GrapheneOS [Unofficial] KindnessInfinity • 17 hours ago • 100%

grapheneos.org

Pixel 4a (5G), Pixel 5 and Pixel 5a are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction. Tags: - [2024091700-redfin](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024091700-redfin) (Pixel 4a (5G), Pixel 5) - [2024091700](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024091700) (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets) - [2024091700-caimito](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024091700-caimito) (Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold) Changes since the 2024090400 release: - Sandboxed Google Play compatibility layer: handle the updated client dynamite module initialization sequence - extend standard Android eBPF filter to prevent apps sending multicast packets outside of the VPN tunnel either directly or separately via kernel-generated multicast traffic (IGMP, MLD) when leak blocking is enabled - add netfilter-based multicast firewall only permitting sending multicast packets to permitted interfaces for the process to prevent apps sending multicast packets through a disallowed interface such as a VPN tunnel for another profile - exclude com.android.rkpdapp from backup/restore to avoid breaking key provisioning for hardware key attestation including for Auditor (users can clear RemoteProvisioner system app data via Settings if they restored data for it and have this issue) - Pixel 9 Fold Pro: temporarily manually add resource overlays not yet automatically handled by adevtool from the stock Pixel OS to use the correct layout for quick settings, status bar, etc. and to provide the split folded/unfolded auto-rotate settings (this will be replaced by adevtool improvements before the end of the month since we'll need it for more resources in Android 15) - hardened_malloc: fix microdroid virtual machine compatibility by using armv8a+dotprod+memtag when enabling memory tagging instead of armv9+memtag - init: disable auto-reboot setup for microdroid virtual machines - expat: backport patches for CVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492 (none of these is exploitable on official GrapheneOS since the DoS bug involves a feature Android doesn't use, the integer overflows require that size_t is 32-bit which is never going to be the case due to the code only being used in 64-bit processes and the negative parameter API issue requires a usage pattern not done by Android, but the integer overflows would be exploitable on an official build for a 32-bit device or a 64-bit device still partially using 32-bit drivers) - kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.225 - kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.165 - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.104 - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.51 - TalkBack (screen reader): update dependencies - Vanadium: update to [version 128.0.6613.127.0](https://github.com/GrapheneOS/Vanadium/releases/tag/128.0.6613.127.0) - Vanadium: update to [version 128.0.6613.146.0](https://github.com/GrapheneOS/Vanadium/releases/tag/128.0.6613.146.0) - Vanadium: update to [version 129.0.6668.54.0](https://github.com/GrapheneOS/Vanadium/releases/tag/129.0.6668.54.0) - App Store: update to [version 25](https://github.com/GrapheneOS/Apps/releases/tag/25) - Auditor: update to [version 85](https://github.com/GrapheneOS/Auditor/releases/tag/85) - Info: update to [version 4](https://github.com/GrapheneOS/Info/releases/tag/4) - GmsCompatConfig: update to [version 136](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-136) - GmsCompatConfig: update to [version 137](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-137)

GrapheneOS [Unofficial] KindnessInfinity • 17 hours ago • 100%

github.com

Changes in version 129.0.6668.54.0: - update to Chromium 129.0.6668.54 A full list of changes from the previous release (version 128.0.6613.146.0) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/128.0.6613.146.0...129.0.6668.54.0). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 5 days ago • 83%

github.com

Changes in version 137: - update max supported version of Play services to 24.36 - update max supported version of Play Store to 42.7 A full list of changes from the previous release (version 136) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-136...config-137) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 1 week ago • 100%

github.com

Changes in version 128.0.6613.146.0: - update to Chromium 128.0.6613.146 A full list of changes from the previous release (version 128.0.6613.127.0) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/128.0.6613.127.0...128.0.6613.146.0). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 1 week ago • 100%

Our Android 15 port is increasingly solid. It can currently be tested by building the OS via [https://grapheneos.org/build](https://grapheneos.org/build). Since there aren't stable releases of Android 15 available yet, we currently support using the firmware, etc. from the Pixel Android 15 Beta releases for Pixels.

