GrapheneOS version 2025040400 released

GrapheneOS

GrapheneOS version 2025040400 released:

https://grapheneos.org/releases#2025040400

See the linked release notes for a summary of the improvements over the previous release.

trashaccount

Can someone expand on these?

add infrastructure for more restricted access to global and per-user settings instead of allowing all system apps to read them and all privileged systems apps with the WRITE_SECURE_SETTINGS privileged permission to write them

further restrict access to all global and per-user settings added by GrapheneOS with our new infrastructure

other8026

trashaccount As this commit says:

By default, Settings.{Global,Secure,System} that aren't annotated with @Readable are readable only by preinstalled apps (with some exceptions, see enforceSettingReadable()).

Settings.{Global,Secure} settings are writable only by apps that hold the privileged WRITE_SECURE_SETTINGS permission. Settings.System are also writable by apps that hold the WRITE_SETTINGS app-op permission (it's surfaced as "Modify system settings" in the UI).

This commit adds @Protected setting annotation, which allows to further restrict settings access
by specifying which system apps are allowed to read and/or write them.

Using this, they've restricted a lot of settings' visibility to apps that actually need to see the settings, and also restricted writes to the Settings app for many of them (I didn't look at all of them). They've also set immutable values for some settings that shouldn't be changed, for example false for features that are already disabled, like instant apps.

Here's an example for scrambled PIN layout. SystemUI can only read and Settings can read and write.

Berlino

With this alpha-build ims-registering is off for both of my P8 (eSim) and P9P (physical SIM). I have just noticed missing VoLTE/VoWiFi in a call. VoLTEVoWiFi is activated in SIM-settings for both devices, just no ims-registration via ##4636##.

Berlino

Berlino
After an update of Play Services via GrapheneOS App Store followed by a reboot and editing APNs, ims-registration is back again and VoLTE/VoWifi as well. No clue, what was going on - problem is solved for me now.

trashaccount

other8026 Thanks a lot!

Pocketstar

Many thanks for the amazing work once again!
2025040400 is working well on my Pixel 6a, Pixel 7, Pixel Tablet and Pixel 9 Pro XL.
Google Services Framework and baseband modem were not tested on all of my devices.
WiFi was not tested on my Pixel 6a.

robzlatarski

The power button on my Pixel 7 became unresponsive after the update. It just doesn't do anything at all, the only way for me to unlock the phone is to plug it in so that the screen wakes up

de0u

robzlatarski Recently there has been some discussion of balky power buttons: https://discuss.grapheneos.org/d/14293-power-button-broken-phone-turned-off-what-now

robzlatarski

de0u I saw that, but if it's hardware then it's a massive coincidence that it just started happening after the phone rebooted from the update

dislikeaccounts

Fingerprint reader no longer works after update on Pixel 9. Pixel Imprint and all references to fingerprint reader are gone from settings.

fid02

dislikeaccounts https://discuss.grapheneos.org/d/20636-workaround-for-android-15-qpr2-fingerprint-firmware-glitch-on-pixel-9-non-pro

de0u

robzlatarski If it's hardware then it's a massive coincidence that it just started happening after the phone rebooted from the update.

I have read that there are more than 250,000 GrapheneOS users. Any time a fleet of 250,000 devices reboot some low-probability events will be observed, especially if those devices typically don't reboot often.

If we had 10 or 20 complaints about power buttons immediately after the update, I suspect that would trigger a rapid investigation by the developers. But it seems as if the anecdotes we have so far are two recent power-button reports that are not related to an update and one that may be, but also may be a coincidence (which would be my hunch).

dislikeaccounts

fid02 Powering off and leaving off for several minutes before powering back on did bring back the fingerprint reader. This was after 3 reboots and 1 power off for a few seconds.

robzlatarski

de0u I can now confirm this was somehow caused by the update. I decided to try resetting the phone to the stock OS to test, but unlocking the bootloader (and resetting the phone) was enough to get the power button back button.

I have some random logs I've save from the phone while it was in this bad state, not sure if they would be helpful but I can provide them to the team if needed

de0u

robzlatarski I can now confirm this was somehow caused by the update. I decided to try resetting the phone to the stock OS to test, but unlocking the bootloader (and resetting the phone) was enough to get the power button back button.

I'm glad it's back... But, with all due respect, the described phenomena so far sound much more like a hardware issue than like a software issue. Maybe the issue will never recur, in which case it will remain uncertain, but my hunch is that there will be issues with that power button in the future, unrelated to the timing of updates. I suggest frequent backups.

GrapheneOS

robzlatarski It's not caused by the update.

robzlatarski

de0u I totally understand it, especially given the other thread with similar issues that had a more "mechanical" fix. If my phone didn't reboot often (due to the auto reboot happening regularly during the night) and the power button working just fine right before the update reboot, I wouldn't think it's update related either. And you're right, it might still be my hardware and might come up again in the future, but still wanted to report this in case another user runs into the same issue and a pattern can be found