GrapheneOS

grapheneos.org
GrapheneOS Icon

GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.

Open Source

GrapheneOS Source Code

Author

GrapheneOS

Description

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

#grapheneos#hardening#malloc#malloc-library#memory#memory-allocation#memory-allocator#quarantine#security#slab-allocator

Homepage

https://grapheneos.org/

License

MIT

Created

23 Aug 18

Last Updated

17 May 24

Latest version

TQ3A.230605.012.2023061402

Primary Language

C

Size

1,050 KB

Stars

1,174

Forks

90

Watchers

1,174

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Daniel Micay (15 Feb 24)

    update copyright notice

  • Dmitry Muhomor (23 Jan 24)

    mte: use tag 0 for freed slots, stop reserving tag 15

  • Dmitry Muhomor (23 Jan 24)

    amend memory tagging README section Memory tagging is enabled by default in bionic, but can be disabled at any point. Memory tagging can't be re-enabled after it's disabled.

  • Dmitry Muhomor (23 Jan 24)

    memtag_test: add test for MADV_DONTNEED behavior

  • Dmitry Muhomor (23 Jan 24)

    mte: remove util.h dependency from arm_mte.h It's needed for including arm_mte.h into memtag_test.cc

  • Dmitry Muhomor (23 Jan 24)

    memtag_test: move SEGV code checks to device-side binary

  • Daniel Micay (03 Jan 24)

    remove trailing whitespace

  • Julien Voisin (03 Jan 24)

    Improve a bit the formulation of the MTE documentation

  • Daniel Micay (03 Jan 24)

    update memory tagging documentation

  • Dmitry Muhomor (31 Dec 23)

    android: restore the default SIGABRT handler in fatal_error() async_safe_fatal() calls abort() at the end, which can be intercepted by a custom SIGABRT handler. In particular, crashlytics installs such a handler and tries to fork() after catching SIGABRT. hardened_malloc uses pthread_atfork() to register fork handlers. These handlers try to lock internal hardened_malloc mutexes. If at least one of those mutexes is already locked, which is usually the case, thread that called fatai_error() gets deadlocked, while the other threads (if there are any) continue to run.

  • Christian Göttsche (14 Dec 23)

    README: add note about AppArmor constraint on Debian

  • jvoisin (16 Nov 23)

    Clarify a bit why a particular magic number was chosen

  • Daniel Micay (14 Nov 23)

    Revert "use safe_flag for -fstack-clash-protection" This reverts commit 4171bd164e2ec4cf2546daa2b0f6f95af0d782df.

  • Daniel Micay (08 Nov 23)

    use safe_flag for -fstack-clash-protection

  • jvoisin (05 Nov 23)

    Run the testsuite on multiple compiler versions

  • Dmitry Muhomor (01 Nov 23)

    memtag_test: fix sporadic failures of overflow/underflow tests

  • Daniel Micay (30 Oct 23)

    update README now that MTE is implemented

  • Dmitry Muhomor (30 Oct 23)

    mte: add scudo to CREDITS file

  • Dmitry Muhomor (30 Oct 23)

    mte: add untag_pointer() variant for const pointers

  • Dmitry Muhomor (30 Oct 23)

    mte: update comment about skipped tag array update in deallocate_small()

  • Dmitry Muhomor (30 Oct 23)

    remove an always-true sizeof(u8) assert

  • Dmitry Muhomor (30 Oct 23)

    mte: refactor tag_and_clear_slab_slot() Explicitly call is_memtag_enabled() before calling tag_and_clear_slab_slot() to make it clearer that memory is not zeroed when MTE is disabled.

  • Dmitry Muhomor (30 Oct 23)

    mte: note why 0 tag is excluded

  • Dmitry Muhomor (30 Oct 23)

    mte: note alignment requirements of arm_mte_tag_and_clear_mem()

  • Dmitry Muhomor (30 Oct 23)

    mte: rename arm_mte_store_tags_and_clear() to arm_mte_tag_and_clear_mem()

  • Dmitry Muhomor (29 Oct 23)

    mte: add comment about the reserved slab canary value

  • Dmitry Muhomor (29 Oct 23)

    memtag_test: improve capturing of test results Using debuggerd + logcat parsing is unreliable and slow, print SEGV signal code to stderr instead.

  • Dmitry Muhomor (29 Oct 23)

    memtag_test: improve tag_distinctness test - check that tag distinctess checks are actually reached (it was previously verified manually by looking at the now-removed printf output) - check that only non-reserved tags are used - check that all of non-reserved tags are used - print tag usage statistics at the end of run

  • Dmitry Muhomor (29 Oct 23)

    memtag_test: remove usages of rand() It didn't work correctly due to not being seeded and its usage wasn't necessary.

  • Dmitry Muhomor (29 Oct 23)

    mte: add licensing info for code that was copied from scudo

GrapheneOS Website

Website

GrapheneOS: the private and secure mobile OS

GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 51.222.156.101
  • Hostname 0.grapheneos.org
  • Location Montreal, Quebec, Canada, NA
  • ISP OVH Hosting Inc.
  • ASN AS16276

Associated Countries

  • CA
  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

grapheneos.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

GrapheneOS Reviews

More Mobile Operating Systems

  • CalyxOS is an free and open source Android mobile operating system that puts privacy and security into the hands of everyday users. Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal. Also currently only supports Pixel devices and Xiaomi Mi A2 with Fairphone 4, OnePlus 8T, OnePlus 9 test builds available. Developed by the Calyx Foundation.

  • DivestOS is a vastly diverged unofficial more secure and private soft fork of LineageOS. DivestOS primary goal is prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.

  • A free and open-source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with Privacy Guard.

About the Data: GrapheneOS

API

You can access GrapheneOS's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/operating-systems/mobile-operating-systems/grapheneos

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share GrapheneOS

Help your friends compare Mobile Operating Systems, and pick privacy-respecting software and services.
Share GrapheneOS and Awesome Privacy with your network!

View Mobile Operating Systems (4)