GrapheneOS [Unofficial] KindnessInfinity • 1 week ago • 100%

github.com

Changes in version 136: - update max supported version of Play Store to 42.6 - add stub for BluetoothDevice.setPairingConfirmation() - update SDK to 35 (Android 15) - update target API level to 35 (Android 15) A full list of changes from the previous release (version 135) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-135...config-136) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 1 week ago • 100%

github.com

Notable changes in version 85: - make remote verification more prominent by moving it to the main screen from the action menu - use correct theme for attestation activity background color - add support for Material You - update NDK to 27.1.12297006 - enable generation of v4 APK signatures to replace fs-verity metadata for updates on Android 15 GrapheneOS A full list of changes from the previous release (version 84) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Auditor/compare/84...85). The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section. This app is [available through the Play Store with the ```app.attestation.auditor.play``` app id](https://play.google.com/store/apps/details?id=app.attestation.auditor.play). Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel. Releases of the app signed by GrapheneOS with the ```app.attestation.auditor``` app id are published in the GrapheneOS App Store. These releases are also bundled as part of GrapheneOS. You can use the [GrapheneOS App Store](https://github.com/GrapheneOS/AppStore/releases) for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

github.com

Notable changes in version 25: - add support for using v4 APK signatures instead of fs-verity metadata on Android 15 - enable generation of v4 APK signatures to replace fs-verity metadata for updates on Android 15 GrapheneOS - skip system package check for static dependencies self checks - extend workaround for PackageInstaller sessions getting stuck to newer Android versions - update AndroidX Lifecycle libraries to 2.8.5 - update AndroidX Navigation KTX libraries to 2.8.0 - update AndroidX Fragment library to 1.8.3 - update AndroidX Activity KTX library to 1.9.2 - update Gradle to 8.10 - update Android Gradle plugin to 8.6.0 - update Kotlin to 2.0.20 - update Kotlin Symbol Processing to 1.0.25 A full list of changes from the previous release (version 24) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Apps/compare/24...25). App Store is the client for the GrapheneOS app repository. It's included in GrapheneOS but can also be used on other Android 12+ operating systems. Our app repository currently provides our standalone apps, out-of-band updates to certain GrapheneOS components and a mirror of the core Google Play apps and Android Auto to make it easy for GrapheneOS users to install [sandboxed Google Play](https://grapheneos.org/features#sandboxed-google-play) with versions of the Google Play apps we've tested with our sandboxed Google Play compatibility layer. **GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with ```adb install-multiple``` with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.**

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

github.com

Notable changes in version 4: - use standard top app bar text style - use steadily decreasing header sizes for release notes - define night-specific theme to make text selection toolbar and splash screen adapt to the current theme - update Kotlin to 2.0.20 - update Gradle to 8.10 - update Android Gradle plugin to 8.6.0 - update Android build tools to 35.0.0 - update Android NDK to 27.0.12077973 - update AndroidX Compose BOM to 2024.09.00 - switch AndroidX Compose UI Text library version from AndroidX Compose BOM now that 1.7.0 has a stable release and is included - update AndroidX Compose Navigation to 2.8.0 - update AndroidX Lifecycle libraries to 2.8.5 - update AndroidX Activity Compose to 1.9.2 - enable generation of v4 APK signatures to replace fs-verity metadata for updates on Android 15 GrapheneOS - add whitelist of supported languages for resources (currently English) A full list of changes from the previous release (version 3) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Info/compare/3...4). Releases of the app are published in the GrapheneOS App Store. These releases are also bundled as part of GrapheneOS. You can use the [GrapheneOS App Store](https://github.com/GrapheneOS/AppStore/releases) on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

Ad blocking test at [https://d3ward.github.io/toolz/adblock](https://d3ward.github.io/toolz/adblock) is extremely flawed. It tests domains which are not used for ads/tracking and doesn't take into account that mainstream ad blocking is blocking specific paths hosted at those domains. Mainstream ad blockers also cheat at these tests. Here's where uBlock Origin simply fudges the results for the test by blocking everything tested by d3ward.github.io: [https://github.com/uBlockOrigin/uAssets/blob/master/filters/filters.txt#L14202-L14206](https://github.com/uBlockOrigin/uAssets/blob/master/filters/filters.txt#L14202-L14206) Brave uses uBlock Origin filters as their base set of filters and then extends it, so it's cheating at the test through that too. Here's where Adguard cheats at the test, which is at least done case-by-case with explanations: [https://github.com/AdguardTeam/AdguardFilters/blob/daba77058c72b983f2a46b97dca5b669710a7414/SpywareFilter/sections/specific.txt#L4491-L4521](https://github.com/AdguardTeam/AdguardFilters/blob/daba77058c72b983f2a46b97dca5b669710a7414/SpywareFilter/sections/specific.txt#L4491-L4521) Some of the tested domains are simply not used on other sites. In other cases, it is used that way but blocking it would break sites so they don't do it. Author is willing to fix issues but since ad blockers are cheating it'd need to be moved to another domain after fixing it. Vanadium will not include rules for cheating at content filtering tests because we think it would be a breach of user trust, regardless of flaws in a test.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

