GrapheneOS
grapheneos.orgGrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.
- Homepage: grapheneos.org
- GitHub: github.com/GrapheneOS/hardened_malloc
- Web info: web-check.xyz/results/grapheneos.org
GrapheneOS Source Code
Author
Description
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
Homepage
https://grapheneos.org/License
MIT
Created
23 Aug 18
Last Updated
12 Sept 24
Latest version
Primary Language
C
Size
1,077 KB
Stars
1,251
Forks
94
Watchers
1,251
Language Usage
Star History
Top Contributors
- @thestinger (627)
- @muhomorr (31)
- @jvoisin (27)
- @rwarr627 (11)
- @cgzones (5)
- @randomhydrosol (4)
- @Lelmister101 (2)
- @tsautereau-anssi (2)
- @dependabot[bot] (2)
- @arlolra (1)
- @thithib (1)
- @vchuravy (1)
- @maade93791 (1)
Recent Commits
- maade93791 (09 Sept 24)
android: use more basic CPU target for memtag This is required for hardened_malloc to work in microdroid on MTE-enabled devices (currently, 8th and 9th generation Pixels) since PVMFW only supports ARMv8 cores. https://android.googlesource.com/platform/packages/modules/Virtualization/+/refs/tags/android-15.0.0_r1/pvmfw/platform.dts#100
- Daniel Micay (05 Aug 24)
update libdivide to 5.1
- Daniel Micay (15 Feb 24)
update copyright notice
- Dmitry Muhomor (23 Jan 24)
mte: use tag 0 for freed slots, stop reserving tag 15
- Dmitry Muhomor (23 Jan 24)
amend memory tagging README section Memory tagging is enabled by default in bionic, but can be disabled at any point. Memory tagging can't be re-enabled after it's disabled.
- Dmitry Muhomor (23 Jan 24)
memtag_test: add test for MADV_DONTNEED behavior
- Dmitry Muhomor (23 Jan 24)
mte: remove util.h dependency from arm_mte.h It's needed for including arm_mte.h into memtag_test.cc
- Dmitry Muhomor (23 Jan 24)
memtag_test: move SEGV code checks to device-side binary
- Daniel Micay (03 Jan 24)
remove trailing whitespace
- Julien Voisin (03 Jan 24)
Improve a bit the formulation of the MTE documentation
- Daniel Micay (03 Jan 24)
update memory tagging documentation
- Dmitry Muhomor (31 Dec 23)
android: restore the default SIGABRT handler in fatal_error() async_safe_fatal() calls abort() at the end, which can be intercepted by a custom SIGABRT handler. In particular, crashlytics installs such a handler and tries to fork() after catching SIGABRT. hardened_malloc uses pthread_atfork() to register fork handlers. These handlers try to lock internal hardened_malloc mutexes. If at least one of those mutexes is already locked, which is usually the case, thread that called fatai_error() gets deadlocked, while the other threads (if there are any) continue to run.
- Christian Göttsche (14 Dec 23)
README: add note about AppArmor constraint on Debian
- jvoisin (16 Nov 23)
Clarify a bit why a particular magic number was chosen
- Daniel Micay (14 Nov 23)
Revert "use safe_flag for -fstack-clash-protection" This reverts commit 4171bd164e2ec4cf2546daa2b0f6f95af0d782df.
- Daniel Micay (08 Nov 23)
use safe_flag for -fstack-clash-protection
- jvoisin (05 Nov 23)
Run the testsuite on multiple compiler versions
- Dmitry Muhomor (01 Nov 23)
memtag_test: fix sporadic failures of overflow/underflow tests
- Daniel Micay (30 Oct 23)
update README now that MTE is implemented
- Dmitry Muhomor (30 Oct 23)
mte: add scudo to CREDITS file
- Dmitry Muhomor (30 Oct 23)
mte: add untag_pointer() variant for const pointers
- Dmitry Muhomor (30 Oct 23)
mte: update comment about skipped tag array update in deallocate_small()
- Dmitry Muhomor (30 Oct 23)
remove an always-true sizeof(u8) assert
- Dmitry Muhomor (30 Oct 23)
mte: refactor tag_and_clear_slab_slot() Explicitly call is_memtag_enabled() before calling tag_and_clear_slab_slot() to make it clearer that memory is not zeroed when MTE is disabled.
- Dmitry Muhomor (30 Oct 23)
mte: note why 0 tag is excluded
- Dmitry Muhomor (30 Oct 23)
mte: note alignment requirements of arm_mte_tag_and_clear_mem()
- Dmitry Muhomor (30 Oct 23)
mte: rename arm_mte_store_tags_and_clear() to arm_mte_tag_and_clear_mem()
- Dmitry Muhomor (29 Oct 23)
mte: add comment about the reserved slab canary value
- Dmitry Muhomor (29 Oct 23)
memtag_test: improve capturing of test results Using debuggerd + logcat parsing is unreliable and slow, print SEGV signal code to stderr instead.
- Dmitry Muhomor (29 Oct 23)
memtag_test: improve tag_distinctness test - check that tag distinctess checks are actually reached (it was previously verified manually by looking at the now-removed printf output) - check that only non-reserved tags are used - check that all of non-reserved tags are used - print tag usage statistics at the end of run
GrapheneOS Website
Website
GrapheneOS: the private and secure mobile OS
GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.
Redirects
Does not redirect
Security Checks
All 66 security checks passed
Server Details
- IP Address 51.222.156.101
- Hostname 0.grapheneos.org
- Location Montreal, Quebec, Canada, NA
- ISP OVH Hosting Inc.
- ASN AS16276
Associated Countries
- CA
- US
Saftey Score
Website marked as safe
100%
Blacklist Check
grapheneos.org was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
GrapheneOS Reviews
More Mobile Operating Systems
-
CalyxOS is an free and open source Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal. Also currently only supports Pixel devices and Xiaomi Mi A2 with Fairphone 4, OnePlus 8T, OnePlus 9 test builds available. Developed by the Calyx Foundation.
-
DivestOS is a vastly diverged unofficial more secure and private soft fork of LineageOS. DivestOS primary goal is prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.
-
A free and open-source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with Privacy Guard.
About the Data: GrapheneOS
API
You can access GrapheneOS's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/operating-systems/mobile-operating-systems/grapheneos
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share GrapheneOS
Help your friends compare Mobile Operating Systems, and pick privacy-respecting software and services.
Share GrapheneOS and Awesome Privacy with your network!