/news/1/26955/android-hardening-wird-zu-grapheneos.html|title=Android Hardening wird zu GrapheneOS|trans-title=Android Hardening becomes GrapheneOS|website=Pro-Linux|language=de|first=Hans-Joachim|last=Baader|date=9 April 2019|access-date=17 September 2019}}</ref> and announced in April 2019.<ref name="golem-2019" />{{efn|{{lang|de|<q>Im April 2019 kündigte Micay dann GrapheneOS als wahren Nachfolger von Copperhead OS an, das dieses funktional beerben solle.</q>|italic=no}}}}
+According to Joseph Cox of ''Vice Motherboard'' in July 2021, Pixel phones used in the [[ANOM]] messaging app [[sting operation]] were reportedly advertised to be based on GrapheneOS, however, it is not known with any certainty.<ref>{{Cite web |last1=Cox |first1=Joseph |date=8 July 2021 |title=We Got the Phone the FBI Secretly Sold to Criminals |url=https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor |access-date=3 August 2022 |website=[[Vice (magazine)|VICE]] |language=en}}</ref>
 In February 2022, a high-severity [[security exploit]] named "[[Dirty Pipe]]" (CVE-2022-0847) was disclosed in the [[Linux kernel]] by researcher Max Kellermann of [[Ionos]], also affecting Android-based distributions based on a vulnerable Linux kernel version.<ref>{{Cite news |last=Goodin |first=Dan |date=7 March 2022 |title=Linux has been bitten by its most high-severity vulnerability in years |url=https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/ |pages=1–2 |url-status=live |archive-url=https://web.archive.org/web/20220308025116/https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/ |archive-date=8 March 2022 |access-date=29 July 2022 |website=[[Ars Technica]]}}</ref> Google fixed the vulnerability in the Android codebase on 23 February, and "many third-party ROMs like GrapheneOS"{{efn|According to Joe Fedewa of ''How-To Geek'', GrapheneOS is not technically a {{Abbr|ROM|read-only memory}} residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.<ref name="howtogeek-790266"/>}} reportedly applied the [[Patch (computing)|patch]] in early March 2022.<ref>{{Cite news |last1=Amadeo |first1=Ron |url=https://arstechnica.com/gadgets/2022/04/it-looks-like-pixel-6-users-have-to-wait-another-month-for-a-dirty-pipe-fix/ |title=Fixing Dirty Pipe: Samsung rolls out Google code faster than Google |date=5 April 2022 |work=Ars Technica |access-date=25 July 2022 |quote=So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March.}}</ref>{{efn|Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.<ref>{{Cite news |last1=Amadeo |first1=Ron |url=https://arstechnica.com/gadgets/2022/05/pixel-6-finally-getting-a-dirty-pipe-patch-one-month-after-the-galaxy-s22/ |title=Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22 |date=3 May 2022 |work=Ars Technica |access-date=25 July 2022}}</ref>}}
 According to Damien Wilde of 9to5Google, sourced to GrapheneOS Twitter, in In March 2022, GrapheneOS released Android 12L for Pixels before Google did.<ref>{{Cite web |last=Wilde |first=Damien |date=11 March 2022 |title=Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta |url=https://9to5google.com/2022/03/11/privacy-focused-grapheneos-based-upon-android-12l-comes-to-pixel-6-in-latest-beta/ |access-date=28 June 2022 |website=9to5Google |language=en-US |quote=After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google.}}</ref> According to Skanda Hazarika of XDA Developers, sourced to GrapheneOS Twitter, GrapheneOS applications Secure Camera and Secure PDF Viewer (based on [[pdf.js]]) were released to the Google Play Store and [[GitHub]].<ref name="xda-hazarika-20220304">{{Cite web |date=4 March 2022 |title=GrapheneOS brings its camera and PDF viewer apps to the Play Store |last=Hazarika |first=Skanda |url=https://www.xda-developers.com/grapheneos-camera-pdf-viewer-google-play-store/ |access-date=22 June 2022 |website=XDA |language=en-US}}</ref>
-=== ANOM sting operation ===
-{{See also|ANOM}}
-According to Joseph Cox writing for ''Vice Motherboard'' in July 2021, Pixel 3a or 4 phones with GrapheneOS or a [[Fork (software development)|fork]] of GrapheneOS may have been used or advertised in the ANOM {{Abbr|FBI|Federal Bureau of Investigation}} [[Honeypot (computing)|honeypot]], [[sting operation]]; however, it is not known with any certainty.<ref>{{Cite web |last1=Cox |first1=Joseph |title=We Got the Phone the FBI Secretly Sold to Criminals |url=https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor |date=8 July 2021 |access-date=3 August 2022 |website=[[Vice (magazine)|VICE]] |language=en}}</ref>
 == Features ==
 {{Prose|section|date=July 2022}}
+GrapheneOS includes a number of security and privacy focused changes compared to standard Android distributions.<ref name="gosorg-features">{{Cite web |title=Features overview |url=https://grapheneos.org/features |access-date=21 July 2022 |website=GrapheneOS |language=en}}{{Self-published source|date=July 2022}}</ref>
-{{Incomplete list|date=August 2022}}
+* No [[Google Play|Google Play Store]] or other Google applications included by default,<ref name="howtogeek-790266">{{Cite web |last=Fedewa |first=Joe |title=What Is GrapheneOS, and How Does It Make Android More Private? |url=https://www.howtogeek.com/790266/what-is-grapheneos-and-how-does-it-make-android-more-private/ |access-date=2022-07-04 |website=How-To Geek |language=en-US}}</ref><ref name="mobilesyrup-lamont-20220320" /> but available to install from an ‘Apps’ app included in GrapheneOS.<ref name="mobilesyrup-lamont-20220320" />
-GrapheneOS includes the following notable features.
