Name: GrapheneOS
Type: Organization
Bio: Security and privacy focused mobile OS with Android app compatibility. We focus on developing substantial privacy and security improvements.
Twitter: GrapheneOS
Location: Toronto, Ontario, Canada
Blog: https://grapheneos.org/
GrapheneOS's Projects
Automatic background updater for modern Android. See https://github.com/GrapheneOS/script/blob/13/generate_metadata.py for the server metadata generation tool.
Base SELinux policy (extended by per-device repositories)
OS update and app repository servers
Scripting for generating signed production releases of AOSP and metadata for the Updater app along with partially automated maintenance of out-of-tree patch sets.
Fork of sqlite4java with updated SQLite, modernized / hardened SQLite configuration and basic compiler hardening.
Utilities for setting up TLS key pinning for Android app network security configuration. We pin the keys of trusted roots and backup keys in order to avoid needing to rotate the pinned keys. Backup keys are never intended to be used unless the roots stop being available and then only need to be used until the pins expire or get updated.
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.
GrapheneOS adevtool state for all supported devices.