GrapheneOS version 2025100300 released:
https://grapheneos.org/releases#2025100300
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/27029-grapheneos-version-2025100300-released
@GrapheneOS QUESTION from someone largely ignorant of the Google and Android ecosystem: Why does GrapheneOS target the generally well-regarded Google Pixel family of devices and not vendors shipping "customized" versions of Android on their products?
When I first read about Graphene I got so excited I could do something interesting with a Galaxy Note 20 only to learn I was mistaken. And if I were buying a pixel, I think I'd be reluctant to use alternate firmware on it.
There are plenty of Android distros running in dozens of normal models. No need to trust on a distro with ambiguous funding sources and suspicious choices of hardware.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory There aren't any other projects in the same space as GrapheneOS. It's the only hardened open source mobile OS.
Other Android devices have objectively far worse privacy and security. It's not clear how using a Google Mobile Services device from an Android OEM with worse privacy practices than Google is better. Other devices near entirely don't provide proper privacy/security updates and important hardware security features.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory GrapheneOS is funded by donations. It hasn't received any government grants or other forms or strings attached funding. We have a federal Canadian non-profit organization handling all of the finances of the project which is formally audited. The attempt at portraying people donating to support the OS they use as being a suspicious form of funding is strange.
Can you name specific hardware you think would be better to use?
Even signal is more transparent in disclosing their "donation" values from the government. You are asking users to "trust" you and don't permit them to verify.
You know this quite well, yet keep insisting and playing us for dumb.
Which secure and transparent OS and decice do you use?
@8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory GrapheneOS has not received any government funding. We're fully transparent about getting 100% of our funding via donations without strings attached. We may sell products and services in the future, but it won't be things which conflict with our mission of providing a freely available open source OS, apps, etc. for improving people's privacy and security.
@8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory Unlike Signal, we do not have any government funding and have never received any. We haven't applied for government grants and don't plan to do it. We don't want money with strings attached. We get enough funding via donations and will be able to expand that as we grow the userbase and improve GrapheneOS. We could also sell enterprise products/services.
I'd love to see how they also verify no government funding.
Maybe they provide a login to their bank account?
@8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory People can look at the cryptocurrency donations we receive. It's publicly visible that we've received hundreds of thousands of dollars worth of ETH from Vitalik Buterin who is a GrapheneOS user. He plans on providing us more funding once we get the non-profit in better shape with a clearer development and hiring roadmap. There's nothing secret about that.
@8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory People can't see our Monero donations but those are still going to get audited via providing view keys to the auditors similarly to our Wise account, PayPal and bank accounts.
We could publish total donation and expense amounts over periods of time but what exactly does that change? Our expenses are mostly paying developers, with the highest being $50/hour.
But generally, the only folks who want to know and verify donations are governments and nefarious actors who wish to attack individuals they seem undesirable.
And this isn't about grants. It is about funding and transparency, something that other projects in the area are known for doing except yours.
Let the accounting company do a statement on the sources of income. You insist in asking to be trusted but we want to verify, not trust.
That is how things work for crypto technology, you know that too.
That is all the verification you need. Check it. If you like what you see, use it. If you don't, then don't.
For a Monero user, you aren't very friendly to privacy.
Plus, you aren't even compiling the code. You are installing binaries compiled by them, which might not even be the same code code that is available on the repository.
So neither of those arguments hold much ground nor you see me pushing for those points. The only points mentioned here are the exclusivity to use spyware hardware and ambiguous funding sources.
You should stop using open source software the
Around here you just see me recommending monero because it is an upgrade for the dumbasses around here still stuck on fedcoins. They'll never understand that many other options exist and are quite good.
Monero itself has quite the history of scams, double-crossings and exploits. Just read it up by yourself. The only reason it can be trusted today is exactly because nobody trusted the developers and the code base was small enough to be verified.
By comparison, the code base here is huge and their project is fairly irrelevant on the greater scheme of things.
So what you are saying is that you like Monero but not Graphene but cannot verify either.
Monero has been routinely verified on the key parts by different groups that don't trust the monero developers. No such thing happened with that dubious distro.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory GrapheneOS is open source. You're welcome to port it to other devices. You still haven't specified which devices you either want to use or think we should use instead of Pixels. Pixels are currently the only devices meeting the requirements listed at https://grapheneos.org/faq#future-devices but we have an OEM partner as you can see from our security preview releases.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory We have a major Android OEM as a partner since June 2025. We're working with them towards a subset of their future devices meeting our requirements and providing official GrapheneOS support.
