Final

Digital forensics and security specialist part of the GrapheneOS project.

Posts my own and not endorsed by my employer. AI slop and Nostr DMs ignored.

Matrix: f1nal:grapheneos.org

Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

NIP-05 Address

[email protected]

Profile Code

nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgspz3mhxue69uhkummnw3ezummcw3ezuer9wcqs7amnwvaz7tmwdaehgu3wd4hk6qgdwaehxw309ahx7uewd3hkcqgkwaehxw309aex2mrp0yh8qunfd4skctnwv46qz8rhwden5te0dehhxarj9e3xjarrda5kuetj9eek7cmfv9kqgwvlzz

Publishing to

nostr.bitcoiner.social

Author Public Key

npub1hxx76n82ags8jrduk0p3gqrfyqyaxnrlnynu9p5rt2vmwjq6ts3q4sg75y

Show more details

Last Notes

2026-02-01 15:57:41 UTC

- reply

Not my npub anymore! But see the Project Account mastodon bridge reply.

2026-02-01 14:43:43 UTC

[email protected]
#nevent1q…gw72

2026-02-01 14:06:19 UTC

- reply

If you were curious, I have been using Minibits ecash for recieving and then offramping to Phoenix Wallet. Phoenix provides an incredibly quick and easy set up. Just works. Hoping to combine both with using ZEUS.

2026-02-01 13:23:30 UTC

Finally working to go all in on using ZEUS.

2026-02-01 02:22:31 UTC

Proud to say my 'Never Went to Black Hat' award is looking very shiny right now.

2026-01-31 22:20:35 UTC

- reply

We have tested running desktop Linux GUI apps before including LibreOffice. It can certainly be a thing in the future.
#nevent1q…gq9j

2026-01-31 18:27:38 UTC

- reply

It's a hardened Signal fork with passphrase encryption for the message database, better notifications on devices without Google Play and support for pairing your messages to multiple devices. If you use Signal I strongly recommend it.
It's available in Accrescent so there is a root of trust between GrapheneOS -> Accrescent -> Molly.

2026-01-31 18:23:21 UTC

- reply

As our original announcement mentioned it is English first. We do plan to support other languages and also internationalisation of GrapheneOS in the future.

2026-01-31 10:44:44 UTC

- reply

also worth mentioning FBE is a big plus compared to Full Disk Encryption (FDE) which was the legacy Android encryption and the encryption desktop OSes like Windows and Linux use. If you have the keys to decrypt the disk then it would be possible to decrypt the unallocated space in FDE since it's all one key, so you'd be relying on TRIM if you are using an SSD to prevent recovery of deleted data.

2026-01-31 10:10:21 UTC

- reply

The video is very old and most Android devices didn't use disk encryption by default, so a physical extraction (image of the entire flash storage) could allow recovering deleted files from carving unallocated space. Nowadays Android uses a "file-based encryption" (FBE) where all data is encrypted with separate derived keys for each file, directory and symbolic link. Deleting the file loses the keys and recovery is impossible.
If you can recover data that is deleted from an app, it means the app is caching it when it shouldn't be and it's a flaw they would need to fix. I don't recall this being an issue with Signal but if you can extract the app data before the message database is rebuilt for deleted messages then you'd be in luck. You could kill an app and prevent it cleaning up it's DB. This is something you can apply to every messenger though.
Getting this data requires as much as a full filesystem extraction (FFS) to extract the application /data directory where the message databases are. Cellebrite has no extraction support for GrapheneOS according to themselves. No specification on what the most they can extract from an unlocked device is, but assume that all forensic tools get this data anyway.
Molly lets you encrypt the message database with a passphrase, so it wouldn't be accessible regardless of if there was a FFS extraction and a flaw in Signal keeping the messages.

2026-01-31 03:54:40 UTC

- reply

It is a well known brand you absolutely will have heard of. The device we will support GrapheneOS will be distributed in many countries.

2026-01-31 03:50:09 UTC

As our fully local text to speech engine is deployed in GrapheneOS soon, this will be the first of hopefully many major usability advancements in GrapheneOS for the year and next. With the OEM partnership developing and later generation flagship hardware providing more of what GrapheneOS needs for features, improving usability and accessibility will help for the influx of new users we will hope to welcome.
It is a good time to remind you that GrapheneOS is hiring remote developers. We have been for a while:
https://grapheneos.org/hiring

