GrapheneOS releases
grapheneos.org
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

Tags:

  • 2026042100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026040800 release:

  • Launcher: backport fix from Pixel Launcher for the recents overview with third party launchers
  • Launcher: improve our implementation of hiding the app list when search is focused to more closely match Pixel Launcher
  • don’t allow irregular secondary users (guest, demo or restricted) to have a private space
  • Settings: inherit user restrictions from full user to a nested private space and run a one-time task to add missing restrictions
  • kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.167
  • kernel (6.6): update to latest GKI LTS branch revision
  • kernel (6.12): update to latest GKI LTS branch revision
  • kernel (6.1): backport SVE support for protected guests
  • kernel (6.1, 6.6, 6.12): backport fix for race conditions in USB gadget UVC driver causing crashes with the device as webcam feature including use-after-free detected by hardware memory tagging
  • kernel (6.6, 6.12): disable Android GKI vendor hooks for INIT_ON_FREE page zeroing to avoid Pixels deferring zero-on-free for reclaim (kswapd) via their driver tree since it reduces security to improve performance (the stock OS doesn’t use INIT_ON_FREE but they tried to reduce the cost to be acceptable for the stock OS while we want the full security instead)
  • adevtool: change added Cape cellular radio carrier configuration entry to use USCC (1952) instead of ATT (1187) to avoid outbound call issues for users opting into using their new setup early (stock Pixel OS will add the same entry but they take months to handle it so it was submitted to us too)
  • hardened_malloc: improve handling of out-of-memory edge cases
  • Vanadium: update to version 147.0.7727.101.0

All of the Android 16 security patches from the current May 2026, June 2026, July 2026, August 2026, September 2026 and October 2026 Android Security Bulletins are included in the 2026042101 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0051, CVE-2026-0052, CVE-2026-0073, CVE-2026-0080, CVE-2026-0097, CVE-2026-21352, CVE-2026-21353
  • High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079, CVE-2026-0084, CVE-2026-0085, CVE-2026-0086, CVE-2026-0087, CVE-2026-0088, CVE-2026-0089, CVE-2026-0091, CVE-2026-0093, CVE-2026-0094, CVE-2026-0095, CVE-2026-0096, CVE-2026-0098, CVE-2026-0099, CVE-2026-0100, CVE-2026-28572, CVE-2026-28574, CVE-2026-28577, CVE-2026-28578, CVE-2026-28580, CVE-2026-28581, CVE-2026-28585, CVE-2026-28586

For detailed information on security preview releases, see our post about it.