 * Sandboxed [[Google Play Services]]: a compatibility layer allowing the installation of the proprietary Google Play Service in the standard application sandbox.<ref name="mobilesyrup-lamont-20220320" />
 ** Google Play dependent features including push notifications {{Failed verification span|and in-app payments|date=August 2022}} are only supported when the sandboxed Google Play Services are installed.<ref name="mobilesyrup-lamont-20220320" />
-* A [[Hardening (computing)|hardened]] {{Failed verification span|WebView implementation provided by the|date=August 2022}} Vanadium browser, a hardened version of [[Chromium (web browser)|Chromium]].<ref name="golem-2019" />{{efn|{{lang|de|<q>Dort geht es eher beschaulich zu: Neben den Standard-Android-Apps zum Telefonieren und SMS-Versenden finden wir eine Kamera-App sowie den Browser Vanadium vor. Letzterer basiert auf Chromium, der von den Graphene-Entwicklern gehärtet wurde.</q>|italic=no}}}}
+* A [[Hardening (computing)|hardened]] WebView implementation provided by the Chromium-based Vanadium browser.<ref name="golem-2019" /><ref name=":3">{{Cite web |title=O que é GrapheneOS, a versão mais 'segura' do sistema Android |url=https://www.techtudo.com.br/listas/2022/07/o-que-e-grapheneos-a-versao-mais-segura-do-sistema-android.ghtml |access-date=2022-08-05 |website=TechTudo |language=pt-br}}</ref><ref name=":1">{{Cite web |date=2022-06-17 |title=Co to jest GrapheneOS? - mobiRANK.pl |url=https://mobirank.pl/2022/06/17/co-to-jest-grapheneos/ |access-date=2022-08-05 |website=mobirank.pl |language=pl-PL}}</ref>{{efn|{{lang|de|<q>Dort geht es eher beschaulich zu: Neben den Standard-Android-Apps zum Telefonieren und SMS-Versenden finden wir eine Kamera-App sowie den Browser Vanadium vor. Letzterer basiert auf Chromium, der von den Graphene-Entwicklern gehärtet wurde.</q>|italic=no}}}}
-* A revocable network access permission toggle for apps.<ref name="howtogeek-790266">{{Cite web |last=Fedewa |first=Joe |title=What Is GrapheneOS, and How Does It Make Android More Private? |url=https://www.howtogeek.com/790266/what-is-grapheneos-and-how-does-it-make-android-more-private/ |date=23 March 2022 |access-date=2022-07-04 |website=How-To Geek |language=en-US}}</ref>
+* A hardened low-level kernel memory allocator.<ref name="Webtekno" /><ref name=":2">{{Cite web |last=Joshi |first=Amrata |date=2019-06-11 |title=GrapheneOS comes with new device support for Auditor app and more |url=https://hub.packtpub.com/grapheneos-now-comes-with-new-device-support-for-auditor-app-hardened-malloc-and-a-new-website/ |access-date=2022-08-05 |website=Packt Hub |language=en-US}}</ref>
+* A revocable network access permission toggle for apps.<ref name="howtogeek-790266" /><ref name=":1" />
+* A sensors permission toggle for apps.<ref name=":1" /><ref>{{Cite web |last=By |date=2021-11-18 |title=Privacy Report: What Android Does In The Background |url=https://hackaday.com/2021/11/18/privacy-report-what-android-does-in-the-background/ |access-date=2022-08-05 |website=Hackaday |language=en-US}}</ref>
+* Non-persistent per-connection [[MAC address]] randomization by default.<ref name=":1" /><ref>{{Cite web |title=O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular? |url=https://www.oficinadanet.com.br/smartphones/41188-o-que-e-grapheneos |access-date=2022-08-05 |website=Oficina da Net |language=pt-BR}}</ref>{{Efn|In comparison to {{abbr|AOSP|Android Open Source Project}}, devices running [[Android 10]] or [[Android 11]] use a persistent randomized MAC address by default. {{As of|2021|10|alt=As of [[Android 12]]|post=,}} persistent randomization is used by default but non-persistent randomization is used in specific scenarios; non-persistent randomization can also be enabled from a developer options screen by users on devices running Android 11 or Android 12.<ref>{{Cite web |date=6 June 2022 |url=https://source.android.com/devices/tech/connect/wifi-mac-randomization-behavior |title=MAC Randomization Behavior |website=Android Open Source Project |access-date=25 July 2022 |archive-url=https://web.archive.org/web/20220725123730/https://source.android.com/devices/tech/connect/wifi-mac-randomization-behavior |url-status=live |archive-date=25 July 2022}}</ref>}}