2026-01-31 03:24:55 UTC

This is a tablet PC with Cellebrite UFED, a mobile forensics acquisition software. Users plug a target device into it where it then will attempt to extract as much data on the device as possible. The software on the laptop is Physical Analyser which is for forensic analysis.
This video is dated, and Cellebrite UFED's UI, logo and capabilities have changed a lot since the video was released. This tool is also not exclusive to UK law enforcement and there are also competitor solutions, which many countries around the world use plus the competitors.
Cellebrite sell a variant of this product named Cellebrite Premium. The difference to standard UFED and Premium is that Premium comes with wider device extraction support through zero-day exploits. As described it also allows extraction of vulnerable devices that are locked.
https://blossom.primal.net/70c8041bacfdf399f99091a738b2e84f6a8be2f0b9cff4b497fd23ff2a153db9.jpg
https://blossom.primal.net/9b70e3d06fb8614a14b3d0a60d336987797cd6ca1d1815debb31a3ab29daa9bb.jpg
This business model is not exclusive. XRY Pro (MSAB) and GrayKey (Magnet Forensics) are other exclusive forensic tools. Cellebrite are the second-oldest of the three companies (on joining the forensics market) but are one of the most capable thanks to their funding and location.
How and if these tools are able to extract your device's data depends on:
- The device you are using
- The installed OS and version
- The lock state of the device
- Configured security settings of the device
- Strength of your phone's unlock credential
For a locked device exploiting security vulnerabilities is required to extract data almost all of the time. There are two different device lock states on Android and iOS: After first unlock (AFU, Hot) and before first unlock (BFU, Cold). This is due to how encryption works.
Modern Android and iOS encrypt all users' data by default with keys derived from the user's credentials. When a device is unlocked once, data is no longer encrypted at rest and is accessible during that boot session. When a device is BFU, all sensitive data is at rest.
Data not being at rest provides more OS attack surface to exploit bypassing lock screens or other measures and access to the data without needing the original PIN/password to decrypt it. For BFU devices brute forcing is required to decrypt data first and the only data not encrypted is a minimal footprint of the OS used for unlocking the device and global OS configuration and metadata.
To make extraction impossible make sure your device is powered off and you use a secure, high-entropy passphrase before seizure. GrapheneOS provides a configurable, automatic inactivity reboot feature.
We also provide several other countermeasures to these tools as well. GrapheneOS locked devices as a whole is unsupported by Cellebrite.
If you are an opposition activist in a high-risk country you should be concerned about potential attacks from such tools. They have been abused to target activists in numerous countries like Serbia and Jordan.
https://citizenlab.ca/research/from-protest-to-peril-cellebrite-used-against-jordanian-civil-society/
https://www.amnesty.org/en/latest/news/2024/12/serbia-authorities-using-spyware-and-cellebrite-forensic-extraction-tools-to-hack-journalists-and-activists/
Despite if a business claims this use of their product like this is unauthorised, it doesn't change the fact that they will be used like this again, that they don't know about it until after it has violated someone's rights and that the security vulnerabilities remain unpatched.
GrapheneOS provides an auto-reboot to put data at rest, a USB-C port control to disable data transfer or the port entirely when booted into the OS, clearing sensitive data of memory and exploit protection features.
#nevent1q…u038

2026-01-31 03:14:54 UTC

- reply

The post says: We've built our own text-to-speech system with an initial English language model we trained ourselves with fully open source data. It will be added to our App Store soon and then included in GrapheneOS as a default enabled TTS backend once some more improvements are made to it.
We're going to build our own speech-to-text implementation to go along with this too. We're starting with an English model for both but we can add other languages which have high quality training data available. English and Mandarin have by far the most training data available.
Existing implementations of text-to-speech and speech-to-text didn't meet our functionality or usability requirements. We want at least very high quality, low latency and robust implementations of both for English included in the OS. It will help make GrapheneOS more accessible.
Our full time developer working on this already built their own Transcribro app for on-device speech-to-text available in the Accrescent app store. For GrapheneOS itself, we want actual open source implementations of these features rather than OpenAI's phony open source though.
Whisper is actually closed source. Open weights is another way of saying permissively licensed closed source. Our implementation of both text-to-speech and speech-to-text will be actual open source which means people can actually fork it and add/change/remove training data, etc.

2026-01-30 21:39:54 UTC

You may have been aware of my posts about TTS / SST. Heres more info:
#nevent1q…30n0

2026-01-29 17:49:22 UTC

- reply

This tool requires physical access. The officially described purpose of it is for digital forensics of seized evidence so how the device is handled is a big deal to them. You plug the device into the tablet or workstation and it will extract the device's data if unlocked or brute force / exploit the device to access data and extract if locked.

2026-01-25 14:23:50 UTC

Seeing Proton get heat on social media for their marketing again so lets repost this. Treat these email services for what they are: Alternatives to Gmail or Outlook with a security perspective and automated encryption features.
Yes, people on social media can't read, but IMO they should approach their service in a different way ("A reasonably secure email provider" is my suggestion) If they don't want people ratioing them all the time... Most of these people getting the wrong answer is because their site can be pretty ambiguous about the technical details without searching a few pages deep for it. Posteo is an email provider that does openly clarify they can be compelled to intercept incoming emails in a better way than how Proton says it.
Still doesn't mean these services are a bad thing though.
#nevent1q…ltja

2026-01-24 20:18:27 UTC

- reply

2027

2026-01-23 19:05:33 UTC

- reply

TLDR: Use a secure passphrase if you want the device protected against any resourceful actor
When most distros provide encryption with LUKS they at least ask you to set up a credential. Almost all distros just ask for a password. They don't seamlessly allow setting up in other ways in a UI like BitLocker does or in the installer. You often need to read up on docs and such which can be tiresome.
LUKS full disk encryption in how most users would know it would only be safe if they used a long, secure passphrase that would be impossible to brute force. A short 6 digit numeric PIN works for some phones because a secure element throttles unlock attempts but would be brute forced very quickly on LUKS, VeraCrypt and so on because they aren't using a TPM for throttling.
Secureblue (hardened Linux distro we like) supports LUKS with TPM and also FIDO2.

2026-01-23 13:22:38 UTC

- reply

There is also a way bigger flaw beyond this, and that is this Device Encryption feature (and by extension BitLocker) has **no PIN or password**. The device will just decrypt itself by powering on as it only uses the PC's TPM. The only threat this kind of protects against is the hard disk being removed from the PC. It doesn't prevent someone exploiting the OS to extract data like you commonly see in mobile device forensic tools...
This request for the recovery key is just to allow law enforcement to access the data while the hard disk is removed from the seized PC, because they insert hard disks into write blocked imaging kits to create a forensic clone of it's data to analyse with.
Back before TPMs were widely embedded into CPU firmware it wasn't common to see them get sniffed to get the keys. Anyone could do it too:
https://pulsesecurity.co.nz/articles/TPM-sniffing
BitLocker has a TPM+PIN, TPM+Key and TPM+PIN+Key pre-boot authentication setting but you need to tinker on Group Policy to do that. You'd also need to enable other policies to make the PIN an alphanumeric password...

