Nevermind, the bridge loaded it.

Missing the context. Can you link to it?

There are an enormous number of unpatched CVEs simply for the Linux kernel itself. See https://lore.kernel.org/linux-cve-announce/. That legislation is dead on arrival if it expects to force companies to patch every vulnerability with a CVE. There would no longer be Linux-based phones sold in Europe in practice.

GrapheneOS only supports Pixels because Pixels are currently the only devices where an alternate OS can provide a high level of security. Other devices with the listed security features don't allow another OS either at all or securely.

You can see from the high quality third party comparison at https://eylenburg.github.io/android_comparison.htm other Android-based OSes are far different and not focused on privacy and security in the same way. That's why they support devices with poor security.

Pixels are currently the only devices meeting the very reasonable and important security requirements we have listed at https://grapheneos.org/faq#future-devices. It's not possible to provide something comparable to what we do on other devices yet.

OnePlus devices are Google Mobile Services devices made in partnership with Google. Android Open Source Project is made by Google. There a similar OS in the same space as GrapheneOS made for other devices and there cannot be one.

You can use nearly all Android apps on GrapheneOS. A small subset ban using anything other than a non-stock OS licensing Google Mobile Services via the Play Integrity API. WhatsApp works fine. In rare cases, WhatsApp bans people for detecting them as spammers which has a higher chance of happening to GrapheneOS users but it's very rare.

LineageOS connects to multiple Google services by default. AOSP is almost entirely made by Google. Linux kernel is heavily made by Google. OnePlus hardware is in partnership with Google to their specifications, includes their attestation root, includes Google code at a firmware level, etc.

Fairphone 5 can't be supported by GrapheneOS. It doesn't meet our hardware security requirements and support requirements: https://grapheneos.org/faq#future-devices The kernel branch it uses will be end-of-life in December 2025 with no plan to move to a new branch. It has 1-2 month delays for Android security backports which would impact us for the drivers and firmware. Delays of at least a year for yearly OS updates would impact us too due to the drivers and HALs. No secure element, etc. either.

> But noone is advertising security. The article is very explicit in helping to avoid Google tracking. They're advertising devices with serious known privacy and security issues as being private. They're advertising devices which heavily involve Google as "Zero Google". They're not "Zero Google".

From us: https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private From Mike Kuketz: https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/ From the DivestOS founder: issues with /e/OS: https://codeberg.org/divested-mobile/divestos-website/raw/commit/c7447de50bc8fadd20a30d4cbf1dcd8cf14805a0/static/misc/e.txt asb update history: https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history chromium update history: https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt chromium update summary: https://infosec.exchange/@divested/112

> Or are you so dishonest to just lie in my face and hope this would recuperate your underground reputation? Jul 21, 2025, 01:24 AM: https://grapheneos.social/@GrapheneOS/114889552965813467 Jul 21, 2025, 06:11 AM: https://grapheneos.social/@b7cf9f42a796b091e843dce919d3ef4c0dc82e029452edf0bdbcdeb9ecb93e78@mostr.pub/114890681172094320 The fact is that you repeatedly make false claims including about what we've said.

You keep attacking us with false claims and misinformation in response to accurate and verifiable info which goes against your beliefs. You think if something doesn't align with your beliefs, then it isn't true. You choose which things you think are true based on what you want to be true. It's silly.

> And since you fail with this consistantly, I have a very hard time to beliefe anything you say. We do no such thing. You continuously posts these irrational appeals to emotion where you misrepresent what we have said and done. You do not actually try to read and understand what we've posted.

Vanadium version 138.0.7204.168.1 released: https://github.com/GrapheneOS/Vanadium/releases/tag/138.0.7204.168.1 See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog. Forum discussion thread: https://discuss.grapheneos.org/d/24405-vanadium-version-138072041681-released #GrapheneOS #privacy #security #browser

If you aren't using Google Play code, then you don't need microG. You can use GrapheneOS without either microG or sandboxed Google Play. The only reason you would need microG is if you're running Google Play code as part of apps incorporating it. In that case, you are using Google Play code inside of the app sandbox for each of the apps using it. Which apps do you have which aren't working without microG installed? You're still using Google Play and Google services if you're doing that.

The researchers reported it to Android on October 31, 2024 and Android still hasn't fixed it. We fixed the vulnerability by only allowing third party apps to use custom activity animations for their own activities. It's likely Android doesn't want to remove part of the feature.

Android 16 was released June 10 and we'd already done our final Android 15 QPR2 releases with backports of Android 16 drivers/firmware when we were informed about TapTrap near the end of June. Once our port to 16 was near Stable, one of our devs spent a few hours fixing TapTrap.

The researchers reported it to Android on October 31, 2024 and Android still hasn't fixed it. GrapheneOS has a bunch of fixes for upstream Android vulnerabilities. Our focus is far more on systemic protections against classes of vulnerabilities but we do fix issues like this too.

We were informed about TapTrap in late June but needed to finish porting to Android 16 first. Our first production Android 16 release was 2025063000 but 2025070600 was the first to reach Stable. We fixed TapTrap the next day in 2025070700. It's serious and we did prioritize it.

They likely found https://x.com/GrapheneOS/status/1942235186923499549 but didn't realize our next release was shipped later that day. The TapTrap site from the researchers at https://taptrap.click/ documents that we fixed it. Our fix works well and many users tried the proof of concept app to confirm it.