Tags:

• 2025081300 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025080600 release:

• limit MediaMetadata object size to avoid Binder failures to resolve the rest of an upstream Android denial of service issue triggered in real world use by LibreTube (this extends our previous fix in our 2025072700 release)
• reduce time update threshold to 50ms from Android's default 2000ms instead of allowing the clock to get up to 2s out-of-date (this change was lost during one of the major release ports when Android significantly changed the code and moved where this is configured)
• Pixel 8a: fix inclusion of PSDS overlay since our port to Android 16 which was breaking using our PSDS proxy until we worked around it server-side with a redirect from broadcom.psds.grapheneos.org to samsung.psds.grapheneos.org for the Samsung PSDS download path
• Samsung GNSS devices (Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a): switch to TLSv1.3-only for SUPL instead of TLSv1.2-only now that it's supported by gnssd
• change User-Agent for geocoder to "GrapheneOS geocoder $USER_AGENT_VERSION" where the version is currently 1 and can be incremented if there are significant changes to how we make requests (this was previously using the default Android User-Agent sending more information than necessary)
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.101
• Seedvault: update to latest revision for Android 16 (will be replaced with a better backup implementation in the future)
• Camera: update to version 84
• Camera: update to version 85
• Info: update to version 6
• Vanadium: update to version 139.0.7258.123.0

Today was the coordinated disclosure date for multiple Matrix chat protocol vulnerabilities:

https://matrix.org/blog/2025/08/security-release/

Our synapse server has been upgraded to 1.135.2 and now we'll need to upgrade our Matrix chat rooms. Many servers haven't yet upgraded and won't be able to join.

Our plan is to create an entirely new set of Matrix rooms with room version 12 and begin migrating people over to those. Our existing rooms will be kept around for a while because we know many instances are going to take their time updating to the new server software releases.

Our Matrix chat rooms have been repeatedly broken by these protocol bugs. Our General and Offtopic rooms have been replaced 4-5 times. The most recent occurrence was our GrapheneOS Space with over 25000 users breaking. This will all hopefully be in the past after today's fixes.

See https://grapheneos.org/contact#community-chat for more info. Our rooms are bridged across Matrix, Discord, Telegram and IRC. We started on IRC and intended to fully migrate to Matrix. We added Telegram due to the major issues with Matrix and then Discord which is now the most active platform.

Federating with open registration Matrix servers leads to endless raids including people spamming CSAM and gore. Not federating makes it quite useless. A large portion of our Matrix community moved to Discord due to the CSAM spam across Matrix and we don't bridge media from it.

Discord has very good configurable server-side filtering and dramatically better mod tools. Matrix heavily enables abuse through federation and doesn't even support restricting inline media. Matrix also lacks channels within rooms so communities like ours rely on moderation bots.

Changes in version 139.0.7258.123.0:

• update to Chromium 139.0.7258.123

A full list of changes from the previous release (version 139.0.7258.62.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Notable changes in version 86:

• update CameraX to 1.5.0-beta02
• migrate to new CameraX SessionConfig API to replace CameraX UseCase API
• use CameraX SessionConfig API to mark Electronic Image Stabiliization (EIS) as a preferred feature so it gets automatically disabled when the device can't support it for the configured resolution (CameraX was previously downgrading the resolution automatically but started throwing an exception with 1.5.0-beta02 and it also more sense for EIS to be used when available instead of forced by downgrading the resolution)

A full list of changes from the previous release (version 85) is available through the Git commit log between the releases.

This app is available through the Play Store with the app.grapheneos.camera.play app id. Play Store releases go through review and it usually takes around 1 to 3 days before the Play Store pushes out the update to users. Play Store releases use Play Signing, so we use a separate app id from the releases we publish ourselves to avoid conflicts and to distinguish between them. Each release is initially pushed out through the Beta channel followed by the Stable channel.

Releases of the app signed by GrapheneOS with the app.grapheneos.camera app id are published in the GrapheneOS App Store which provides fully automatic updates. Each release is initially pushed out through the Alpha channel, followed by the Beta channel and then finally the Stable channel. These releases are also bundled as part of GrapheneOS and published on GitHub.

GrapheneOS users must obtain GrapheneOS app updates through our App Store since verified boot metadata is required for out-of-band system app updates on GrapheneOS as part of extending verified boot to them.

Dev's (youtube) channel: Andrew Kravchuk (EN/RU)