2026-01-22 22:18:11 UTC

Late to post about this but the security preview variant of this release fixes SIX **CRITICIAL** CVEs that will not be fixed elsewhere for a while except in #GrapheneOS because security patches are not included into an Android Security Bulletin until around 3-4 months after their release.
- Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044
OEMs do not deliver security patches in a timely manner. In a rare case it is sometimes only done in part, and often will only do so after the ASB is released. That dangerously long period of security vulnerabilities being known and unlatched is unacceptable.
#nevent1q…xnza

2026-01-21 13:24:52 UTC

Last two Vanadium updates provided some functionality improvements:
The upstream motion sensors toggle for the browser is improved with a per-site toggle for the sensors per site (Vanadium already had the global toggle disabled by default).
Our inbuilt content filtering also adds support for additional supplementary language/regional content filters. Users with a set language will get EasyList filters plus the filter of their respective language. This supports Arabic, Bulgarian, Spanish, French, German, Hebrew, Indian, Indonesian, Italian, Korean, Lithuanian, Latvian, Dutch, Nordic, Polish, Portuguese, Romanian, Russian, Vietnamese and Chinese. #GrapheneOS
#nevent1q…l35a

2026-01-18 15:02:05 UTC

- reply

This is known. It's a developer option and far from stable for daily usage. It will be looked at more once upstream improves it as well, unless we get the resources.

2026-01-18 15:01:15 UTC

- reply

It won't exactly be like Qubes but there will be a few improvements Qubes doesn't have i.e. verified boot, MTE and (if we are able to) run more secure operating systems out of the box. Would need to see how running multiple VMs is like first...
Unlike Qubes which defaults to Fedora and Whonix (which is just Debian, tons of OS hardening work was undone there) we would want to support hardened distros as soon as it becomes feasible for us. Changing Debian for Fedora is the first jump but want to go further with something like secureblue. The security of the guest OSes in the VMs also matter and if I had to name one shortcoming of Qubes this would be it.
They can't port secureblue to Qubes because it only supports Wayland which Qubes doesn't support yet.

2026-01-16 03:03:43 UTC

- reply

https://projectzero.google/2026/01/pixel-0-click-part-3.html
>We also discovered that kASLR is not effective on Pixel devices, due to a problem that has been known since 2016
KASLR works properly on GrapheneOS right now, unlike arm64 Linux elsewhere.
We fixed the issue of the physical address mapping not being randomized on arm64 Linux for GrapheneOS a while ago. The overall region is in a random location again including the kernel memory inside of it.
>Apple also recently implemented MIE, a hardware-based memory-protection technology similar to Memory Tagging (MTE), on new devices.
MIE is MTE. It is ARM FEAT_MTE4. It's Apples branding for MTE with a hardened allocator. Apple stepped forward in supporting MTE by default unlike stock Pixels.
>While MIE would not prevent the Dolby UDC vulnerability from being exploited in the absence of -fbounds-safety due to UDC using a custom allocator, it would probabilistically hinder an iOS kernel vulnerability similar to the BigWave driver bug from being exploitable. [...] Pixel 8 onwards shipped with MTE, but unfortunately, the feature has not been enabled except for users who opt into Advanced Protection mode, to the detriment of Pixel’s other users.
I don't think I need to mention which OS enables MTE by default for majority of the OS components and toggleable for user installed apps, unlike the stock OS.

2026-01-16 02:50:11 UTC

- reply

Fantastic work from Project Zero as always.
Thanks to security preview release channels these were patched in GrapheneOS before anywhere else. Considering memory corruption is involved and it was predominantly centered around Google Messages first, there would need to be a substantial effort to design an exploit chain around GrapheneOS if it was even possible. See what we said about it in November:
#nevent1q…rlzn

2026-01-15 05:03:30 UTC

- reply

You also have NextPush for Nextcloud too if Mozilla isn't your thing. Choices are pretty limited without hosting your own UnifiedPush infra unfortunately.
It is planned to work on having less features depend on sandboxed Google Play to reduce the need of people installing it for apps to work. We already do these efforts for apps like Google Messages and Pixel Camera.

2026-01-15 04:57:55 UTC

What this means that notifications will work for users not wishing to use play services sandboxed or otherwise.
Most android apps do notifications via FCM, which is Google's, and depends on a Play services implementation. If you ever wonder why app notifications barely work on AOSP distributions without Google services then now you know.
By using an app like Sunup (on Accrescent) you can use Mozilla's notification service via UnifiedPush for apps that use UnifiedPush notifications - such as this one.
Tell your developers to support notifications without Google.
#nevent1q…h0l3

2026-01-15 01:49:09 UTC

- reply

AOSP is working on implementing a Desktop Mode where you can connect your device to a monitor, keyboard and mouse and use a desktop environment where apps are windowed.
You can see some examples of it in GrapheneOS here:
#nevent1q…llnh

2026-01-15 01:45:18 UTC

- reply

The regressions with the Terminal app originate from the stock OS, including the VPN issue. The VM data also breaks and data can't be recovered at times. Don't store sensitive data without backups or run anything for production but feel free to try it out.
We do improve the Terminal app in a few ways and these fixes is something we need to look into but because it's still an experimental developer option it's priority isn't so high. If the stock OS deals with it first then it's less work on our plate. Desktop Mode needs to be first for all the cool stuff to happen.
What users see now will likely be very different to what our plans are should we be able to execute them. We don't want to just have a terminal but rather a VM manager capable of running other operating systems and GUI apps. Debian alone isn't desirable for our use case and we'd want a hardened OS like secureblue instead (ARM builds is beta). Virtualization could be extended to GrapheneOS or individual apps too.

2026-01-11 22:22:15 UTC

- reply

A hardened malloc notification would mean the application has a memory bug the exploit feature is detecting and forcibly crashes. Worth sending them the crash log.