Contrary to your claims, there are people verifying GrapheneOS builds are reproducible and people reviewing all of our code, which is not a massive amount of code.
In case you do release sane hardware at at an affordable price then I'll be here too to support such effort.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory It's a major Android OEM with many devices, one of the top 10 companies making Android devices in terms of sales. They don't do vaporware. It remains to be seen whether they can meet all of our requirements with a 2026 device but it should be possible since Qualcomm added MTE support for the upcoming Snapdragon flagship.
@8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory We want funding that's not subject to any strings. We don't want to depend on grants where we need to keep applying for them and can be left in a crisis if the money is cut off. That would put at us the mercy of whoever is providing the grants. We do plan to make long-term development proposals where we seek donations funding them from our userbase.
@ffbb1c5748f93fe48768b493b4117b6a4776de34a2ae78dfb373fe8794510560 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory Please specify which devices you think should be used instead. Pixels are the only ones meeting the requirements at this time. Nearly every Android OEM is a Google partner licensing Google Mobile Services. OEMs must comply with a massive set of restrictions for licensing GMS and receive a cut of the revenue from GMS, not just profits from hardware sales.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory GrapheneOS isn't based in the US so the IRS can't see anything about our finances. The Canadian government could look at our bank accounts and Wise accounts if it's legally authorized but that's a small portion of our overall finances.
Not clear what you want to be reported on sources of income. They just see transactions inbound to GrapheneOS.
In case you truly believe what you have just written, it is even worse.
There are legal mechanisms to get that information and they ain't exactly worried about getting without legal support either.
https://blossom.primal.net/ef59febd14208205f8157a979fe3348b31b19937ca6b4d9e31a3b370132cc396.jpg
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62@mostr.pub @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee@mostr.pub @emory@soc.kvet.ch @GrapheneOS@grapheneos.social I'm really unclear on what you want them to disclose. They state they receive only individual donations. If that is false, they are lying but you have no way to demonstrate it. If it is true then there is literally nothing more they can disclose without doxxing people who fund them. Plus it still would not prove they hadn't received non-disclosed funding.
You are basically asking them to somehow prove something there is no way to prove. You can't prove a negative. Even if they did doxx those of us who contribute (I am one of them), how could you prove that none of those people are acting as conduits for a government? You can't, it's unable to be disproven.
On the point of using Google hardware, the project has repeatedly explained why they only support Pixel phones, and it is a good reason. No one has managed to find another phone that meets the security requirements of this project, and no one has found any evidence that Pixel phones without Google Android are in any way compromising user security or privacy beyond what a cell network already knows about them.
And finally, they have disclosed that they are working on developing secure hardware. Reality is that that is not a simple process (I worked for Amazon and saw the mess that the Fire Phone development was), so I'm not going to hold my breath. But it is on their todo list.
@reflex @emory @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee We're working with one of the top 10 Android OEMs towards their devices meeting our requirements and providing official GrapheneOS support. They already have many mainstream devices but their current devices don't have adequate updates and hardware-based security features for GrapheneOS. They're definitely capable of providing what we need though.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory 100% of our revenue up to this point has come from no strings attached donations. The only thing visible to the accountants and auditors are the inbound transactions, not why someone sent them. The auditing is to make sure we're spending all money in accordance with the non-profit status and the mission of the non-profit and that nothing went missing, etc.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory Donations are simply inbound transactions to us. They're donations so they're not tied to an invoice for a purchase of any kind. We've never sold a product or service up to this point. We can provide explicit receipts for donations but have only done that a couple times and it's not an invoice for a product or service. Not clear how you think it should work.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory The auditors need to check our account balances to make sure the inbound and outbound transactions work out to the proper amounts. They're required to audit our expenses including obtaining proof for large expenses such as our legal fees and sample testing smaller ones such as requesting invoices. What do you think they'd be checking for inbound donations?
