Anonymous Developer options are for development and that option has no connection to our system updater or app repository client. The app repository client already has toggles and the system updater can be disabled as a whole for now if you really want to do that. We strongly recommend not turning off automatic updates though. We plan to provide a toggle for manually triggering download/install but it will still inform you about the updates.

    heliumvoice The notifications about the OS and apps already being updated are silent and hidden. They don't appear in your status bar or on the lockscreen. They only appear if you open the notification drawer and look all the way at the bottom for them. The issue seems to be that you're swiping them away which isn't the intended usage. If you don't want those notifications, you should turn off the Already Updated notifications. The purpose of them is so you can quickly check when the last check for updates happened for both apps and the OS. It's there as a minor optional security feature.

    Checking for updates doesn't use any significant amount of power, CPU or bandwidth. An app like Signal wakes the device every couple minutes to check their push connection isn't dead. The system update client and app repository wait hours before checking again. It downloads a single tiny file. The device being woken up for under a second less than 6 times a day doesn't use any significant power.

    dgzeij You're not meant to swipe away the silent/hidden notifications. You would also notice there are new ones if you're swiping them away. The whole point of them being silent/hidden is they're collapsed at the bottom and you aren't informed about having them in the status bar or lockscreen. Any actual notifications are above them and they don't waste the space used for them.

    cb474 If I do this, will I get a notification that an update is available?

    If you disable the system updater app it will not run at all, so it won't even discover the existence of updates. As GrapheneOS writes, this is not a good approach for most people. I have done it during travel, when any issue installing an update or with the new system would be inconvenient to deal with.

    I would prefer if the updater had a setting to ask me before downloads and allow me to "snooze" a given update for some number of days. But I realize that would require developer time for something that isn't a big deal for most people. And personally I am monitoring the forum and release notes so I will find out about new releases even if I have the updater temporarily disabled.

    If you do temporarily disable the updater, note that re-enabling does not appear to activate it right away, but a reboot will.

      de0u If you do temporarily disable the updater, note that re-enabling does not appear to activate it right away, but a reboot will.

      Also, there is a manual way to "Check for updates" workaround w/o a phone reboot after re-enabling the updater. It's available in Settings | System | System Update.

      cb474
      Disabling auto system updates until you can verify there are no software defects which could adversely affect you is an excellent idea if your phone is your only device and you do not have a backup device, especially as there is still no full and reliable backup solution for GrapheneOS.

      You also cannot go back to the previous version of GrapheneOS if you end up with a broken phone from software defects, which is both a feature and a risk. You can only hope and wait that the GrapheneOS project will release fixes for a bad update promptly.

      Regrettably, GrapheneOS does not offer a security-updates only release channel like other projects and distros, which would minimize the risk of every update while maintaining security as the highest level.

      I disable updates by removing network access from the system updater.

      While I wait a few days or a week or more after a release to see if any defects are reported here and elsewhere that would adversely affect me, I also review the change notes and evaluate them. That way I can best balance my risk of breaking or crippling my device / usage from an update or new "feature" against my threat model in relation to the identified and patched vulnerabilities.

      I also want to stop my phone from frequently contacting GrapheneOS servers which would disclose my IP address and to a greater or lesser degree my location by proxy. Disabling polling for updates is one easy way to enhance my privacy.

      Users use their phones in different ways and have different threat models so YMMV. But this approach has worked for me.

      2 months later

      In addition to the reasons provided by previous replies (unexpected bugs, system failure, traveling, etc.), what about the security implications?

      Look at the most recent Ledger attack, where users had their crypto funds drained after a compromised software update was pushed out to users who had automatic updates enabled.

      I assume GrapheneOS has some of the best security practices in place to prevent something like that from happening, but it's still a possibility.

      While we can disable the system updater in between releases for now, having a simple toggle to enable manual approval for download/installation for OS updates would be much appreciated.

        • [deleted]

        • Edited

        mhbcrypto I suppose updates are downloaded automatically by your selected channel but they will not get applied if toggle

        Settings > System > Developer options > Automatic system updates

        is set to off. So you will get notified of an update but it will not get applied until you allow it. That will give you time necessary to make your mind up based on reactions to specific release.

          [deleted] updates are downloaded automatically by your selected channel but they will not get applied if toggle

          Settings > System > Developer options > Automatic system updates

          is set to off.

          AFAIK, this Developer option has no relation to the GrapheneOS Updater and doesn't affect it.

            • [deleted]

            233328 Thanks. Each of us has a lot to learn. In that case it won't hurt if I turn it off.

            a year later

            GrapheneOS
            You can still strongly recommend even with users favouring stability/reliability and wanting to make sure the next update is safe to apply for their use case.
            I'll give an example, with the recent adoption of Android 15, a significant amount of apps haven't upgraded yet to comply with the new SDK requirements. So this update wasn't as trivial as the previous ones.
            I'm a noob with your OS but couldn't it be possible to make a distinction between security patches applied automatically, and the rest which one could apply manually if wanted, similarly to what DNF allows on Fedora?

            • de0u replied to this.

              cybermattic Couldn't it be possible to make a distinction between security patches applied automatically, and the rest which one could apply manually if wanted, similarly to what DNF allows on Fedora?

              Not at the present time. That would require a lot more developers, and even if there were that many developers I suspect it would still be far down on the todo list.

              Please note that I do not speak for the GrapheneOS project.