2026-01-10 00:34:12 UTC

#GrapheneOS version 2026010800 released.
• raise declared patch level to 2026-01-05 which has been provided since we moved to Android 16 QPR2 in December due to Pixels shipping CVE-2025-54957 in December
• re-enable the system keyboard at boot if it's disabled
• switch to the system keyboard when device boots to the Safe Mode
• add "Reboot to Safe Mode" power menu button in Before First Unlock state to make Safe Mode much more discoverable for working around app issues such as a broken third party keyboard
• add workaround for upstream UsageStatsDatabase OOM system_server crash
• add workaround for upstream WindowContext.finalize() system_server crash
• disable buggy upstream disable_frozen_process_wakelocks feature causing system_server crashes for some users
• Sandboxed Google Play compatibility layer: fix phenotype flags not working in Play services clients
• Sandboxed Google Play compatibility layer: add MEDIA_CONTENT_CONTROL as a requested permission for Android Auto as part of our toggles for it to avoid needing to grant the far more invasive notification access permission
• Sandboxed Google Play compatibility layer: extend opt-in Android Auto Bluetooth support to allow A2dpService.setConnectionPolicy() to fix Bluetooth functionality (previously worked around with a GmsCompatConfig update avoiding a crash)
• switch to new upstream PackageInstallerUI implementation added in Android 16 QPR2 and port our changes to it
• update SQLite to 3.50.6 LTS release
• add an extra layer of USB port protection on 10th gen Pixels based on upstream functionality to replace our USB gadget control which was causing compatibility issues with the Pixel 10 USB drivers
• allow SystemUI to access NFC service on 10th gen Pixels to fix the NFC quick tile • disable the upstream Android USB data protection feature since it conflicts with our more advanced approach and causes issues
• issue CHARGING_ONLY_IMMEDIATE port control command in more cases
• fix an issue in our infrastructure for spoofing permission self-checks breaking automatically reading SMS one-time codes for certain apps
• add workaround for upstream KeySetManagerService system_server crash causing a user to be stuck on an old OS version due to it causing a boot failure when booting a the new OS version after updating
• wipe DPM partition on 10th gen Pixels as part of installation as we do on earlier Pixels since it's always meant to be zeroed on production devices
• Settings: disable indexing of the unsupported "Parental controls" setting which is not currently available in AOSP
• Settings: disable redundant indexing of widgets on lockscreen contents which is already indexed another way
• skip all pseudo kernel crash reports caused by device reboot to avoid various false positive crash reports
• Vanadium: update to version 143.0.7499.192.0
All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026, May 2026 and June 2026 Android Security Bulletins are included in the 2026010801 security preview release. List of additional fixed CVEs:
• High: CVE-2025-32348, CVE-2025-48561, CVE-2025-48615, CVE-2025-48630, CVE-2025-48641, CVE-2025-48642, CVE-2025-48644, CVE-2025-48645, CVE-2025-48646, CVE-2025-48649, CVE-2025-48652, CVE-2025-48653, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018, CVE-2026-0020, CVE-2026-0021, CVE-2026-0022, CVE-2026-0023, CVE-2026-0024, CVE-2026-0025
https://grapheneos.org/releases#2026010800

2026-01-06 20:21:38 UTC

- reply

Nitrokey is a cyber security company. They are just a third party that sell GrapheneOS devices, not related.

2026-01-05 04:02:02 UTC

- reply

update for nostr clients without edits: 'unlocked' changed to 'locked'

2026-01-05 03:59:38 UTC

- reply

Worth noting stock Android also added 'Advanced Protection' which does similar, but still the same as Lockdown Mode where it does less than what GrapheneOS does, many of which is part of GrapheneOS *by default*.

2026-01-05 03:56:18 UTC

- reply

Most of what makes GrapheneOS secure is set up by default. Many of the features are simply additions for people with greater needs and are described on the site page.
Advanced Data Protection is related to iCloud, not the iPhone device or iOS. If you aren't storing data on iCloud it is mostly irrelevant but still useful to enable. Keep in mind your iCloud emails are not encrypted with ADP too. iCloud data is also not all Apple Account data.
Some countries have also blocked ADP, including the United Kingdom.
GrapheneOS doesn't have a cloud service like that, so it is moot. A new GrapheneOS device only connects to update servers (to deliver device updates), a network time service and a blank connectivity check page for captive portals, most of which are configurable.
A better and fairer comparison would be Lockdown Mode, which is a feature in iOS that lightly hardens the OS against exploits. Most of what iOS does in Lockdown Mode is also what GrapheneOS does but better:
- Lockdown Mode disables JS JIT (Just in Time compilation) for web browsing. Vanadium in GrapheneOS does too.
- Lockdown Mode prevents wired USB connections when locked, GrapheneOS does and also via hardware, including turning the USB port off in OS mode.
- FaceTime and iMessage improvements are moot as GrapheneOS doesn't bundle a messaging service. This would be dependent on the service you used. Most messaging apps give options to block unknown contacts, link previews and more.
Most iPhones are also behind on exploit protections except for the iPhone 17 and later which introduced memory tagging (which they affectionately call Memory Integrity Enforcement). Pixel 8 and later provided memory tagging for GrapheneOS years prior. iPhone 17 with Lockdown Mode and ADP is the best choice for anyone not willing to use GrapheneOS.
A great real world example of the security difference is capabilities provided by Cellebrite, a digital forensics company that leverages zero-days to extract data from devices.
Cellebrite can extract data from most unlocked iPhones and stock OS Pixels, but they can't touch Pixel 6 and later with GrapheneOS right now.
https://blossom.primal.net/6fe6ce43b109d25f92c39bcac12aa1d870a13c65fa2b26b28dcb9038e4c6fb87.png
(Note, this iOS extraction slide is old and has newer devices / OS version support by now)
https://arstechnica.com/gadgets/2025/10/leaker-reveals-which-pixels-are-vulnerable-to-cellebrite-phone-hacking/

2026-01-04 17:35:36 UTC

- reply

We don't really have an opinion on it, it's designed for GrapheneOS users so it should work. I've not heard of any reported issues myself.
In the future profiles may have their own localhost network access isolated with a toggle, which would stop it working if you enabled it, but this is a minor thing and not really being looked at as a priority.
Private Spaces (a secondary profile in the same environment as the current user) can let you share files between them via share dialogs without needing an app.

