How to properly update from Android 14 to 15?

indigomadelin

Hi. I'm still on Android 14 (2024101200). I've put Android 15 aside, because was waiting for a really stable release with all the crucial bugs fixed. Is now the time? What's the best strategy to move from Android 14 to 15? Should I just run System Updater, or should I purge all the user data and install Android 15 (2025021100) from scratch? What about Seedvault backups created on Android 14 - will they work smoothly when rolled out on Android 15?

de0u

indigomadelin It's best to make whatever backups you can. Why not try SeedVault, even if it doesn't work out? But probably also export whatever you can.

Then you can either enable System Updater (you may need to reboot once to get it running) or sideload an OTA image (see the web site for directions).

Unlike some other Android variants, it is not expected that users wipe their data across an Android version update.

Upstate1618

indigomadelin updates in the Stable channel are stable releases. There's no way to make sure if an update is absolutely stable and won't cause any problems. What do you mean by crucial bugs?

Carlos-Anso

indigomadelin

Holding back updates for four months is a very bad strategy. Bugs dont hang about for long and you are as likely to still encounter bugs on older versions that have since been fixed as encounter any new bugs that have been introduced.

The majority of GrapheneOS users get auto updates soon after they are released and encounter no negative impact from doing so.

Holding back updates leaves you with publicly known critical security vulnerabilities on your device. Every month more vulnerabilities are fixed. GrapheneOS advice is always to update as soon as possible.

Watermelon

indigomadelin indigomadelin You need to choose what you're afraid of. Supply chain attacks shouldn't happen against GrapheneOS as they control the entire OS, all OS components are sandboxed, and they're professionals very careful with what they put into the OS and they see what changes they import from the upstream AOSP source code. If you're worrying about bugs that might cause crashes or data or functionality loss, I get it. The Stable channel releases are Beta releases that are further delayed for about 12–24 hours before being pushed from Beta to Stable. You can disable the auto updates per the instructions in the Usage guide in the official GrapheneOS website and then wait a day or two more after updates are released to Stable. If you're really worrying about a big update like a major Android upgrade, you can wait a few more days or a week. In this time enough users already update and use the new version so there shouldn't be more issues if you don't see anything serious get fixed in a new minor version released during the time you wait. But don't wait more than a week. I've used to do this myself, but sometimes I'm more scared of the security vulnerabilities I'm missing than any potential data or functionality loss. This is subjective, however. But don't overdo it and wait more than a week, that's a harmful paranoia.

Please check the following two links to see which vulnerabilities are published and get fixed by Google:
Vulnerabilities in Android general to all devices: https://source.android.com/docs/security/bulletin/asb-overview
Vulnerabilities in Pixels specifically: https://source.android.com/docs/security/bulletin/pixel
The GrapheneOS project account has previously said that these bulletins are incomplete and that the AOSP source code contains other fixes beyond these bulletins, so take that in mind as well.

Specifically, check these links detailing 13 critical-severity vulnerabilities you're currently vulnerable to, including remote code execution (RCE):
https://source.android.com/docs/security/bulletin/pixel/2024-10-01
https://source.android.com/docs/security/bulletin/pixel/2024-12-01
https://source.android.com/docs/security/bulletin/2025-01-01
https://source.android.com/docs/security/bulletin/pixel/2025-01-01
And I'm not mentioning all the high-severity vulnerabilities and others. Just a few examples.

EDIT: If this makes you scared (which it should), you can turn off your phone and sideload the latest Stable version from the recovery mode using the instructions in the Usage guide. This way your data wouldn't be decrypted and your phone not connected to cellular/internet while you're updating.

NetRunner88

You can update classically

indigomadelin

Upstate1618 What do you mean by crucial bugs?

The first GrapheneOS based on Android 15 was 2024101600. As you can see https://grapheneos.org/releases, they were working hard for the next several weeks to make things work properly. When I see temporarily revert something or switch back to something in the release notes, it's an indicator for me to refrain from updates.

pxlkng

indigomadelin
No. Never do this. Always stay on the latest release. You are incredibly vulnerable. There is no security without regularly updating.

GrapheneOS only ships production releases. The very first stable channel A15 release was already perfectly usable with no significant bugs, I've used it from day one, no issue. You are misunderstanding the changelogs and how the major updates work.
The reverts and changes you are referring to in the changelog don't have to mean that there was a big usability issue.

Update to the latest release ASAP and enable automatic updates for the future.

Upstate1618

indigomadelin
2024101600 was an update that didn't reach stable channel. It was not a stable update. You will be fine if you stick to the stable channel. iirc it was an update that only made it to Alpha channel.
There's no extended stable channel for GOS. Every update in the stable channel is stable. There's no such thing like A is more stable than B if both A and B are in stable channel.

indigomadelin getting device bricked

Updating your phone won't make your phone bricked. There're other reasons your phone may get bricked though, including hardware failure or unpatched bugs getting used by apps (eg DirtyPipe)

indigomadelin

pxlkng I never trust autoupdates in any software because of supply chain attacks (which are usually detected within a couple of hours to a couple of months) and my fear of getting device bricked.
CrowdStrike, xzutils, 3CX, you know.

pxlkng

indigomadelin You are giving up ALL of your security already. Your device can be trivially compromised in such an outdated state. This doesn't require a big threat actor anymore, everybody with a bit of knowledge can read the published security fixes, many of which often are severe or critical, and use them on your device because you leave them unpatched. This doesn't make any sense.

pxlkng

indigomadelin
You don't need to worry about supply chain attack on GOS.

pxlkng

indigomadelin

Your device will definitely not get bricked by any GOS update. You can stay in the stable channel too, if you worry about such things. But even the alpha channel is very stable and rarely has big issues. Every release that gets published is already heavily tested by the team to ensure that it works and nothing breaks.

pxlkng

Upstate1618

"Bricked" refers to the device hardware being completely unusable, e.g. due to the boot firmware getting corrupted to a state that is not recoverable by the consumer.
Today, with modern Pixels, this is basically impossible to happen. Certainly not due to "DirtyPipe" or similar.
Very severe exploits or bugs may lead to an unbootable device due to tampering with and corrupting the OS/partitions so that verified boot fails (still very unlikely to happen in reality), but it should always be possible to just factory reset or reflash the phone again, even in the most severe scenarios.