github.com

Changes in version 128.0.6613.127.0: - update to Chromium 128.0.6613.127 - mark Vanadium Config as forceQueryable to support reading the configuration from apps using the WebView for feature flags A full list of changes from the previous release (version 128.0.6613.99.0) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/128.0.6613.99.0...128.0.6613.127.0). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

grapheneos.org

Pixel 4a (5G), Pixel 5 and Pixel 5a are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction. Tags: - [2024090400-redfin](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024090400-redfin) (Pixel 4a (5G), Pixel 5) - [2024090400](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024090400) (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets) - [2024090400-caimito](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024090400-caimito) (Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold) Changes since the 2024083100 release: - full 2024-09-05 security patch level - rebased onto AP2A.240905.003 (generic) and AD1A.240905.004 (caimito) Android Open Source Project releases - Sandboxed Google Play compatibility layer: add support for using GSF 34 on SDK 35 (Android 15) to handle the case where users have just upgraded the OS but haven't yet updated GSF - Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold: fix an upstream use-after-free bug present in 2 drivers - allow Pixel Thermometer and Fitbit to see each other as a special case - allow current launcher to see the Pixel Thermometer app as a special case - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.47 - GmsCompatConfig: update to [version 134](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-134) - GmsCompatConfig: update to [version 135](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-135)

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

Our initial port of device-independent GrapheneOS code to Android 15 is done and we're testing it in the emulator. We still need to port the kernels, device-specific repositories, adevtool and generate the new vendor state. Can already be built for emulator from our 15 branch.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

September 2024 Android Security Bulletin includes a patch for the wipe bypass we reported: CVE-2024-32896. It's actively exploited by forensic companies across devices. Pixels patched it in June 2024... September ASB: [https://source.android.com/docs/security/bulletin/2024-09-01](https://source.android.com/docs/security/bulletin/2024-09-01)June PUB: [https://source.android.com/docs/security/bulletin/pixel/2024-06-01](https://source.android.com/docs/security/bulletin/pixel/2024-06-01) We reported several vulnerabilities exploited by forensic companies in January 2024. We proposed implementing firmware reset attack mitigation and wipe-without-reboot. Pixels shipped reset attack mitigation in April 2024 and also a firmware mitigation making wipe bypasses harder. In June 2024, Pixels shipped our wipe-without-reboot proposal to fully eliminate wipe bypasses. The full solution is a set of AOSP patches ([https://android.googlesource.com/platform/frameworks/base/+/8b7b2c66ca96d711fb364cbcc9d655197d9743e0](https://android.googlesource.com/platform/frameworks/base/+/8b7b2c66ca96d711fb364cbcc9d655197d9743e0)) but they still classified it as a firmware patch since it was treated as phase 2 of the Pixel firmware patches. We pointed out that it was actually an AOSP patch which should be shipped for all devices, and they agreed with us and scheduled it for inclusion in September. Wipe bypass is now finally going to be fixed for non-Pixels. Reset attack mitigation will still be missing elsewhere. We extended wipe-without-reboot with extra wiping and use it as part of our duress PIN/password feature. Forensic companies are still able to exploit stock OS Pixels, but reset attack mitigation helps prevent bypassing GrapheneOS security via firmware. [https://grapheneos.social/@GrapheneOS/112826160880324005](https://grapheneos.social/@GrapheneOS/112826160880324005) Each month, there's a new Android monthly, quarterly or yearly release. This month is a monthly release of Android 14 QPR3, the 3rd quarterly release of Android 14 from June 2024. Android Security Bulletins have a subset of overall privacy/security patches. This is one example. Android Security Bulletins include the High and Critical severity patches for the Android Open Source Project backported to older releases (12, 12.1, 13, 14) and a small selection of firmware/driver patches for specific hardware. Non-Pixels ship these backports. Pixels ship more. Android OEMs are responsible for making their own more complete set of patches and incorporating patches from the SoC vendor and other hardware vendors for their devices. The Pixel Update Bulletins largely consist of these extra patches from Samsung, Qualcomm, Broadcom, etc. Low and Moderate severity patches are almost entirely not backported to older Android releases and aren't listed in the Android Security Bulletins. Android 14 QPR3 from June is the current major release, not Android 14. Monthly updates since then are more than ASB patches. Patch for CVE-2024-32896 was included in an upcoming major release (Android 14 QPR3 in June 2024) and that's why non-Pixel devices didn't get it, because they don't actually update to the new monthly/quarterly releases. Now that it's in the ASB, they'll apply the backport.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

