GrapheneOS
grapheneos.orgGrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.
- Homepage: grapheneos.org
- GitHub: github.com/GrapheneOS/hardened_malloc
- Web info: web-check.xyz/check/grapheneos.org
GrapheneOS Source Code
Author
Description
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability/integration over time.
Homepage
https://grapheneos.org/License
MIT
Created
23 Aug 18
Last Updated
12 Jul 26
Latest version
Primary Language
C
Size
1,210 KB
Stars
1,916
Forks
152
Watchers
1,916
Language Usage
Star History
Top Contributors
-
@thestinger (661)
-
@jvoisin (36)
-
@muhomorr (32)
-
@rdevshp (19)
-
@rwarr627 (11)
-
@thomasbuilds (9)
-
@cgzones (8)
-
@gabrysh (7)
-
@randomhydrosol (4)
-
@dependabot[bot] (4)
-
@bravesasha (2)
-
@inthewaves (2)
-
@tsautereau-anssi (2)
-
@Lelmister101 (2)
-
@Ganwtrs (2)
-
@arlolra (1)
-
@randomalphanumerics (1)
-
@thithib (1)
-
@vchuravy (1)
-
@maade93791 (1)
-
@underscorejoser (1)
Recent Commits
-
rdevshp (10 Jul 26)
Update README.md to properly use CONFIG_N_ARENA for make invocations
-
rdevshp (06 Jul 26)
Fix handling of pvalloc(0)
-
rdevshp (07 Jul 26)
Update test/.gitignore to include additional test binaries
-
rdevshp (05 Jul 26)
Fix C++ exception throwing behavior for the new operator when the new handler throws an exception with a type derived from std::bad_alloc
-
Daniel Micay (01 Jul 26)
replace aligned attribute with alignas
-
rdevshp (27 Jun 26)
github CI: add arm64 tests
-
rdevshp (26 Jun 26)
fix typos and grammar errors in memtag_test.cc/README.md
-
rdevshp (26 Jun 26)
Fix stale mallinfo link in README.md
-
rdevshp (26 Jun 26)
Use __clang__ preprocessor macro to determine the compiler specified by CC Fixes a bug in Makefile where CC=/usr/bin/clang make does not work because it does not start with clang
-
Daniel Micay (21 Jun 26)
clang-tidy: disable bugprone-casting-through-void lint This lint triggers for a void cast used to silence a cast-align warning for write_after_free_check. We aren't violating strict aliasing because the memory was always zeroed with memset prior to reading it as u64 and we don't write to another way.
-
Daniel Micay (21 Jun 26)
clang-tidy: disable useless readability lints The implicit bool conversion lint only works properly for C++ and isn't the code style we want. The math missing parentheses lint expects to use parentheses for basic math operations such as `a - b * c` which isn't the code style we want.
-
Daniel Micay (21 Jun 26)
use #ifdef for non-compound checks
-
Daniel Micay (21 Jun 26)
clang-tidy: filter third_party/ header warnings
-
Daniel Micay (21 Jun 26)
clang-tidy: disable MissingIncludes This requires duplicating an include from component.h in component.c which isn't a style we want to use.
-
dependabot[bot] (18 Jun 26)
build(deps): bump actions/checkout from 6 to 7 Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
-
Daniel Micay (17 Jun 26)
Android 17 is the now the supported Android branch
-
Dmitry Muhomor (16 Jun 26)
implement h_reallocarray
-
inthewaves (08 Jun 26)
add native_bridge_supported for Cuttlefish build This seems to be required for Cuttlefish to build even for x86_64. Both scudo and jemalloc_new have this line in Android.bp as well. Note that AOSP doesn't have an arm64 to x86_64 translator. frameworks/libs/binary_translation/ currently only has a riscv64_to_x86_64 translator, so Cuttlefish currently has ro.dalvik.vm.native.bridge=0 hardened_malloc appears to otherwise be used for x86_64 apps in Cuttlefish x86_64. Test: lunch aosp_cf_x86_64_only_phone-cur-userdebug with bionic build fix boots Test: hardened_malloc was able to detect double free when running a test app that does a double free via JNI
-
Gabriele Rizzo (30 May 26)
test: add coverage for calloc() calloc() had no test coverage at all. Add two tests: one verifying the multiplication overflow guard returns NULL with errno set to ENOMEM (the classic calloc integer-overflow attack surface), and one verifying the returned allocation is zeroed as required by the C standard. Both tests pass against the default configuration.