@reflex @emory @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee They're not making special devices for GrapheneOS but rather they're working on making the next generation version of one of their flagship devices meet our requirements. Qualcomm finally added MTE support to Snapdragon so everything required to meet our bare minimum requirements should be available. They need to pay for longer support from them.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory GrapheneOS has never received any government funding. We haven't ever accepted a grant with strings attached from anyone. GrapheneOS has been entirely funded by donations. Donors do not get a say in our priorities or how their donations are used. Several times, we've raised money towards specific costs which is us deciding what we need and people deciding if they want to support that. Donors don't get any special influence.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory GrapheneOS Foundation is a federally incorporated non-profit in Canada complying with the official requirements for accounting and auditing. In years where we receive more than 500k of revenue, we're required to do a formal audit, which is already happening for 2024 and will generally happen for each year moving forward.
We haven't applied for government grants and it's not how we intend to expand our funding at all.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @emory GrapheneOS is fully funded by donations right now. We'll continue to expand that by adding more donation methods and continuing to improve the OS which results in more donations.
Our non-profit is allowed to sell products or services but we haven't done it and would need to approach it in a way which fits into our mission.
GrapheneOS Foundation is a non-profit. It exists to pursue the defined mission, not for profit.
@GrapheneOS @emory i know some bank (revolut) allow donation trough their "revtag" and the end to end micro chat in it, so maybe in the future or if some potential donor ask for it :)
@aleksandrayulia @emory Revolut isn't available in Canada. Revolut strangely allows people to try to send us money despite us not having an account but we can't obtain it. We don't think they should be doing that.
@xyhhx They seem to allow sending money to email addresses which then sends an email saying there's money waiting for you if you make an account. However, we're NOT ALLOWED to make an account. We're not sure what's happening to that money. They probably hold it for a while and then send it back. It's quite annoying since we aren't allowed to make an account to claim it and people should be sending us the money via one of the supported donation methods. Revolut is likely costing us donations.
@GrapheneOS @xyhhx yes, if you don't take the Money they send it back to sender. Revolut don't know where you are, they only see the Mail-Adress....It means Sender have to check it.
As an objective observer, it's clear to me that you're not arguing in good faith or with good intentions.
I challenge you to name a more legit (or even close) mobile OS than GrapheneOS and/or point out the specific lines of GrapheneOS code that warrant concern.
I used to think the "attacks" on GrapheneOS and its developers were overstated, but after seeing this and many other FUD attempts, it's clear that they're not.
The whole point of open source is that you "don't trust, verify." So, verify your claims by providing the lines of code or STFU.
If Satan himself was donating XMR to GrapheneOS, what difference would it make? Hashes are unforgable, period.
The GrapheneOS crew are legends. They're doing a great service for humanity for modest financial compensation.
You, in comparison, are either an inferior programmer and spiteful gamma, or you're a "fed." Pathetic, comtemptible, or both.
1) endorsing spyware hardware exclusively
2) non-transparent income sources
On both cases we are told "just trust", in no occasion I've made remarks about the code as a point to clarify. When someone says "check the code", everyone here knows it wouldn't be realistic to review +16 million lines of code. What we can realistically verify are the income sources and ask for moving away of compromised hardware.
Your opinion is just that: an opinion.
Facts are an entirely different matter.
Being public about income sources and supporting another hardware isn't difficult but it is dreadfully suspicious when they keep finding "reasons" to avoid it.
Will be happy when both situations are solved, and so should you.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 We don't endorse any spyware hardware. You're making an unsubstantiated claim that the most secure Android devices with by far the most external review for privacy and security is spyware hardware. You won't specify which devices you think should be used, which would likely be GMS devices too.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 As we've said, 100% of our funding comes from no strings attached donations. We don't accept or apply for funding with strings attached. We've never received a government grant or another form of grant with any strings attached. GrapheneOS is 100% funded via https://grapheneos.org/donate.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 We explained we receive a very small amount of donations via Benevity and have received 3 USD bank transfers to our bank account: 2 from Proton, which were public $10k donations made to multiple open source projects and charities by Proton and 1 large public one from Jack Dorsey's startsmall.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 We've been fully transparent about where the money comes from: people donating through the methods on our donate page along with the extra stuff we listed. There hasn't been money from anywhere else. You can look at the non-Monero cryptocurrency donations yourself but are choosing not to do it.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 We can't see anything more than you can about the non-Monero cryptocurrency donations. The publicly available info shows who donated. We also can't see anything more than you can about who donated via Monero, just the number of donations and amounts. Is that what you want from us?
