Source: https://www.security.nl/posting/903940/
Here is a translated version of this Dutch news article:
GrapheneOS Developers: 'By Delaying Android Security Updates, Google Is Putting Users at Risk'
Monday, September 8, 2025, 4:01 PM
The developers of GrapheneOS, an Android-based operating system that emphasizes privacy and security, are strongly criticizing the Android Open Source Project (AOSP)'s handling of security updates. They argue that Google is unnecessarily putting users at risk by delaying crucial patches.
The criticism comes in response to a recent X-post by Sameer Samat, President of the Android Ecosystem at Google. In his post, Samat addresses sideloading, which allows users to install apps on their Android devices outside of app stores. In the post, Samat argues that sideloading is and will remain a fundamental part of Android. He is responding to concerns raised by a recently announced identification requirement for Android developers. Samat argues that this requirement is intended to protect users and developers from malicious actors, not to restrict user choice.
In response, GrapheneOS calls it "a strange time to be talking about protecting Android users." The developers point to changes in how Google rolls out security updates. They argue that this change severely reduces Android's security and puts Android users at risk. "Commercial exploit companies and governments can easily gain access to widely distributed partner previews. Adding a four-month delay for patches is appalling," GrapheneOS writes on X.
The developers point out that no monthly updates were released for AOSP in July and August, while the quarterly update that was supposed to be released in September also didn't appear. "You officially communicated to the media that AOSP releases would continue, and then didn't release them for three months. Why would people believe what you say about sideloading?" the GrapheneOS developers state.