Today is the official release day for Android 17. We've already fully ported GrapheneOS to Android 17 and are in the process of pushing the code to our public repositories. We're building a final official release based on Android 16 QPR2 today and we'll do an initial Android 17 release tomorrow.

GrapheneOS has over 400k users. It's hard to understand why one of our users running a Discourse forum is resulting in us suddenly getting attacked across platforms. These attacks on GrapheneOS happening across platforms every single day are increasingly desperate and ridiculous.

Vanadium version 149.0.7827.114.0 released: https://github.com/GrapheneOS/Vanadium/releases/tag/149.0.7827.114.0 See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: https://discuss.grapheneos.org/d/36329-vanadium-version-149078271140-released #GrapheneOS #privacy #security #browser

Murena has repeatedly claimed GrapheneOS is primarily useful to criminals and used by criminals which is utter nonsense. They regularly say it about private/secure devices in general. https://grapheneos.social/@GrapheneOS/116353973732143171 Murena and F-Droid have both spent years misleading people about GrapheneOS with false claims. That includes absolutely vile personal attacks and harassment content towards our team from the leadership and core members of both organizations.

In April, Mullvad provided sponsored DataPacket servers for GrapheneOS in Dallas and Frankfurt which each have 50Gbps peak bandwidth capacity. These now serve a large portion of the updates to GrapheneOS users and add a lot of capacity to our other services including our anycast authoritative DNS.

/r/privacy strictly bans discussing GrapheneOS so this post is very likely going to be removed. Their auto-moderation configuration removes any comment or post containing the word GrapheneOS which is why it's not directly mentioned in a single comment. This post only slipped through because they aren't going as far as using OCR and AI to detect people discussing GrapheneOS yet. That's why some people in the thread are saying Graphite instead. It's ridiculous that they ban saying it.

GrapheneOS has much better protection against remote exploits due to much better generic memory corruption exploit protections than Android. See https://grapheneos.org/features#exploit-protection for partial coverage of what it provides. A remote exploit written for Android won't be usable with GrapheneOS in practice. They'd need to find additional / different vulnerabilities and overcome stronger defenses to attack GrapheneOS due to the defenses it adds.

GrapheneOS has built-in support for call recording in the system dialer. It's being extended with support for enabling defaulting to having call recording enabled soon.

Having 2 browser engines instead of 1 would massively increase the work required and heavily reduce security even if the 2nd browser engine had similar security. Adding a massive amount of attack surface and wasting huge amounts of our resources would make little sense. Firefox is drastically less secure so it's definitely not a good starting point. It's trivial to make the privacy of Chromium far better than Firefox compared to closing even a tiny bit of the gap for security.