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 We can see a list of names for Wise, PayPal and bank account donations. For bank transfers, it often just shows as the name of a bank. We're obviously not going to violate the privacy of donors by publishing a list of names. Large donations were all via ETH and BTC other than startsmall anyway.
Auditing the sources of funding (and the soutces behind those sources and their intentions) is not a feasible task. Even with the best financial audit humanly possible, there will still be more questions and opportunities to raise suspicions. It would also be inappropriate and poor form to publicly air all of the necessary personal information of the generous individuals that make GrapheneOS possible financially.
The level of effort required would exceed the total programming and management effort of the entire GrapheneOS team. Yet, you demand that they do this, or accuse them of vague impropriety.
Even if iit were done, it would likely just provide more opportunities for gammas to bite at the ankles of the GrapheneOS teatrYou're intelligent enough to see the flaw in my argument and to write a somewhat intelligent response, but you can't see the flaws in your own arguments?
Regarding hardware, it's been addressed ad nauseum by GraphemeOS. Perhaps you don't understand the nuances of security at that level of the technology stack.
I'm not going to repeat the explanations because it would be (extremely) redundant and a waste of effort because I'm still convinced that you're not arguing in good faith.
I'm now even more convinced that you're a gamma. Likely part of a competing "tribe" and therefore far inferior to the GrapheneOS team. A deep, burning inferiority that compells you to thow shade at the superior crew.
You make weak, pointless arguments and infeasible demands. It's blatantly obvious that you're not driven by a passion for security, but rather a desire to bring down a team that makes you look smaller than you already were.
If you truly cared about security, you should be able to find some lines of code that warrant concern. Since that's not the case, heres a much easier challenge:
Name the make and model of a single mobile device that meets the GrapheneOS security standards that isn't a modern Pixel.
-----
What's my motivation here?
I see this shit in open software all the time, and it's extremely disappointing.. You should be applying whatever talent you have to supporting the GrapheneOS project, for the benefit of humanity, but instead you waste it on harassing them.
Fucking gammas. Pathetic.
Recognize it. Then correct it. It's not easy, but it is possible.
Auditing the income sources isn't difficult, they already do it every year. Just missing to publish like other projects do.
You insist in wanting to audit the source code, it is a pointless to audit source code running on compromissed hardware which has already beein pointed by numerous other experts including myself.
Last but not least: you insist on personal attacks. Very sus.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 There are audits of our finances to ensure that no money is going missing and all of it is being spent according to the non-profit status towards the non-profit's defined mission. There's no auditing of the sources for donations, which is not something which can even be done and makes no sense.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 It's not known where cryptocurrency donations are coming from in general. The same is largely true for fiat donations. It's often simply the name of a bank, and typically the name of an individual without any further identifying information available to us. What is the use of a list of names?
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 You have a strange idea about how donations work. Donors are not identifying themselves to us in any direct way. People choose one of the donation methods and send money. The most we can see is a name shown in the Wise, PayPal or bank account history. Names are also often not unique anyway.
- replies
- 0
- announces
- 0
- likes
- 0
You will surely play the "naive" card again but Pixel was never a trusted device from the beginning and this is undeniable. It was consistently exposed as untrusted with the stock firmware from the cyber community. You somehow hope in "good faith" that they haven't took the opportunity to include spyware inside the device hardware too. Yeah, right.
This is fresh 😂👌
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory No, this is blatant and obvious misinformation. Cybernews is a known source of highly inaccurate clickbait articles on privacy and security. The article is highly inaccurate and has been thoroughly debunked. Nearly everything they claimed was wrong and deliberately warped to get more traffic.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory None of this has absolutely anything to do with Pixels specifically. It's solely about Google Mobile Services component present across all GMS devices. However, their coverage of how that works and what is extraordinarily inaccurate. iOS also has has 1:1 equivalents to everything covered.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory Once again, you're failing to specify ANY device you think is better. Nearly all Android devices are Google Mobile Services devices with all the same stuff they're badly covering. Cybernews is the equivalent of the National Enquirer for privacy and security. It's not the "cyber community".
I didn't see a single word related to hardware or firmware. ALL mobile firmware has blobs. The challenge is to engineer software that mitigates this to the fullest extent possible.
