Signal feed
@GrapheneOS@grapheneos.social
Open source privacy and security focused mobile OS with Android app compatibility.
Latest notes
The only reason infosec.exchange isn't defederated is from grapheneos.social is because it's too big to fail.
infosec.exchange has very consistently failed to address rampant libel and harassment directed towards our team from their instance.
At one point, the admin of the instance publicly posted we'd reported harassment with details and asked for feedback which acted as a rallying cry for people engaged in these attacks. None was addressed. We stopped filing reports of harassment to them.
@RyszardD infosec.exchange has a massive instance blocklist far larger than ours. The admin of the instance responded to a valid report about someone calling our founder insane and delusional clearly in reference in harassment content by publicly posting about it asking for input and then being supportive of people linking harassment content. He also leaked our private messages to the person we reported. We want those nasty replies removed and for them to be asked to stop, that's all.
@RyszardD It is harassment and infosec.exchange defederates instances for permitting much less than that. It's part a bunch of libel and harassment directed towards us from their instance and elsewhere. Reporting one case of it led to the admin of the instance publicizing it and taking feedback which involved people sharing a bunch of fabricated stories and harassment content. The moderation action they claimed to take was actually undone and our private DMs were leaked to the person doing it.
@garrett Most banking apps still work on GrapheneOS but Play Integrity API adoption is expanding and it's nearly impossible to convince an app to stop using it once they've started. We've only successfully convinced a couple apps to stop. We've convinced a lot more apps to start permitting GrapheneOS by using the Android hardware attestation API as an alternative which can be used to permit arbitrary hardware and operating systems but that's still very problematic including for GrapheneOS.
@garrett We provide documentation at https://grapheneos.org/articles/attestation-compatibility-guide on how apps can use the Android hardware attestation to permit GrapheneOS and other hardware / operating systems which aren't certified by Google. This API supports permitting alternate roots of trust and non-stock operating systems. We use new signing keys for each new device model so new devices won't be listed without them updating it and their list won't include alternate builds of GrapheneOS. Apps should not be doing this at all.
Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.
Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:
Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.
GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
@Brokar @tuxicoman It's going to be the same GrapheneOS supporting additional devices with official support and collaboration from the OEM. They're going to benefit through selling many more devices and we get more high quality devices meeting our security requirements which we can properly support. It should also be a lot easier for us to support than Pixels because they're going to be helping us a lot. Most of the work still needs to be done, but it's a serious partnership already.
@luana It will fully support using other operating systems including users making their own builds of GrapheneOS. It's part of our hardware requirements. We'll likely be able to make hardened builds of firmware and drivers which can be released in an official way for easy builds without needing to extract anything from the GrapheneOS or Motorola OS factory images.
@a53bdb We'll continue to have Pixels as an option.
@a53bdb We knew you weren't saying that but that's the answer we have for people who are.
We're happy to announce a long-term partnership with Motorola. We're collaborating on future devices meeting our privacy and security standards with official GrapheneOS support.
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
We can't find the internet
Attempting to reconnect
Something went wrong!
Attempting to reconnect