2026-01-04 11:44:14 UTC

- reply

true! the VPS is out for now. I'll put up again later when I have less on my plate and a post there.

2026-01-03 18:28:15 UTC

- reply

This is a keyboard for any phone, not a phone. We can't support the communicator device.

2026-01-03 18:20:52 UTC

Would be cool to use with #GrapheneOS.
You are free to use their portable wireless charger with keyboard or even their Pixel 9 phone case. I recommend the former because you can still use it with USB disabled.
https://clicks.tech/en/powerkeyboard

2026-01-03 18:08:17 UTC

- reply

PR and marketing departments are for companies. GrapheneOS isn't a company and trying to have 'relations' for organisations making money shipping flawed products is for people who care more about the money than whatever they are developing. Maybe their community should learn to shame products more for having basic security deficiencies like the cyber security community does.
We never talk about GrapheneOS being "degoogled" on the docs beyond mentioning no Google apps and services are included by default. It's a sociopolitically charged buzzword used for marketing that belongs on Reddit. It has little technical merit nor does it assure something is actually safe or private to use...

2026-01-02 21:47:07 UTC

- reply

Google is a megacorp motivated by profit. Their only real aim is making money. They get the best products because big money to spend equals big talent to buy. Many of their technical people have expressed how they like GrapheneOS, but their business side do not really care. We did not have any special partner access because of this until an OEM we are working with came around to do it by proxy.
The GrapheneOS Foundation is a thing. If a wealthy individual wants to donate they can send the money there. There won't be strings attached though and they shouldn't send anything expecting treatment beyond our thanks.

2026-01-01 17:11:25 UTC

Happy new year everyone!
In 2025 GrapheneOS implemented:
- A network location provider for highly reliable location position without using Google's service and a geocoding service.
- Support for Android 16, QPR1 and QPR2 after Google's removal of device support and releases for all current Pixel devices.
- Heavily improved our automated porting tooling and server infrastructure.
- Our first security preview releases allowing users to recieve embargoed security patches for Critical/High CVEs a few months before stock Android.
- Closed out some VPN leaks from Android.
- Enabling experimental support for the developer option Terminal virtual machine manager app and other features like GUI support.
- Several improvements to Private Spaces, including use in secondary users, ending session for them, and installing available apps.
- Established a ASN for GrapheneOS and a highly reliable and widespread global network for GrapheneOS services.
This year should have some significant improvements with GrapheneOS, especially on the usage and accessibility front. There is also a lot of future Android features that will be key in delivering this, such as a fully working Desktop Mode. May this year wish us well.

2025-12-31 11:23:24 UTC

- reply

It's license is incompatible to embed into GrapheneOS. FUTO apps like Keyboard is not open source in the traditional sense but rather source available under a restrictive licensing that disallows commercial usage or removing any future monetization.

2025-12-30 22:40:51 UTC

Needs to be greater support for tablets by Android devs. UIs designed for the big screen also help with Desktop Mode.

2025-12-30 00:09:31 UTC

- reply

I'd rather people not use GrapheneOS just because a guy on Nostr told them. I just post about GrapheneOS for the users.
If you want reasons, go to the website and see if it fits you. If your iPhone is fine enough, no problem.
https://GrapheneOS.org

2025-12-30 00:05:00 UTC

This is either a very hot or a very reasoned take and I am quoting my previous note for being potentially related but I'm not a fan of software choices being grouped together or categorised for certain types of people.
If you are using something only because a forum or a thread on social media told you to, then you are more of a sheep than the people using the platforms you are moving away from are. The latter are at least doing it out of a personal preference, not out of being alternative or contrarian. You don't need to be hardcore and use something that sticks to a specific social group.
Don't ask what the best of something is, ask WHY it is. Learn about the subject and see critically and you'll always find what the best project is for you. Don't walk in other people's shoes.
Research skills is everything. Read more. I think I read too little.
I once read a post off platform a while ago about how someone felt wrong leaving GrapheneOS to use something else because of (very justifiable) personal reasons to support their needs. The fact someone would feel really ashamed and negative that they aren't meeting some imposed values from some social group (over a software choice) is not okay. You can use and build what you want. This isn't purity testing. It comes across as a deeply toxic relationship between users.
#nevent1q…q8fg

2025-12-28 04:23:45 UTC

- reply

Would be an engine for now. It can be used in TalkBack, the GrapheneOS TTS accessibility feature.

2025-12-27 18:52:06 UTC

- reply

GrapheneOS wasn't created by Google. It's an open source project with full time developers in different countries.

2025-12-27 17:15:38 UTC

- reply

We are looking at replacing/forking existing inbuilt AOSP apps, keep in mind licensing makes many existing good choices incompatible.
A great gallery app that fits GrapheneOS is this one:
https://github.com/IacobIonut01/Gallery/releases
Recommend giving it a try.

2025-12-27 01:34:36 UTC

We're developing our own implementations of text-to-speech and speech-to-text to use in #GrapheneOS which are entirely open source and avoid using so-called 'open' models without the training data available. Instead, we're making a truly open source implementation of both where all of the data used for it is open source. If you don't want to use our app for local text-to-speech and speech-to-text then you don't need to use it. Many people need this and want a better option.
We are working on TTS first then SST. The TTS training data is LJ Speech https://keithito.com/LJ-Speech-Dataset/ and the model used is our own fork of Matcha-TTS.
If people want they can fork it and add/remove/change the training data in any way they see fit. It's nothing like the so-called "open" models from OpenAI, Facebook, etc. where the only thing that's open are the neural network weights after training with no way to know what they used to train it and no way to reproduce that.
Many blind users asked us to include one of the existing open source TTS apps so they could use it to obtain a better app. None of the available open source apps meets our requirements for reasonable licensing, privacy, security or functionality. Therefore, we've developed our own text-to-speech which will be shipping soon, likely in January. We'll also be providing our own speech-to-text. We're using neural networks for both which we're making ourselves.