Modern mobile devices are a privacy nightmare. That's the whole point of GrapheneOS - to minimize this fact to the fullest extent possible.
You claim to be a security expert, and then you present this article as evidence that the Pixel 9 hardware or firmware is compromised?
I challenge you to provide a single example where a Pixel 9 with GrapheneOS is less secure or less private than ANY other mobile hardware/software manufactured within the last decade.
I already know you can't do it, but go ahead and post another tech journalist clickbait slop article - I find them interesting. However, I'd prefer something with more substance, like a proper research paper or journal article.
What device, OS, and software are you using that provides more security and privacy?
What even is your argument at this point? That modern silicon has firmware blobs and therefore Pixels and GrapheneOS are inferior to an alternative that you refuse to identify?
You should have logged off after getting checkmated. Do you not have any shame?
@1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory The article from Cybernews misrepresents Google Mobile Services as somehow specific to Pixels and also has highly inaccurate coverage of what it does, when it does it and the impact of that. A large portion is about opt-in network location that's available on iOS, Windows, desktop Linux, etc.
@1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory Cybernews is a tabloid rag. They published this inaccurate and likely partly AI generated content with the Pixel 9 launch pretending Google Mobile Services is specific to Pixels. As usual with their content, they don't care about accuracy but rather only clicks and post fake content to get it.
Somehow you find it difficult to ask an accountant to prepare a report. Curious. 👍
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory Name a single open source project that's doing what you claim. Which open source project discloses a list of all of their donors or anything else similar to what you're demanding? It would be ridiculous and anti-privacy to require people to be publicly identified to donate to GrapheneOS.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory Link to a single open source project which provides any information on their regular donors. Projects disclosing grants with strings attached is not relevant because we don't receive any. We've fully disclosed all of that information: we have never received or applied for a government grant.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory We have never received or applied for any grant. FUTO called their $40k donation to us a grant, but we made sure they agreed it was just a donation with no strings attached. They got upset we didn't make content with them or work with them but it was a no strings attached donation.
After you claim it is misinformation, now you claim iOS has "1:1", meaning that they spy the same.
Just use any other phone except Google spyware, that ain't hard.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory No "experts" confirmed anything. Cybernews is a tabloid rag posting endless highly inaccurate clickbait. Their "experts" do shallow research including with LLMs and post it in highly sensationalized, inaccurate articles. You're linking to low quality blog spam content and calling it experts.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory List the device models you think should be supported instead of Pixels. You've ruled out any devices licensing Google Mobile Services, so that doesn't leave much. Which device do you think we should support? You don't want a device where the stock OS has GMS, so what do you want us to use?
@GrapheneOS you aren't dumb, so why do you insist on such sloppy approach?
I can forgive @1807a49c for being naive and expect the manufacturer or governments to admit they bug hardware but you aren't exactly entitled to play dumb too and pretend they don't.
I'll publicly do a bet that in 12 months from now you will still not have released a device to market (non-google) with a price below 1000 USD.
Because that's the pattern. Keep feeding them hopes, like a carrot. They'll believe there is a better way and you'll keep luring them to then release something (alternative) that at the same time is unreachable.
We both know that. I'm just recording it here today as future memory.
Enjoy the spoiler.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory The Verge is more tabloid blog spam. This is more highly inaccurate content with outright fabrications from a company selling iOS software and promoting buying iPhones to governments. Their claims were thoroughly disproven and were outrageously dishonest. They enabled this code with ADB...
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory iVerify is a Palantir partner and published these fabricated claims aimed at promoting iPhones and their iVerify software on iOS in partnership with Palantir. Palantir exists to help build a police state.
See https://discuss.grapheneos.org/d/14993-debunking-fake-stock-pixel-os-vulnerability-from-an-edr-company which debunked this story, as did other researchers.
@1a5cff5118d071a2c5d46534733abb9f3dcdfc41b24db0132fc20dbf01c75f78 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory See https://discuss.grapheneos.org/d/14993-debunking-fake-stock-pixel-os-vulnerability-from-an-edr-company which debunked this story. iVerify is an iOS focused EDR company selling products. They claimed their Android antivirus software found a backdoor when in reality it didn't and it was all fake claims.
