Final on Nostr: #GrapheneOS version 2025012600 released. This update adds workarounds for various ...
#GrapheneOS version 2025012600 released.
This update adds workarounds for various apps banning aftermarket operating systems using techniques outside of the Play Integrity API. Revolut is the most common app known to do this.
There is now a menu to access a list of apps using the Play Integrity API from sandboxed Google Play. You can also choose to block the Play Integrity API for apps entirely, which could potentially help with some apps.
Messaging app was ported to Android 15 APIs as a beginning for overhauling all the default / system apps.
Changes since the 2025011500 release:
• disable standard Android feature holding a 10 minute screen wake lock after the screen brightness is raised at least 2 times within 5 minutes since this is confusing for users and it's far better if keep awake is done explicitly
• always show KASAN kernel crash notifications instead of only when system crash reporting is enabled by users
• Messaging: begin under the hood overhaul including fully porting to target API 35 (Android 15)
• recovery: remove spurious warning after update installation fails on A/B update devices
• change build username to build-user and build hostname to build-host instead of setting both to grapheneos due to bad actors using it to ban using GrapheneOS
• return green as the value of ro.boot.verifiedbootstate outside of specific parts of the base OS due to bad actors using it to ban using GrapheneOS
• SettingsIntelligence: don't show preference summaries in search results since it doesn't work properly for ones depending on dynamic string formatting and isn't done by SettingsIntelligenceGoogle on the stock Pixel OS
• Contact Scopes: fix spoofing of OP_GET_CONTACTS for apps not requesting WRITE_CONTACTS
• Sandboxed Google Play compatibility layer: improve infrastructure
• Sandboxed Google Play compatibility layer: allow blocking the Sandboxed Google Play is running notification
• Sandboxed Google Play compatibility layer: add per-app Play Integrity menu in the per-app Settings configuration that's shown after an app uses the Play Integrity API
• Sandboxed Google Play compatibility layer: add per-app toggle for blocking using the Play Integrity API via the per-app Play Integrity menu as a workaround for apps which ban devices based on it but don't require providing it to their service yet
• Sandboxed Google Play compatibility layer: add shortcut to the per-app Play Integrity API menu for contacting the app developer by leaving a review through the Play Store page
• Sandboxed Google Play compatibility layer: add menu for viewing all apps which have used the Play Integrity API with a shortcut in the per-app Play Integrity API menu
• Sandboxed Google Play compatibility layer: show optional notification upon detection of Play Integrity usage providing a shortcut to the per-app Play Integrity API menu and another for hiding further notifications for the app which is also available as a toggle in the per-menu
• hardened_malloc: update libdivide to 5.2.0
• TalkBack (screen reader): update dependencies
• TalkBack (screen reader): make builds fully reproducible by removing the use of __DATE__ and __TIME__ by brltty along with making the liblouis translation table zip use deterministic file order and timestamps
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.124
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.68
• Vanadium: update to version 132.0.6834.122.0
https://grapheneos.org/releases#2025012600
This update adds workarounds for various apps banning aftermarket operating systems using techniques outside of the Play Integrity API. Revolut is the most common app known to do this.
There is now a menu to access a list of apps using the Play Integrity API from sandboxed Google Play. You can also choose to block the Play Integrity API for apps entirely, which could potentially help with some apps.
Messaging app was ported to Android 15 APIs as a beginning for overhauling all the default / system apps.
Changes since the 2025011500 release:
• disable standard Android feature holding a 10 minute screen wake lock after the screen brightness is raised at least 2 times within 5 minutes since this is confusing for users and it's far better if keep awake is done explicitly
• always show KASAN kernel crash notifications instead of only when system crash reporting is enabled by users
• Messaging: begin under the hood overhaul including fully porting to target API 35 (Android 15)
• recovery: remove spurious warning after update installation fails on A/B update devices
• change build username to build-user and build hostname to build-host instead of setting both to grapheneos due to bad actors using it to ban using GrapheneOS
• return green as the value of ro.boot.verifiedbootstate outside of specific parts of the base OS due to bad actors using it to ban using GrapheneOS
• SettingsIntelligence: don't show preference summaries in search results since it doesn't work properly for ones depending on dynamic string formatting and isn't done by SettingsIntelligenceGoogle on the stock Pixel OS
• Contact Scopes: fix spoofing of OP_GET_CONTACTS for apps not requesting WRITE_CONTACTS
• Sandboxed Google Play compatibility layer: improve infrastructure
• Sandboxed Google Play compatibility layer: allow blocking the Sandboxed Google Play is running notification
• Sandboxed Google Play compatibility layer: add per-app Play Integrity menu in the per-app Settings configuration that's shown after an app uses the Play Integrity API
• Sandboxed Google Play compatibility layer: add per-app toggle for blocking using the Play Integrity API via the per-app Play Integrity menu as a workaround for apps which ban devices based on it but don't require providing it to their service yet
• Sandboxed Google Play compatibility layer: add shortcut to the per-app Play Integrity API menu for contacting the app developer by leaving a review through the Play Store page
• Sandboxed Google Play compatibility layer: add menu for viewing all apps which have used the Play Integrity API with a shortcut in the per-app Play Integrity API menu
• Sandboxed Google Play compatibility layer: show optional notification upon detection of Play Integrity usage providing a shortcut to the per-app Play Integrity API menu and another for hiding further notifications for the app which is also available as a toggle in the per-menu
• hardened_malloc: update libdivide to 5.2.0
• TalkBack (screen reader): update dependencies
• TalkBack (screen reader): make builds fully reproducible by removing the use of __DATE__ and __TIME__ by brltty along with making the liblouis translation table zip use deterministic file order and timestamps
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.124
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.68
• Vanadium: update to version 132.0.6834.122.0
https://grapheneos.org/releases#2025012600