GrapheneOS version 2025100300 released

GrapheneOS

GrapheneOS version 2025100300 released:

https://grapheneos.org/releases#2025100300

See the linked release notes for a summary of the improvements over the previous release.

abednego

GrapheneOS Great work, as usual. Thanks.

Will update now. Two missing entries in the changelog, I think:

Camera: update to version 89
Camera: update to version 90

You are setting the bar high!

raccoondad

GrapheneOS lovely commitment to both open source and security via choice

userofgos

GrapheneOS update running smoothly on my Pixel 8a with the Security Previews

Neoniq

GrapheneOS the question is SHOULD I enable VoLTE or keep it disabled?
I checked, and yes, my provider supports VoLTE and it is working after enabling this toggle. (Before it didn't worked, and there was no toggle to enable it in settings, so it is indeed helpful)

So question is why it is added and should I use it or not? From security standpoint etc.

xxx

Great!

GrapheneOS

abednego Camera version 90 was accidentally not included in the OS once it reached Stable in the App Store but will be in the next OS release. You're right about Camera version 89, that's added to the release notes now.

Miles

Just installed it on my p9, forced some network settings to check if i can break it :)

Vuraze

No issues on my Pixel 9 Pro so far running Security Preview Release

dc32f0cfe84def651e0e

add support for force enabling VoLTE, VoNR and 5G for carriers where those aren't supported with the standard configurations

Finally! Thank you very much!

faxe

2025100301 working fine on Pixel 6

ErnestThornhill

This release was a smooth update on my Pixel 9 Pro XL, Pixel 9 Pro Fold and Pixel Tablet via the Alpha release channel with "Receive security preview releases" enabled.

G7gd4yg

ErnestThornhill Have you ever had any issues stemming from alpha channel subscription on any of your devices?

xxx

All fine so far P6 with security extras.

Pocketstar

Cool! Thanks for the update!
2025100301 is working well on my P6a, P7, Pixel Tablet and P9PXL.
I did not try cellular connections and Play Services.

Ammako

So Google are cooperating with GrapheneOS currently, and sharing the source for the security fixes? Or are they still snubbing it and we have to get them from OEMs? An OEM probably wouldn't be allowed to share the sources to an unauthorized third-party, I think, so straight from Google seems more likely, but with Google not sharing device trees with non-OEMs, it looks out of character for them.

Then again, GrapheneOS shared a lot with upstream over the years as well and have a lot of credibility with Google, whose security team are friendly towards the project. I guess for transparency and clarity it might be nice to specify who is sharing the patches and authorizing an early preview, unless you're literally not allowed to specify.

userofgos

Ammako Google are cooperating with GrapheneOS currently, and sharing the source for the security fixes?

Ammako Or are they still snubbing it and we have to get them from OEMs? An OEM probably wouldn't be allowed to share the sources to an unauthorized third-party

They are receiving these security patches through their OEM partnership but the code is under embargo (meaning they cannot open source the code).

This information can be found by reading the 2025092500 release.

We're allowed to provide an early release with these patches and to list the CVEs but must wait until the embargo ends to publish sources or details on the patches. We strongly disagree with broadly distributing patches to OEMs 3-4 months before the official publication date. It further delays getting patches to users and sophisticated attackers will have no issue getting the patches from one of many people at Android OEMs with early access. It should be limited to at most 7 days. The lack of actual secrecy has been acknowledged through Android limiting the embargo to source code and details which allows us to fix these early. We're doing it with separate opt-in releases to keep the regular releases properly open source instead of delayed open source. We plan to integrate this choice into the initial setup wizard. The positive side is that we can now provide patches to people who truly need them without even the previous 1 month embargo delay.

https://xcancel.com/GrapheneOS/status/1974511798503014624#m

Also posted on this forum in a different thread: https://discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases

xxx

Ammako Google are cooperating with GrapheneOS currently

Sadly not. Would be like that in a better world.

neotux

Pixel 6a, updated. No issues.
Pixel 8Pro in the line...

neotux

P8Pro seems to be doing fine after the update.

Thank you all for GrapheneOS!

godslayer

By making the changes in carrier overrides, how do we know if VoLTE, VoNR and 5G SA is working or active?

mononcle

I was happy user, until before this update.
Can I roll back to a pre-update state? My phone is currently unusable. Thanks.
https://github.com/kyujin-cho/pixel-volte-patch/issues/382

n3t_admin

mononcle maybe you should state what the problem is (why is your phone unusable?) and what this "pixel-volte-patch" is supposed to do, as the Github page isn't exactly clear about it.

GrapheneOS

mononcle mononcle One of the changes in the December 2025 security patches which has been noticed by users opting into our security preview releases is that ADB shell is no longer allowed to set carrier overrides. These apps setting carrier overrides will die in December 2025. No one else is taking advantage of the option to ship these patches early as we're doing so that's why the first place it's visible is in GrapheneOS. Due to this change, we added the ability to force enable VoLTE, VoNR and 5G which shipped in this release. We plan to extend this to VoWiFi. If there are other things people want to be able to override and they can justify the use case, we can consider adding those too. VoWiFi was not added yet due wanting to rush out the support for force enabling VoLTE, VoNR and 5G in particular, especially VoLTE, since some users who switched to the security previews could no longer make phone calls without going back to the regular releases.