GrapheneOS support for the Pixel 9 Pro Fold is no longer marked experimental and is now available through our production site: [https://grapheneos.org/releases](https://grapheneos.org/releases) [https://grapheneos.org/install/web](https://grapheneos.org/install/web) Our 2024083100 release has been confirmed to be working and to have a working future upgrade path.

GrapheneOS [Unofficial] KindnessInfinity • 2 weeks ago • 100%

github.com

Changes in version 135: - update max supported version of Play services to 24.35 - update max supported version of Play Store to 42.5 - enable generation of v4 APK signatures A full list of changes from the previous release (version 134) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-134...config-135) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 83%

github.com

Changes in version 134: - add new approach to disabling Play services OS update service required by 24.31 onwards to avoid uncaught exceptions in rare cases it tries to run - update Android Gradle plugin to 8.6.0 A full list of changes from the previous release (version 133) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-133...config-134) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 94%

grapheneos.org

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction. Tags: - [2024083100-redfin](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024083100-redfin) (Pixel 4a (5G), Pixel 5) - [2024083100](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024083100) (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets) - [2024083100-caimito](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024083100-caimito) (Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold) Changes since the 2024082200 release: - don't hide Exploit protection Safety Center item in secondary users - Settings: improve UI for GrapheneOS app toggles including adding a screen for viewing the values across apps for each toggle - add more infrastructure for blocking dynamic code loading - Settings: add per-app memory dynamic code loading restriction toggle (applies to both native code and Android Runtime class loading for Java/Kotlin) - Settings: add per-app storage dynamic code loading restriction toggle (applies to both native code and Android Runtime class loading for Java/Kotlin), temporarily without a global toggle until Google phases out the old dynamite module system for Google Play due to many apps temporarily depending on this through it - Settings: add per-app WebView JIT restriction toggle - add production support for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL - add experimental support for the Pixel 9 Pro Fold (we haven't received our preordered device for testing yet) - add support for enabling app association restrictions without exemptions (currently for use with Pixel Thermometer) - add support for Pixel Thermometer app available from our App Store for the Pixel 8 Pro, Pixel 9 Pro and Pixel 9 Pro XL with strict isolation from other apps - add missing feature compatibility matrix definitions (mainly for 9th generation Pixels) - Contact Scopes: explicitly set initialization order after ContactsProvider2 to avoid uncaught exceptions from a race - kernel (6.1): disable unused hibernation support - kernel (6.1, 6.6): enable struct randomization in the full mode with a deterministic seed based on kernel commit timestamp (we plan to also incorporate the device family and eventually make the seed specific to each device model, but it will increase our build/testing workload) - kernel (6.6): enable random kmalloc caches - kernel (5.10): update to latest GKI LTS branch revision - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.96 - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.46 - Vanadium: update to [version 128.0.6613.88.1](https://github.com/GrapheneOS/Vanadium/releases/tag/128.0.6613.88.1) - Vanadium: update to [version 128.0.6613.99.0](https://github.com/GrapheneOS/Vanadium/releases/tag/128.0.6613.99.0) - Auditor: update to [version 84](https://github.com/GrapheneOS/Auditor/releases/tag/84) - GmsCompatConfig: update to [version 131](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-131) - GmsCompatConfig: update to [version 132](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-132) - GmsCompatConfig: update to [version 133](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-133) - drop restriction on modifying GrapheneOS-specific per-package settings via ADB shell since it makes certain important testing require debug builds and has no real security value - flash-all.sh: restore POSIX sh compatibility to allow using sh instead of bash on systems where sh is dash or another non-bash-compatible shell - add support for using backslashes in the passphrases for encrypting the keys for signing OS releases