-
Gabriele Rizzo (31 May 26)
memory: use bool for memory_purge return value Every other wrapper in this file (memory_map_fixed_prot, memory_unmap, memory_protect_prot, memory_remap, memory_remap_fixed) stores the syscall result in a bool. memory_purge was the only one using an int, relying on an implicit int->bool conversion at the return statement. Use bool for consistency; behavior is unchanged.
-
Gabriele Rizzo (30 May 26)
test: add positive coverage for free_sized() The C23 free_sized() function only had indirect coverage via the C++ sized-delete operators and a single zero-size free_aligned_sized() case. Add straightforward small and large success-path tests for free_sized() itself, mirroring the existing small/large test split. Both tests pass against the default configuration.
-
Gabriele Rizzo (30 May 26)
README: fix grammar in malloc_object_size API description "doesn't change break API compatibility" contained a leftover word from an edit; the intended phrasing is "doesn't break API compatibility".
-
Thomas (29 May 26)
androidtest/memtag: fix uninitialized read of tag_usage tag_usage was declared without an initializer and then accumulated with ++tag_usage[tag], reading indeterminate stack memory
-
Gabriele Rizzo (28 May 26)
README: fix grammar typos Three small grammar fixes: - 'can substantially improves' -> 'can substantially improve' - 'acceptable to enabled them' -> 'acceptable to enable them' - 'keeps tracks allocator statistics' -> 'keeps track of allocator statistics'
-
Gabriele Rizzo (28 May 26)
h_malloc: fix grammar in tag_and_clear_slab_slot comment 'allows to handle' is not valid English. Replace with 'allows handling'.
-
Gabriele Rizzo (28 May 26)
test/malloc_noreuse: replace mixed tab indentation with spaces The for loop body used mixed tabs and spaces, inconsistent with the rest of the file (4-space indent in the outer scope) and with all other test files in test/.
-
rdevshp (21 May 26)
target C23
-
rdevshp (21 May 26)
update CI GCC versions
-
rdevshp (10 May 26)
increase minimum class region size to avoid OOB access under minimum class region size config
-
Thomas (06 May 26)
fix typo in get_large_size_class size class comment
GrapheneOS Security
GrapheneOS Website
Website
GrapheneOS: the private and secure mobile OS
GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.
Redirects
Does not redirect
Security Checks
1 security checks failed (64 passed)
- Risky Geographical Location
Server Details
- IP Address 172.96.172.37
- Hostname mia.grapheneos.org
- Location Miami, Florida, United States of America, NA
- ISP Reliablesite.net LLC
- ASN AS23470
Associated Countries
-
US -
RO
Safety Score
Website marked as moderately safe
90%
Blacklist Check
grapheneos.org was found on 0 blacklists
- AntiSocial Blacklist
- Artists Against 419
- Badbitcoin
- Bambenek Consulting
- CERT Polska
- CoinBlockerLists
- CRDF
- CryptoScamDB
- EtherAddressLookup
- EtherScamDB
- Fake Website Buster
- MetaMask EthPhishing
- NABP Not Recommended Sites
- OpenPhish
- PetScams
- PhishFeed
- PhishFort
- Phishing.Database
- PhishStats
- PhishTank
- Phishunt
- RPiList Not Serious
- Scam.Directory
- SecureReload Phishing List
- Spam404
- StopGunScams
- Suspicious Hosting IP
- ThreatFox
- ThreatLog
- TweetFeed
- URLhaus
- ViriBack C2 Tracker
Website Preview
GrapheneOS Reviews
More Mobile Operating Systems
-
A free and open-source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with Privacy Guard.
About the Data: GrapheneOS
Change History
- Amended (description) #387
API
You can access GrapheneOS's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/grapheneos The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share GrapheneOS
Help your friends compare Mobile Operating Systems, and pick
privacy-respecting software and services.
Share GrapheneOS and Awesome Privacy with your network!