@1a5cff5118d071a2c5d46534733abb9f3dcdfc41b24db0132fc20dbf01c75f78 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory The reality is that iVerify used ADB to enable debugging code that's otherwise always disabled. Being able to enable debugging code in a way that harms security due to a vulnerability is not a security vulnerability or backdoor.
Second because you find plenty of open source projects doing the same and it is suspicious that you are not "aware" of them. Fine, here is one from Firefox which is one of the oldest open source projects on the market. I hope you have heard before about them: https://www.mozilla.org/en-US/foundation/annualreport/2024/
Third, even your friends at Signal had no issues publishing the accounting statements to public and I'd say they were in the business of privacy too. Example: https://projects.propublica.org/nonprofits/organizations/824506840
Too bad that even that was a lie, soon after they were forced to admit being financed by the CIA since years: https://www.kitklarenberg.com/p/signal-facing-collapse-after-cia
So, yeah. There you have a couple of good examples to get started.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory None of what you've linked provides the details you're demanding on donors.
GrapheneOS has neither applied for or received any money from governments. The same goes for other forms of grants. GrapheneOS has not received funding via grants with conditions, only no strings attached donations.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory We've repeatedly asked you to specify which devices you think we should support in response to your unsubstantiated and false claims about Pixels. You claim you want us to support other devices, so please specify which ones you want us to support which you think are better than Pixels.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory
Which brand of devices do you want us to support instead?
Samsung?
OPPO?
OnePlus?
Motorola?
Xiaomi?
Sony?
Vivo?
Honor?
Realme?
Nothing?
Are you going to have an issue with it if it's a Chinese company or owned by a Chinese company as most of the options are in practice?
Now make a new excuse for this university too: https://link.springer.com/chapter/10.1007/978-3-030-90022-9_12
"We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing."
https://blossom.primal.net/66c3fe0766bdeb4409d522a293248ab05b52eb56e895a3c8a78f1b9678e46f8c.png
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory This entirely applies to any devices with Google Mobile Services, not specifically Pixels. It also applies to non-GMS devices from Huawei, etc. too. You've linked 2 articles about Google Mobile Services rather than Pixels. It implies you expect a device without GMS in the stock OS...
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory Nearly all Android devices are licensing Google Mobile Services and have it deeply integrated into their stock OS with exactly the same access it has on Pixels. What's the point of linking to content about GMS? GrapheneOS does not include GMS and only supports using it as sandboxed apps.
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @emory Any device providing the basics of what's required is going to be built for running Android and it's nearly certain it will have a stock OS with Google Mobile Services. If you're against any device where stock OS has GMS or similar services then you're against us supporting anything realistic.
@06830f6cb5925bd82cca59bda848f0056666dff046c5382963a997a234da40c5 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory Most devices don't allow it and those that do mostly cripple functionality including security. Several OEMs including OnePlus which allowed it without crippling functionality phased that out. Others phased out unlocking at all.
@06830f6cb5925bd82cca59bda848f0056666dff046c5382963a997a234da40c5 @ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory There aren't currently other devices providing the updates we need or the security features we need. That's why we're working with a major OEM since June 2025 towards some of their 2026 or 2027 devices meeting our requirements.
Don't worry, nobody is reading these posts so your audience (e.g. bitcoin cultists) will continue to believe you are really going to support some other hardware at affordable prices (some day). 👍
@ba5115c37b0f911e530ed6c487ccbd9b737da33fd4b88a9f590860378c06af62 @06830f6cb5925bd82cca59bda848f0056666dff046c5382963a997a234da40c5 @8ef009e94757a5025b30917edc324e36d1f439423836902fc552423dc234d9ee @1807a49c19a1347e6f19729697c15d4f53df5482ecf3eeddfa0c8e7d0fa245a1 @emory How do you think we're able to provide security preview releases with the November 2025 and December 2025 Android security patches? The answer is we have a major OEM as a partner.
https://grapheneos.org/releases#2025092500
https://discuss.grapheneos.org/d/27068-grapheneos-security-preview-releases
@GrapheneOS hi, I am using 2025100301. Unfortunately in this version the double tab on screen turns display on is broken. Is this already reported? How can I support to get that running again?
@topcaser It's single tap, not double tap, and it's definitely not broken. Have you tried rebooting already?