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

We've published an initial experimental release for the Pixel 9 Pro Fold on our staging site: [https://staging.grapheneos.org/releases#comet-stable](https://staging.grapheneos.org/releases#comet-stable)[https://staging.grapheneos.org/install/web](https://staging.grapheneos.org/install/web) Our preordered Pixel 9 Pro Fold for our device testing farm hasn't arrived yet so we'll be relying on others to test the early builds. Everything has been ported for it already and there's nothing else to do for it without testing feedback from users. There's a high chance everything is already fine for it since we have production quality support for the other 9th gen Pixels and the original 7th gen Pixel Fold.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

Source code and factory images for the Pixel 9 Pro Fold have been published. We've added support for it to our Auditor app: [https://grapheneos.social/@GrapheneOS/113047519006891751](https://grapheneos.social/@GrapheneOS/113047519006891751). We're beginning work on adding GrapheneOS support but our test device hasn't arrived yet so we won't be able to test ourselves yet.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

github.com

Notable changes in version 84: - add support for Pixel 9 Pro Fold with either the stock OS or GrapheneOS - update Android Gradle plugin to 8.6.0 - update Kotlin to 2.0.20 A full list of changes from the previous release (version 83) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Auditor/compare/83...84). The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section. This app is [available through the Play Store with the ```app.attestation.auditor.play``` app id](https://play.google.com/store/apps/details?id=app.attestation.auditor.play). Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel. Releases of the app signed by GrapheneOS with the ```app.attestation.auditor``` app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the [GrapheneOS App Store](https://github.com/GrapheneOS/AppStore/releases) on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. **GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with ```adb install-multiple``` with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.**

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

github.com

Changes in version 128.0.6613.99.0: - update to Chromium 128.0.6613.99 - backport upstream implementation of enforcing blob URL partitioning - enforce dynamic code execution restrictions with seccomp-bpf when JIT is disabled (prevent creating executable anonymous mappings, writable and executable file mappings or marking a non-executable mapping executable) - explicitly declare queries to Vanadium Config package for both the WebView and browser A full list of changes from the previous release (version 128.0.6613.88.1) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/128.0.6613.88.1...128.0.6613.99.0). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

github.com

Changes in version 133: - update max supported version of Play services to 24.34 A full list of changes from the previous release (version 132) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-132...config-133) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

Our 5th release for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is available. Main improvement is replacing Linux 6.1.75 with latest GKI LTS (6.1.95). Remaining gap should go away soon. Pixel Thermometer is now supported for 9 Pro / 9 Pro XL and can be installed via our App Store. Pixel Thermometer is also supported on the Pixel 8 Pro now too. 9th gen Pixel users are getting it early since we needed another early release to port them to our standard 6.1 GKI LTS branch. With the next official release, 9th gen Pixel should be on the regular release cycle.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

Our 4th release for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available. It adds two Bluetooth bug fixes missing from the temporary Android Open Source Project branch for 9th generation Pixels. One of those is a Bluetooth issue we reported. [https://grapheneos.social/@GrapheneOS/112095059145360678](https://grapheneos.social/@GrapheneOS/112095059145360678)

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

github.com

Changes in version 132: - add workaround for chain crash on unsupported Android 12.1 devices end-of-life for almost 3 years as a special exception which won't be followed with other fixes for known issues (not realistic for us to indefinitely support devices and users need to move to supported devices) A full list of changes from the previous release (version 131) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-131...config-132) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 3 weeks ago • 100%

Telegram has full access to all of the content of group chats and regular one-to-one chats due to lack of end-to-end encryption. Their opt-in secret chats use homegrown end-to-end encryption with weaknesses. Deleting the content from the app likely won't remove all copies of it. Telegram has heavily participated in misinformation campaigns targeting actual private messaging apps with always enabled, properly implemented end-to-end encryption such as Signal. Should stop getting any advice from anyone who told you to use Telegram as a private messenger. Telegram is capable of handing over all messages in every group and regular one-to-one chat to authorities in France or any other country. A real private messaging app like Signal isn't capable of turning over your messages and media. Telegram/Discord aren't private platforms. A major example of how Telegram's opt-in secret chat encryption has gone seriously wrong before: [https://words.filippo.io/dispatches/telegram-ecdh/](https://words.filippo.io/dispatches/telegram-ecdh/). The practical near term threat is for the vast majority of chats without end-to-end encryption: 100% of Telegram group chats and the regular 1-to-1 chats. Companies should treat user data as toxic waste rather than as something they want to gather and hoard for business models like targeted advertising. It's not a good thing to have a bunch of sensitive data which could be obtained by adversaries or requested by a government. Not using E2EE creates a lot more legal risk than using E2EE at least while E2EE is still legal in most of the world. Not using E2EE gives the technical capability to moderate, provide data, etc. and therefore governments expect that to be done. That's why they hate E2EE. Apps like Signal and SimpleX can't access messages, media and profiles. Telegram has access to all content in private group chats and regular private messages unless people used a secret chat. They can automatically scan it, moderate and provide data to authorities based on it. Telegram chose to have the technical capability to see all private group chats and regular direct messages. In doing so, they put private user data at risk of seizure by governments. The scramble to try to delete data shows lack of basic threat modelling: [https://x.com/sambendett/status/1827712700299821277](https://x.com/sambendett/status/1827712700299821277) Even Facebook's WhatsApp uses end-to-end encrypted direct messages and group chats and WhatsApp is clearly not a private messaging app. It's not a niche feature. Telegram shouldn't have been heavily marketed as private/encrypted when most user data can be handed to governments.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 83%