+Several applications have been developed by the GrapheneOS team for Android devices.<ref name="xda-hazarika-20220304" /><ref name="gosorg-features" />
+; Auditor : A hardware-backed operating system authenticity verification solution.<ref name="prolinuxde-26955" /><ref name="Webtekno" /><ref name=":2" />
+; Camera : A camera app based on the CameraX library with support for QR and barcode scanning.<ref name="xda-hazarika-20220304" /><ref name=":1" />
+; PDF Viewer : A simple and secure PDF viewer based on a sandboxed version of [[pdf.js]].<ref name="xda-hazarika-20220304" /><ref name=":1" />
 == Compatibility ==
-{{As of|2022|03|post=,}} GrapheneOS only supports smartphone models in the [[Google Pixel]] product line.<ref name="howtogeek-790266" /> GrapheneOS supports "[[End-of-life product|end-of-life]]" [[Pixel 3]] series devices through extended support releases "as a stopgap", but they "no longer receive full security updates”. Older devices are no longer supported.<ref name="mobilesyrup-lamont-20220313" />
+{{As of|2022|03|post=,}} GrapheneOS only supports smartphone models in the [[Google Pixel]] product line.<ref name="howtogeek-790266" /> GrapheneOS supports certain [[End-of-life product|end-of-life]] devices through extended support releases, but they will not receive comprehensive security updates. Older devices are no longer supported.<ref name="mobilesyrup-lamont-20220313" />
+{{collapsetop|title=Device support comparison}}
+{| class="wikitable"
+|+Device support comparison ({{As of|2022|07|19|lc=y}})
+!Device
+!{{Abbr|OEM|Original equipment manufacturer}} security updates<ref>{{Cite web |title=Learn when you'll get software updates on Google Pixel phones - Pixel Phone Help |url=https://support.google.com/pixelphone/answer/4457705 |access-date=2022-08-05 |website=support.google.com}}</ref>
+!GrapheneOS support<ref name=":3" /><ref>{{Cite web |last=Fiscutean |first=Andrada |date=2020-06-24 |title=Want better mobile security or privacy? Try these Android and iOS alternatives |url=https://www.csoonline.com/article/3563762/want-better-security-or-privacy-than-android-or-ios-try-these-alternative-oses.html |access-date=2022-08-05 |website=CSO Online |language=en}}</ref>
+|-
+|[[Pixel]]
+|{{Version|o|End-of-life}}
+|{{Dunno}}
+|-
+|[[Pixel XL]]
+|{{Version|o|End-of-life}}
+|{{Dunno}}
+|-
+|[[Pixel 2]]
+|{{Version|o|End-of-life}}
+|{{Version|o|End-of-life}}
+|-
+|[[Pixel 2 XL]]
+|{{Version|o|End-of-life}}
+|{{Version|o|End-of-life}}
+|-
+|[[Pixel 3]]
+|{{Version|o|End-of-life}}
+|{{Version|co|Extended support}}
+|-
+|[[Pixel 3 XL]]
+|{{Version|o|End-of-life}}
+|{{Version|co|Extended support}}
+|-
+|[[Pixel 3a]]
+|{{Version|co|Security updates until May 2022}}
+|{{Version|co|Extended support}}
+|-
+|[[Pixel 3a XL]]
+|{{Version|co|Security updates until May 2022}}
+|{{Version|co|Extended support}}
+|-
+|[[Pixel 4]]
+|{{Version|co|Security updates until October 2022}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 4 XL]]
+|{{Version|co|Security updates until October 2022}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 4a]]
+|{{Version|co|Security updates until August 2023}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 4a (5G)]]
+|{{Version|co|Security updates until November 2023}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 5]]
+|{{Version|co|Security updates until October 2023}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 5a]] (with 5G)
+|{{Version|co|Security updates until August 2024}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 6]]
+|{{Version|c|Security updates until October 2026}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 6 Pro]]
+|{{Version|c|Security updates until October 2026}}
+|{{Version|c|Supported}}
+|-
+|[[Pixel 6a]]
+|{{Version|c|Security updates until July 2027}}
+|{{Version|p|Planned support}}
+|-
+|}
+{{Version |t |show=111101}}
+{{collapsebottom}}
 == Reception ==