2025-12-26 00:20:23 UTC

Merry Christmas

2025-12-24 01:36:00 UTC

update: I'm an idiot and that is meant to be a Star of David not a pentagram (why the fuck is it red?)
#nevent1q…syxd

2025-12-24 01:33:16 UTC

- reply

The red color threw me off to be honest. I admit I am not cultured enough to tell the difference from first look.

2025-12-24 00:27:32 UTC

- reply

who could be behind this mysterious mobile operating system? if only there was a type of source distribution that showed you who was committing code or a website with an about page or a wikipedia article or something

2025-12-24 00:26:07 UTC

(at the satanist conference) Alright guys we made the mobile operating system now all we need to do is set up THE CLUES
https://blossom.primal.net/59d1cd0ad65ef96e7c56775f8e787a3e66df2658e8b47557218c5458fd3b91f2.jpg

2025-12-23 21:54:36 UTC

Next #GrapheneOS update will remove the messy End Session button in the lock screen of secondary users. You'll be able to end session within the power menu or the user profile switcher UI instead.
Placing in the power button menu also means you're able to choose to power off in the same place, which could be a valuable protective measure greater than ending the session of the current profile.

2025-12-22 15:05:48 UTC

- reply

8 Pro has better camera, display and build quality. 9a is newer and less powerful (a series is the cheapest options) but gets updates for a substantially longer time. I would recommend the 9a for most people because of updates and longevity but you'd want other models of you cared about better spec.

2025-12-21 23:36:23 UTC

Had seen news that a mobile phone centered around a different cryptocurrency had been announced as end of life (no security updates) after just two years.
Please just use a commercial off the shelf device from a reputable brand and long support time. OS updates is not driver, firmware, etc. Even if it is a 'Bitcoin phone' it's likely not the best or safest phone a Bitcoiner should use.

2025-12-21 23:32:36 UTC

- reply

accidentally posted instead of drafting lol

2025-12-20 14:17:30 UTC

https://blossom.primal.net/5c4923f498001768897ed9bda2427a1b805389ed4dc8e4b6abf35fd1b5f583c1.jpg
#nevent1q…y8k3

2025-12-18 22:09:16 UTC

- reply

What you search on YouTube is known to YouTube because you are doing it on YouTube. The platform wouldn't make a difference. Their ability to infer an identity to the searches is dependent on other information you give it, like your account, IP address etc.
There could be mining apps, but I don't think they'd be a good platform to do it on. Get a cheap mining hardware.

2025-12-18 19:08:29 UTC

- reply

You're asking a member of GrapheneOS to summarise their experiences so obviously you'll get a pretty positive answer.
It works very well and there's the ability to have Google Play in a sandbox should you need apps that require and depend on it or if you are going to use it more like the average person. If you used Android you'll feel close to home. Unfortunately some apps block running on any OS that isn't a Google certified one but this isn't something we can control. I'd recommend checking if your apps work on there first and if it not working is a non-negotiable.

2025-12-18 19:05:25 UTC

- reply

It gives them all the files of an unlocked profile, calls and SMS history and light application data but this is depending on the techniques, OS and app support. Certain logical extraction techniques use standard ADB functionality, Android backup features, or more invasive methods like downgrading a system app to a vulnerable version (GrapheneOS closes this security hole).
If they wanted data on certain apps like messengers then manually browsing the apps and reading the messages with a camera mounted to the screen may be needed instead.
Full filesystem would give access to privileged OS data and the /data of all applications in at profiles not at rest. If there's a hot wallet app only protected by a simple PIN they could just clone that app data elsewhere and get control of the keys by brute forcing the PIN. Not usually possible on logical extractions.

2025-12-18 18:58:10 UTC

- reply

Desktop Mode doesn't work well on high resolutions yet.

2025-12-18 03:21:36 UTC

- reply

We won't be changing the UI at the moment given it is changing rapidly upstream and would be bad timing. Keep in mind a minor change like this would be low on priorities as well...

2025-12-18 03:19:39 UTC

- reply

Sometime ago unlocked extractions stopped providing access to the full filesystem. We didn't do anything in particular to cause that. If that's not available they'll do 'logical extraction' instead where they acquire the data through traditional logical operating system features like ADB.
The big capabilities to look out for are AFU (extraction AFU without password) and Brute Force capabilities, neither of which are present.

