The GrapheneOS team has announced noteworthy advancements in its efforts to support the new Pixel 10 series, although users are still facing delays. In a recent update on a developer forum, the security-oriented project acknowledged it has made “significant progress” in implementing support for the device. However, the anticipated production-ready release remains contingent on Google’s delayed rollout of the Android 16 QPR1 source code.
The development team has been utilizing an older, pre-release build of the operating system to facilitate progress. Nonetheless, they emphasized that “we need Android 16 QPR1 to be pushed to AOSP before we can do it properly.” The team expressed confidence that once the official source code is available, the finalization of support “won’t take long,” but that timeline is uncertain as it hinges on Google’s response.
Challenges in Development and Google’s Security Update Shift
The situation reflects a series of challenges that began in August 2023. After successfully obtaining the Pixel 10 and confirming it met their essential security requirement of relocking the bootloader with a custom key, the GrapheneOS team’s plans for a swift release were abruptly interrupted. They encountered an unexpected hurdle: unlike in previous years, Google had not released a specific device branch for the Pixel 10 to the Android Open Source Project (AOSP). This oversight has left the entire project dependent on the next major quarterly update from Google.
Compounding these obstacles, GrapheneOS has been vocal in its criticism of Google’s recent modifications to its security update process. In early September 2023, the team condemned the shift to a quarterly security patch cycle for original equipment manufacturers (OEMs), which also introduced a new four-month early access period for those patches. GrapheneOS described the extended embargo as “atrocious” and “extraordinarily irresponsible,” arguing that it creates a significant window for sophisticated attackers. The concern lies in the possibility that these attackers could exploit vulnerabilities before the public receives critical fixes, as information about patches often leaks from the extensive network of OEM partners.
What’s Next for GrapheneOS Users?
Currently, users of GrapheneOS are left in a state of anticipation regarding the Pixel 10. While the foundational development work is progressing, the final release remains entirely dependent on Google’s actions. This episode not only underscores the challenges faced by GrapheneOS but also highlights the organization’s long-term strategy. The team is actively working with another “major OEM” to offer officially supported, non-Pixel devices in the future, aiming to reduce reliance on Google’s hardware.
As the situation unfolds, the GrapheneOS community remains hopeful that the necessary code will be released soon, allowing for the completion of support for the Pixel 10 and enhancing the security landscape for users. Until then, the team continues to advocate for improved practices within the industry, prioritizing user security above all.