github.com

Changes in version 131: - disable Play services OS update services to avoid errors being shown for some users - update max supported version of Play services to 24.33 - update max supported version of Play Store to 42.4 A full list of changes from the previous release (version 130) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-130...config-131) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 100%

GrapheneOS support for the Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL is now available via our official site in addition to our staging site. [https://grapheneos.org/install/web](https://grapheneos.org/install/web) Most users don't have any issues. 2 people reported an occasional Wi-Fi connectivity issue not happening for others.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 94%

Our third release for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available with a fix for adjusting volume levels and support for configuration vibration intensity. There have been 2 reports of occasional Wi-Fi connectivity issues which we're currently investigating.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 91%

The first update for GrapheneOS on the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is now available. It now has a full port of our hardware-level + software-level USB-C port control feature as a replacement for our legacy USB peripheral control feature: [https://grapheneos.org/features#usb-c-port-and-pogo-pins-control](https://grapheneos.org/features#usb-c-port-and-pogo-pins-control). Currently, the only known issue with support for 9th generation Pixels is all volume levels above 0% currently acting the same way. We're actively working on this and should have a fix for it available soon. Once that's resolved, we're already close to a production release.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 100%

Experimental releases of GrapheneOS for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL can already be installed with the web installer on our staging site: [https://staging.grapheneos.org/install/web](https://staging.grapheneos.org/install/web) Can also use the CLI install guide with the releases listed on the staging site releases page. Our USB-C port control feature with both hardware-level and software-level enforcement hasn't been ported to them yet. They temporarily have our old USB peripherals toggle not depending on changes to device-specific USB HAL and USB-C kernel driver. We aim to get this done soon. These are production builds signed with the official keys with our standard update system. They'll get updated to future releases without needing to reinstall the OS. For now, please report issues to our testing chat room rather than our issue tracker: [https://grapheneos.org/contact#community-chat](https://grapheneos.org/contact#community-chat).

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 83%

github.com

Changes in version 128.0.6613.88.1: - rebuild to resolve regression caused by x86_64 build used for the emulator being done with the arm64 configuration A full list of changes from the previous release (version 128.0.6613.88.0) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/128.0.6613.88.0...128.0.6613.88.1). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 90%

grapheneos.org

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction. Tags: - [2024082200-redfin](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024082200-redfin) (Pixel 4a (5G), Pixel 5) - [2024082200](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024082200) (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets) Changes since the 2024082000 release: - Settings: fix regression in the previous release which blocked it reaching the Stable channel by making the duress PIN/password configuration unavailable in secondary users again (it was only usable when the secondary user had the same unlock PIN/password as the Owner user) - adevtool: remove non-functional repair mode support - adevtool: remove non-functional digital car key support (requires privileged Google Play) - adevtool: remove invalid clock font family overlay (google-sans-clock font not included) - adevtool: update out-of-band carrier settings - Pixel 8a: add Let's Encrypt (ISRG) roots for Samsung gnssd SUPL connections via adevtool instead to share the implementation with 9th generation Pixels - kernel (6.1): update to latest GKI LTS branch revision - Auditor: update to [version 83](https://github.com/GrapheneOS/Auditor/releases/tag/83) - Vanadium: update to [version 128.0.6613.88.0](https://github.com/GrapheneOS/Vanadium/releases/tag/128.0.6613.88.0)