2025-12-18 03:13:33 UTC

#GrapheneOS is very distinct from other Android distributions and OEM configurations. There is a litany of Linux kernel and Android Runtime hardening changes and features powering GrapheneOS. This is very significant but often overlooked because most changes aren't visible to the end user.
The leading example of this is hardened_malloc, the hardened memory allocator used in GrapheneOS to protect against memory corruption vulnerabilities. You can find a technical article about it by Synacktiv, a French cyber security company:
https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc
Hardening in GrapheneOS are built on closing out commonly exploited attack surfaces, substituting them with more secure replacements, or giving them stronger security defaults.
If you are a blue teamer you'll already be familiar with the Pyramid of Pain:
https://blossom.primal.net/dd1714a0c2aa6daa03915a3c80ac805e22250a73783db4af223c3f3b9d3e08ba.jpg
For newcomers, this model is a layered pyramid that ranks indicators of compromise by a linear level of difficulty and cost for the threat actor to evade security measures to perform an attack; The bottom of the pyramid being very easy and trivial for the threat actor to change and the top being tough.
This model opens newcomers on how good security strategy is built: Techniques and capabilities over individual actors. Closing out tactics, techniques and procedures are far more important than blocking an IP address or a file hash. You want to protect against a type of attack, not against a particular actor who performs them.
The point of having extensive hardening features is that we need to ensure vulnerabilities that would affect Android are benign, harder to exploit or patched in GrapheneOS before they can be exploited. Android distributions carry the weight of vulnerabilities from upstream. To reduce that weight, we need to make sure a highly sophisticated exploit developer would have to uniquely design their exploit to target GrapheneOS, should they be able to at all.
Without that, GrapheneOS wouldn't be special. It would not be sensible to claim it is more security and privacy focused than Android if it was able to be exploited through the exact same mechanisms with little or no effort needed to port. An Android distribution that is just Android without Google services is mostly as exploitable as Android. Something that is "DeGoogled" (I don't use the term, it's Reddit tier buzzword nonsense) may not necessarily be safer to use either.
To earn the title of being hardened it needs more, but this isn't ever implemented well enough. Projects that have done so to the best of their ability also have died (DivestOS).
Our hardening features are available outside of GrapheneOS. Leading example of this is secureblue, a security hardened Linux distribution (https://secureblue.dev/) which is using hardened_malloc and Vanadium inspired chromium browser. A business also sells hardened Rocky Linux supporting hardened_malloc. If you are a maintainer of a leading project then implementing our hardening features and supporting is strongly encouraged.

2025-12-15 21:02:56 UTC

Defenestrate social media marketers using HDR in their ads

2025-12-13 11:06:58 UTC

- reply

Around Android 17 is likely when the desktop mode could finalize and not become a developer option upstream. You can test the developer option today. It's unlikely we'll be doing a lot of work on this when we know it's being changed a lot.
We have a lot of ideas for the Linux Terminal app but not being approached yet for the same reasons. Ideally we'd not want to be using Debian but a hardened distribution of some kind. The process of having GUI apps could be a little more seamless than running terminal, installing GNOME, doing sudo passwd to let yourself log in, praying it doesn't break and moving to GUI. Should just be like opening an app and selecting a VM.

2025-12-12 14:13:50 UTC

We've received a 2nd IPv4 /24 subnet from ARIN for our 2nd anycast DNS network. Both our /24 subnets were obtained quickly under the NRPM 4.10 policy for IPv6 deployment for our dual stack DNS use case. 2nd was obtained without waiting 6 months due to being a discrete network.
We host our own authoritative DNS servers to provide DNS resolution for our services. Authoritative DNS are the servers queried by DNS resolvers run by your ISP, VPN or an explicitly user chosen one such as Cloudflare or Quad9 DNS. We now have our own AS and IP space for this.
Our ns1 has 11 locations on Vultr: New York City, Miami, Los Angeles, Seattle, London, Frankfurt, Singapore, Mumbai, Tokyo, Sao Paulo and Sydney.
Our ns2 has 4 locations on BuyVM: New York City, Miami, Las Vegas and Bern. We'll be adding a 2nd server provider for more locations.
DNS resolvers quickly fall back to the other network if traffic is dropped. Having two discrete networks with separate hosting companies and transit providers provides very high reliability. Individual servers which go down also stop having traffic routed to them due to BGP.
We have tiny #GrapheneOS website/network servers and also powerful update mirrors around the world. Our DNS servers use a combination of a GeoIP database and their own location to route users to the closest server that's up. Frequent health checks and low expiry time handle server downtime.

2025-12-12 14:03:03 UTC

- reply

Continue trying for now. I'll keep this noted if others show up.

2025-12-12 13:48:29 UTC

- reply

KDE was tested a long time ago and was a bit unstable. GNOME always worked even early on. I'll give it another try again in the future.

2025-12-12 02:11:31 UTC

- reply

Couple of fans messaged and recommended me these as examples. I've also been suggested Half-Life. Let me know of other suggestions.

2025-12-12 02:09:51 UTC

Footage of highly experimental GUI Linux virtual machine (and video games) in highly experimental desktop mode in #GrapheneOS.
https://blossom.primal.net/06339de81a9838bd4cee7b84bd88762d88778dde80b6ba50927de75999849579.mp4
https://blossom.primal.net/bd1fd97a404101c130e7ad56ae9503494c7e1a724f5afabccd5ece0af10bf838.mp4
https://blossom.primal.net/3ed2e330632a2836084ed3059376077f5d0c7dd51e84a33a0c402a19847478f7.jpg
#nevent1q…urx4

2025-12-12 00:13:07 UTC

- reply

Happy birthday! Enjoy yourself today!

2025-12-11 05:02:35 UTC

- reply

Settings -> Wallpaper and Style -> Home Screen -> Icons
Won't be available to all users yet. Part of the latest release based on Android 16 QPR2.

2025-12-11 05:01:45 UTC

- reply

Apps

2025-12-11 02:32:21 UTC

- Icons should now be themed regardless of if the app supports them.
- You can now change the shape of app icons on the home screen. This also includes PWAs(!!)
- You can add a Widget in the home screen that is a user profile switcher.
https://blossom.primal.net/54b87c485f1bf8c4024c217a33eea18ac8f6275336446aff0a7a1e206422203c.jpg
https://blossom.primal.net/94884eb3651ce95d6f8a3ae8311deb26e2adb984084f5e880237ea87b539b50c.jpg
#GrapheneOS
#nevent1q…7jzm

2025-12-10 23:00:25 UTC

- reply

edited, link if Nostr clients don't work with edits:
https://GrapheneOS.org/releases#2025121000

