GrapheneOS releases
grapheneos.org
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

This is the initial release of GrapheneOS based on Android 17.

Due to an upstream Android 17 bug, updating to this release via ADB sideload to recovery from a previous release is unavailable. There will be no issues updating to it over-the-air and we’ll provide instructions in our testing channels for early experimental testing prior to Alpha. We’ve added a workaround resolving updating via ADB sideload from this release to a future release. We’re working on a resolution to updating via sideload from a previous release. If necessary, we could make a final release based on Android 16 QPR2 with the same workaround solely released for people who only update via sideloading.

Tags:

  • 2026061800 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026061600 release:

  • full 2026-06-05 Pixel security patch level (released with Android 17)
  • rebased onto CP2A.260605.016 Android Open Source Project release (Android 17)
  • revert in-process Opus codec sandboxed with LFI (Lightweight Fault Isolation) to dedicated sandboxed process in order to restore compatibility with hardware memory tagging and avoid likely holes in LFI
  • Sandboxed Google Play compatibility layer: add stubs for BluetoothLeBroadcast methods
  • Vanadium: update to version 149.0.7827.159.0

All of the Android 17 security patches from the current July 2026, August 2026, September 2026, October 2026, November 2026 and December 2026 Android Security Bulletins are included in the 2026061801 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2026-28591, CVE-2026-28604, CVE-2026-28639, CVE-2026-28662, CVE-2026-28666, CVE-2026-45515, CVE-2026-45531
  • High: CVE-2025-22442, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-28582, CVE-2026-28584, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28622, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28630, CVE-2026-28631, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28638, CVE-2026-28643, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28664, CVE-2026-28665, CVE-2026-28667, CVE-2026-28668, CVE-2026-28671, CVE-2026-45513, CVE-2026-45514, CVE-2026-45516, CVE-2026-45517, CVE-2026-45518, CVE-2026-45519, CVE-2026-45520, CVE-2026-45521, CVE-2026-45523, CVE-2026-45524, CVE-2026-45525, CVE-2026-45527, CVE-2026-45528, CVE-2026-45529, CVE-2026-49880
  • Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.