A new update for the secure mobile platform GrapheneOS, version 2024053100, will introduce a feature allowing users to emergency block data on their device. Users will have the option to set an additional password and PIN code, which when entered, will erase all keys in hardware storage, including those used to encrypt data on the drive, purify ESIM, and reboot the device. This feature is designed to help users protect their data in situations where their device may be at risk of falling into the wrong hands or if they are being pressured to unlock the screen.
GrapheneOS is a project that builds on the Android Open Source Project (AOSP) to enhance security and privacy. Most Google Pixel devices, including Pixel 4/5/7/8, Pixel Fold, and Pixel Tablet, are officially supported by GrapheneOS. The project’s code is distributed under the MIT license and includes various experimental technologies aimed at improving app isolation, access control, vulnerability mitigation, and making exploit development more challenging.
One example of the project’s security enhancements is the use of its own implementation of malloc and a modified version of libc with memory protection features, as well as stricter address space separation for processes. Instead of Just-In-Time (JIT) compilation, only Ahead-Of-Time (AOT) compilation is used in the Android Runtime. The Linux kernel includes additional protection mechanisms such as SLUB canary markers, Selinux, and secComp-bpf.
GrapheneOS allows for selective access control for individual applications to network operations, sensors, address book, and peripheral devices like USB and the camera. Hardware identifiers such as IMEI, MAC address, and SIM card serial numbers are not accessible by default. Data reading from the clipboard is limited to the currently focused application. Additional measures are implemented to isolate Wi-Fi and Bluetooth processes to prevent information leaks through wireless activity. Many of the security strengthening mechanisms developed by the project have been integrated to enhance overall security.