The developers of the project GrapheneOS, which develops secure free firmware based on Android, announced their readiness port based on the Android 17 platform released yesterday. The port is currently being transferred to a public repository with source code (GrapheneOS developers received access to the Android code and patches before release to the public, thanks to a partnership with one of the OEM suppliers).
Today they plan to release the final release of GrapheneOS based on Android 16 QPR2, after which tomorrow they will offer an initial version based on Android 17. In the GrapheneOS version based on Android 17 provides support for all devices for which assemblies based on the Android 16 branch were generated, but so far the assemblies have only been tested on Pixel 6a, 7, 7a, 8, 10a, 10 and 10 Pro Fold smartphones.
GrapheneOS is developing a fork from the AOSP (Android Open Source) codebase Project), which includes many experimental technologies related to strengthening application isolation, access control, blocking the manifestation of vulnerabilities and complicating the work of exploits. Among other things, the platform uses its own implementation of malloc, a modified version of libc with protection against memory corruption, and a more rigid division of the process address space. The Linux kernel includes additional protection mechanisms, such as canary tags in slub to block buffer overflows. SELinux and seccomp-bpf are used to enhance application isolation. The user can selectively restrict application access to network operations, sensors, address book and peripheral devices (USB, camera).