Fair enough. I said “huge” because I guess some people care a lot. I personally don’t and have been on security preview releases since they started releasing them.

Not exactly. GrapheneOS has an OEM partner and has early access to AOSP changes that aren’t public. A huge downside to that is that security preview releases can’t be open source until after Google makes the code public.

I said “most users”. There are some who are still experiencing issues, which is being looked into. Other people have had issues that were fixed by clearing the storage for Google Play, Google Play Services, Google Messages, then granting all necessary permissions before launching Google Messages again.

It just won’t work on GrapheneOS. Not sure if disabling it will work on the stock OS. We will have to wait and see on that one.

The way Google will block apps with unverified developers won’t work on GrapheneOS. The change won’t be part of AOSP. On the stock OS, the functionality will be handled by another Google app that has privileged access. GrapheneOS won’t be affected directly.

Just check the project’s X account. The OEM partnership is mentioned very regularly.

Google has already shared how apps’ developers will be verified. They’re adding another app that will have access to block installing apps or disable them. That won’t work on GrapheneOS because 1. the app won’t be installed and 2. the app won’t have that kind of privileged access.

It’s my understanding that RCS was fixed for most users after this update: https://grapheneos.org/releases#2025092700. You may need to grant permissions to Google Play Services first, then clear Google Messages’ storage, grant permissions to Google Messages, then try setting it up again.

Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.

thet could, in theory, make a single OTA that everybody gets, but checks for a specific IMEI or other device ID and only there enables some malicious payload.

That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don’t know the unique IDs because they’re not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn’t possible. But even if people don’t believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.

That’s because they’re the only ones that meet the project’s requirements at the moment, but that may soon change soon. Maybe you’ve seen the news that the project is in talks with an OEM for them to meet the requirements and have official support for GrapheneOS for some of the existing devices.

This could prevent my next phone from being a Pixel.

But it doesn’t make sense for them to do that. They can’t just sell devices promoting them as “unlocked” then brick people’s phones or locking them out so they can’t access their data down the road.

Now, I agree that the long term future of GrapheneOS, if it has one, probably isn’t Google hardware.

Maybe, maybe not. 10th generation Pixels can be supported, so it’ll be a while still. But GrapheneOS is in talks with an OEM and it’s looking likely that they’ll have official support for GrapheneOS for their devices soon enough.

Well I suppose they could? But then how would that end for them? They sold devices with unlocked bootloaders. Changing that might get them in legal trouble. I’d think if a device is sold unlocked, it’ll remain unlocked.

And we also have the discussion forum at https://discuss.grapheneos.org/!