GrapheneOS accessed Android security patches but not allowed to publish sources

Posted by uneven9434 2 days ago

GrapheneOS accessed Android security patches but not allowed to publish sources(grapheneos.social)

319 points | 78 commentspage 2

dcow 2 days ago|

The only responsible disclosure is full disclosure.

dangus 1 day ago||

I wish we had more choices beyond Android and iPhone.

I think this thread makes it quite clear that Android is not a secure OS, period. Like, maybe it’s safer on a Pixel with Google’s own distribution, but even still, Graphene is claiming that Google’s team is stretched thin and isn’t fixing issues from 2024.

Meanwhile, Apple is allegedly building the most secure devices you can connect to the Internet: https://techcrunch.com/2025/09/11/apples-latest-iphone-secur...

pjmlp 10 hours ago|

I was happy on Symbian land, then on Windows Phone land, but alas that isn't how things turned out.

g-b-r 2 days ago||

If the smart plan of having others reverse-engineer the fixes won't work, I imagine they'll turn into a delayed-source product.

To my recollection, they always maintained that being open-source doesn't matter for security, after all

g-b-r 2 days ago|

(I strongly disagree)

cyberkendra 1 day ago||

[dead]

llyou_m1233 1 day ago||

llyou_m1233

Velocifyer 2 days ago||

Don't trust these guys.

ibeff 1 day ago|

That's not helpful without context and substance.

mcflubbins 2 days ago|

"They can easily get it from OEMs or even make an OEM."[0]

I agree with their points in the thread, but could Graphene "become" an OEM to get access to the security patches sooner? Just curious.

[0] https://grapheneos.social/@GrapheneOS/115164297480036952

evgpbfhnr 2 days ago||

They have access to the patches.

They just can't make an official release with it, because they can't publish the patch sources (embargoed) and their releases being open-source must match what they published...

qingcharles 2 days ago||

They have an OEM partner right now who funnels them the updates, which is how they get access to them.

acqbu 1 day ago||

Is it Framework?

hollerith 1 day ago||

Why would Framework have access to Android patches?

acqbu 1 day ago||

You're absolutely right

Motorola/Lenovo then?