The AndroidHardening project team announced yesterday that they’ve changed the Project name to GrapheneOS.
Daniel Micay, a security researcher, shared the details about GrapheneOS on Twitter yesterday. Micay states that the name-change has been done to reflect significant progress of the AndroidHardening Project and how it is becoming a broader and more sustainable project as more developers will be joining the project soon.
GrapheneOS is a security and privacy-focused mobile operating system which will now be focused more on developing privacy and security improvements for the Android Open Source Project. In addition to that, it will also include more standalone sub-projects with hardened malloc implementation that can be easily ported to other operating systems, states Micay.
Examples of standalone sub-projects within GrapheneOS include the Auditor app and attestation service. Auditor is currently released for only a few selected Android Devices.
It is capable of performing local verification with another Android device using a QR code or via a scheduled server-based verification. These standalone projects will be MIT licensed, similar to hardened malloc implementation. Attestation work will also be made MIT licensed soon. Moreover, changes to the other existing projects will make use of upstream licenses (eg; Apache 2).
Micay states that although GrapheneOS is currently being supported by some companies, there would still be a strong focus on maintaining distance from other corporations, governments, etc.
“Lots of care will be taken to avoid dependence / coercion. There’s already much more diverse sources of support and collaboration”, states Micay.
After the project has successfully expanded, support for more devices will be added with the help of Treble. Support for QubesOS as a first-class target will also be added in the future and is currently under work.