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 83%

github.com

Changes in version 128.0.6613.88.0: - update to Chromium 128.0.6613.88 A full list of changes from the previous release (version 127.0.6533.104.3) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Vanadium/compare/127.0.6533.104.3...128.0.6613.88.0). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 100%

github.com

Notable changes in version 83: - add support for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL with either the stock OS or GrapheneOS - mark legacy devices which are no longer supported as explicit unsupported - update Android Gradle plugin to 8.5.2 - update Android NDK to 27.0.12077973 - update Gradle to 8.10 - update Guava library to 33.3.0 A full list of changes from the previous release (version 82) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/Auditor/compare/82...83). The Auditor app uses hardware security features on supported devices to validate the integrity of the operating system from another Android device. It will verify that the device is running the stock operating system with the bootloader locked and that no tampering with the operating system has occurred. It will also detect downgrades to a previous version. It cannot be bypassed by modifying or tampering with the operating system (OS) because it receives signed device information from the device's Trusted Execution Environment (TEE) or Hardware Security Module (HSM) including the verified boot state, operating system variant and operating system version. The verification is much more meaningful after the initial pairing as the app primarily relies on Trust On First Use via pinning. It also verifies the identity of the device after the initial verification. Trust is chained through the verified OS to the app to bootstrap software checks with results displayed in a separate section. This app is [available through the Play Store with the ```app.attestation.auditor.play``` app id](https://play.google.com/store/apps/details?id=app.attestation.auditor.play). Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel. Releases of the app signed by GrapheneOS with the ```app.attestation.auditor``` app id are published in the GrapheneOS App Store and on GitHub. These releases are also bundled as part of GrapheneOS. You can use the [GrapheneOS App Store](https://github.com/GrapheneOS/AppStore/releases) on Android 12 or later for automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. **GrapheneOS users must either obtain GrapheneOS app updates through our App Store or install it with ```adb install-multiple``` with both the APK and fs-verity metadata since fs-verity metadata is now required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.**

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 100%

grapheneos.org

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction. Tags: - [2024082000-redfin](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024082000-redfin) (Pixel 4a (5G), Pixel 5) - [2024082000](https://github.com/GrapheneOS/platform_manifest/releases/tag/2024082000) (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, emulator, generic, other targets) Changes since the 2024080600 release: - Settings: enable Safety Center and port all of the relevant GrapheneOS settings to it both to provide the more modern user interface and to prepare for the release of Android 15 - hide Safety Center camera extensions fallback toggle when it's not relevant (not used on Pixels) - Package Installer: fix upstream bug causing null pointer exception in rare edge cases including a rare race condition - require Owner user credential to check whether a duress PIN/password is enabled as hardening against potential UI bugs such as the upstream predictive back gesture issue we patched in the Settings app - apply upstream change for 6th generation Pixels making snapuserd available in recovery to avoid a problem in a rare edge case where a factory reset occurs before finishing booting a new update - apply minor upstream fixes for Settings which were temporarily only shipped for certain Pixels - add fastboot to otatools.zip for optimized factory images generation - flash-all: raise minimum fastboot version to 35.0.1 - kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.223 - kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.164 - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.95 - kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.45 - remove duplicate Android.bp from unpacked otatools.zip to avoid breaking subsequent builds when it's unpacked in the source tree - add Android 15 Beta build configuration for early development/testing of our Android 15 port via an ap2f release configuration enabling all of the available Android 15 feature flags - port GrapheneOS changes to new code for Android 15 used by our Android 15 Beta build configuration - Vanadium: update to [version 127.0.6533.104.0](https://github.com/GrapheneOS/Vanadium/releases/tag/127.0.6533.104.0) - Vanadium: update to [version 127.0.6533.104.1](https://github.com/GrapheneOS/Vanadium/releases/tag/127.0.6533.104.1) - Vanadium: update to [version 127.0.6533.104.2](https://github.com/GrapheneOS/Vanadium/releases/tag/127.0.6533.104.2) - Vanadium: update to [version 127.0.6533.104.3](https://github.com/GrapheneOS/Vanadium/releases/tag/127.0.6533.104.3) - GmsCompatConfig: update to [version 128](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-128) - GmsCompatConfig: update to [version 129](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-129) - GmsCompatConfig: update to [version 130](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-130)