2025-12-10 22:56:49 UTC

#GrapheneOS MAJOR UPDATE based on Android 16 QPR2 version 2025121000 released.
This is our first non-experimental release based on Android 16 QPR2 after our initial experimental 2025120800 release. The change to the style of notification backgrounds is an upstream regression rather than an intentional change to a more minimal style.
Changes:
• rebased onto BP4A.251205.006 Android Open Source Project release (Android 16 QPR2)
• disable promotion of identity check feature not currently present in GrapheneOS due to depending on privileged Google Mobile Services integration
• GmsCompatConfig: update to version 166
All of the Android 16 security patches from the current January 2026, February 2026, March 2026, April 2026 and June 2026 Android Security Bulletins (May 2026 preview ASB doesn't exist yet) are included in the 2025121001 security preview release. List of additional fixed CVEs:
• High: CVE-2025-32348, CVE-2025-48641, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018
2025121001 provides at least the full 2026-01-01 Android and Pixel security patch level but will remain marked as providing 2025-11-05.
https://GrapheneOS.org/releaaes#2025121000

2025-12-10 20:05:52 UTC

- reply

I was also able to see Minecraft Java Edition (NOT the Android app) working thanks to help of somebody. It ran a lot better than I thought. Potential room for mods to make the game more performant as well. I'll create footage tomorrow.

2025-12-10 20:04:15 UTC

- reply

#nevent1q…ghxq

2025-12-10 20:03:59 UTC

The home screen, YakiHonne and Cake on experimental Desktop Mode in #GrapheneOS.
https://blossom.primal.net/bcbb59e5ef08cbb381f81090973ee02acfea5882315c567e2bddbf0faadab4f3.png
https://blossom.primal.net/c5b17d76853edbc7ef789d1a97c70dc1e5655f1635309144088a0120ec9bb638.png
https://blossom.primal.net/efe31c77a53215abf368b15874f1ef66d9ddfa029cc003656a301e9251cb62c2.png
#nevent1q…ugym

2025-12-10 03:47:49 UTC

- reply

The 8a is a small leap but provides years longer update time and a gigantic security boost. You also get the DisplayPort Alt Mode for this feature. What I usually recommend new users to get now.

2025-12-10 03:45:51 UTC

- reply

Been eyeing one myself. Will be game changer when this feature is production ready.

2025-12-10 03:44:41 UTC

- reply

I'll try and test some games on it tomorrow.

2025-12-10 03:43:41 UTC

- reply

Running other distros in the VM manager other than Debian would be desirable and something we'd like to work on when we are less ambushed with major update porting. Unsure how broad OS support will be yet.

2025-12-10 03:40:16 UTC

- reply

Not as much as you'd think, to be honest, but don't expect to be blown away with the performance.

2025-12-09 23:04:23 UTC

- reply

You can connect Pixels with DisplayPort alt mode (8 and higher) to an external display and it will work. You get a desktop environment and can run all your installed apps in floating windows. Need to enable developer options though, in the future you wont need to.
You can't run Linux apps in a good and easy way yet. A working desktop mode for Android apps is the base to build an environment for desktop applications in the future. Want to support Fedora and (if we're reaching for the stars) Windows ARM as potential platform targets.
You can use the Linux Terminal app and enable GUI to use a virtualized Debian environment with GUI apps. We did it with desktop Chromium before and even some DE's like GNOME. It's a very experimental developer option and breaks even in very basic use right now. Doesn't work through VPN either. Upstream will improve this as well.

2025-12-09 22:44:09 UTC

- reply

Video of Desktop Mode in #GrapheneOS.
https://blossom.primal.net/fd8e5f519395a5635cd2d530f65455dfa62360680867803a6b06508cbc582a56.mp4

2025-12-09 22:36:35 UTC

- reply

Yes. In this setup the device is plugged into a USB-C monitor that has a keyboard and mouse connected to it.
The standard phone display is still useable during this.

2025-12-09 19:46:16 UTC

- reply

Yes. This example is with DisplayPort Alt Mode on a Pixel 9.

2025-12-09 19:42:17 UTC

- reply

One per user profile for now. This makes it more than Android since they have Private Space only in Owner. Supporting multiple private spaces a profile would be desirable for the future.

2025-12-09 19:41:16 UTC

- reply

This is a documented issue, the Terminal app is still a highly experimental developer option so it can be prone to breaking. Desktop mode is separate to the Terminal app. We had disabled a lot of it for a while because of that. We're hoping to improve it, make it more stable and then possibly support different distributions instead.

2025-12-09 19:37:27 UTC

- reply

That would be the experimental terminal app which is a separate thing I hadn't demonstrated. There's a lot of other changes we'd like to make regarding the Terminal app as well.

2025-12-09 17:51:41 UTC

- reply

cc: @nprofile…qm68 now that it's a real thing.

2025-12-09 17:50:15 UTC

This is how the Desktop Mode looks in #GrapheneOS. Here you can see how some apps look. Below is a screenshot of me typing this post in Amethyst and two instances of Vanadium on different profiles (Private Spaces) demonstrating unique VPN connections to the same applications on the same workspace.
https://blossom.primal.net/f7bb32591116ba34a66e62584b739450bd6d123fa868c2996563d9bfd7754b57.png
Here is how the apps resize.
https://blossom.primal.net/5e2a42eeb5fea10048668017aa1c4481a60585151a9bc8be717aa2e0fc91f847.png
This will continue to be improved in the Android 16 QPR2 based release of GrapheneOS on the way and possibly be available outside of a developer option in Android 17.

2025-12-09 00:46:19 UTC

- reply

I say this but my first post on final.st is about the terminology behind forensic data extraction on phones. What a hypocrite. (whoops. spoiler.)

2025-12-09 00:38:48 UTC

- reply

Step 1: Search Windows digital forensic artifacts on Google
Step 2: Find popular artifact example (Prefetch, RunOnce, SRUM...)
Step 3: Write engagement tweet
Step 4: Repeat as such
Step 5: ???
Step 6: PROFIT!!!