GrapheneOS version 2026012800 released

Tandara

Watermelon If I remember correctly, there is a problem with some apps that can't save their state in memory with secure sp on (as reported by some users). I experience this issue as well when I return to the recently opened app and it's fully reset (despite having enough RAM), but I refuse to turn it off.

Watermelon

Tandara That's interesting, I believe I haven't heard about this previously. I actually debated with myself to turn off this feature long ago when I wanted to see if I seem to have more RAM with that, but eventually I didn't want to turn it off because I know that would endanger the system's security.

indigomadelin

Watermelon Disabling secure app spawning helped some users get utag working. Later, a contributor fixed this issue specifically for GrapheneOS. I think some financial and gov apps may detect exec spawning as an indicator of a rooted device.

https://discuss.grapheneos.org/d/13595-find-my-device-and-tracker/51

Watermelon

indigomadelin I think some financial and gov apps may detect exec spawning as an indicator of a rooted device.

This is what they try to fix in this release.

GrapheneOS

indigomadelin That should no longer be an issue.

leafnose

GrapheneOS
Is this the same problem as described here and there with the Postfinance app where currently the only workaround is to disable exec spawning? Or can this issue only be resolved with Postfinance adding the signing keys via hardware attestation?
Currently, the Postfinance app is still not working.

Hat

Sandboxed Google Play compatibility layer: add special case for sandboxed Play services making it so users granting the SMS permission enables reading SMS addressed to apps using the Google Play services client library (Android 16 QPR2 prevented using the SMS permission to read SMS addressed to other apps so a special case is needed for apps which use Google Play services to handle SMS-based authentication)

That's a nice improvement. So, when using the Play Store, an app requesting a verification SMS will only see the SMS that concerns it. The Google Play Store will still be able to read the entire content of SMS messages. In the absence of an alternative to the Google Play Store, it would be a bonus to have temporary permission for apps and the Play Store, but only for new text messages and calls.

GrapheneOS

Hat SMS is not at all private/secure due to being accessible to multiple carriers, other infrastructure companies and typically being stored long term. The purpose of the change we made is adding back compatibility with SMS authentication delegated to Play services by apps. It stopped being compatible since SMS messages addressed to a specific app can only be read by that app, not other apps with the SMS permission. We worked around it by adding a special case allowing Play services to read it for apps using the Google Play SDK when it has the SMS permission.

GrapheneOS

leafnose That's because they added something else and turning off secure spawning stopped working. It's not expected to be working again from addressing that issue.

https://github.com/PrivSec-dev/banking-apps-compat-report/issues/414#issuecomment-3312836925

TimmyTofu

Thank you, I just got 2026012801 on my Pixel 7a.
I'm new to all this, can you help me understand why I got the security preview release, even though my phone is on the stable release channel? I suppose it is not a big problem, just curious.

Murcielago

TimmyTofu

can you help me understand why I got the security preview release, even though my phone is on the stable release channel?

Hello and welcome. Even though the term security preview may give that impression, it has nothing to do with alpha or beta releases of GrapheneOS.

Security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure.

Maybe you want to give this discussion a read:
https://discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases

TWC

Since Upgrade on Pixel Fold 9: 1 Boot Times Slow with Device being unresponsive for upwards of 5 min. After alternative OS notification. Sometime take multiple restarts. Then runs normal.
2: Sim card recognized after boot but randomly will then show "Emergency Calls Only" as if no sim card is installed. Running 2026012801. Have not tried any remediation yet except for resetting sim card an assuring sim fine in alternate device.

« Previous Page