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 93%

We've started work on adding support for the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL. We haven't received our test devices yet but they should arrive within a couple days. Pixel 9 Pro Fold will be supported like the earlier Pixel Fold but it's launching later than the others. Our device testing lab now has a Pixel 9 and Pixel 9 Pro XL. Pixel 9 Pro Fold is preordered and we should receive it at launch. The regular Pixel 9 Pro was out-of-stock so we haven't ordered one yet. We can buy one later and use up the credit from buying the other 3 devices. GrapheneOS support for Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is coming along nicely. It will be ready for public experimental testing soon. It's currently being delayed by Chromium v128 reaching Stable today. We also need another regular OS release due to a minor UI regression. Our initial port to the Pixel 9, Pixel 9 Pro and Pixel 9 Pro XL is complete and is going to begin going through internal testing. There will likely be at least a few issues to resolve. We'll likely be able to publish a public experimental release in around 12 to 14 hours. We're working on resolving an early boot crash with 9th generation Pixels caused by porting our hardware-level USB-C port control to them. If necessary, we can partially omit this feature for an initial experimental release. Our aim is to have a public experimental release today. It's available now: [https://grapheneos.social/@GrapheneOS/113010526089814611](https://grapheneos.social/@GrapheneOS/113010526089814611)

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 83%

github.com

Changes in version 130: - add stub for PackageManager.getPackagesForUid() to cover our GmcPackageManager.getPackagesForUid() shim still throwing a security exception when handling passing an invalid negative UID due to how the OS APIs work instead of the error expected by Play services A full list of changes from the previous release (version 129) is available through the [Git commit log between the releases](https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/compare/config-129...config-130) (only changes to the ```gmscompat_config``` text file and ```config-holder/``` directory are part of GmsCompatConfig). This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

GrapheneOS [Unofficial] KindnessInfinity • 4 weeks ago • 91%

Reflects extremely poorly on Apple that several of their employees have been involved in spreading fabricated claims about Pixels. Convincing companies/governments to strictly use Apple products with clearly fraudulent claims about Pixels is scandalous. [https://x.com/GerzerSoftware/status/1825226770079244361](https://x.com/GerzerSoftware/status/1825226770079244361) We directly talked about iVerify being a sandboxed app fundamentally incapable of providing significant defenses against sophisticated attackers: [https://x.com/GrapheneOS/status/1824194291591417961](https://x.com/GrapheneOS/status/1824194291591417961) It does not mean you should trust them to run code on your device, view your DNS requests, etc. iVerify fabricated a fake Pixel vulnerability in order to promote their company/product alongside Palantir and Trail of Bits. It has been completely debunked by multiple researchers. Many people were previously aware of the app, the conditions for enabling it and had analyzed it. Multiple privacy and security researchers have previously talked about this set of apps for supporting Verizon's network functionality on Android. We analyzed these apps years ago and have publicly talked about it. We checked CarrierSettings and Showcase again before our thread. Showcase (com.customermobile.preload.vzw) is Verizon's retail demo app and is completely disabled at a package level with the other Verizon apps on Pixels unless someone has a Verizon SIM. The way they're disabled is comparable to installing and uninstalling the apps on demand. Showcase additionally requires a privileged OS setting in order to enable it. This setting has more limited access than other settings which are part of the public API. The level of access to enable it would be greater than the access the app has available for itself. Using iVerify means trusting a Palantir partner with code execution, access to your DNS requests, etc. Palantir is a surveillance company and is largely based around acquiring access to data mined by other companies. That's reason enough to avoid code from them or their partners. Here's some background on Palantir: [https://privacyinternational.org/sites/default/files/2021-11/All%20roads%20lead%20to%20Palantir%20with%20Palantir%20response%20v3.pdf](https://privacyinternational.org/sites/default/files/2021-11/All%20roads%20lead%20to%20Palantir%20with%20Palantir%20response%20v3.pdf) Regardless of whether you share the views of most of the open source and privacy communities on Palantir and their partners, a security company like iVerify promoting products via fraudulent claims isn't trustworthy. Installing an app from their app store is giving arbitrary code execution within the app sandbox to the app developers. The app sandbox is far weaker than the browser sandbox for a website. It's also easy enough for apps to do arbitrary things based on configuration and many do. iVerify has been actively marketing to journalists while working with groups many journalists consider among their main adversaries. Using an app is trusting the developers with arbitrary remote code execution in the app sandbox, which is a lot weaker than the web sandbox. App sandbox simultaneously prevents iVerify from providing any significant value against a sophisticated attacker while also not being nearly strong enough to put up a serious defense against sophisticated adversaries. The value is oversold and it brings more risk than reward.