Project News

Occasional updates about DivestOS.

Upcoming News

XXX Update

System Updates

  • 14.1 rebuilds were published on May 27th.
  • More (Google Pixel specific) proprietary blobs have been removed.
  • ZRAM enabled devices now use 75% of RAM on 1GB devices and 50% of RAM on all other devices.
  • Private DNS options are now available on 19.1
  • Location indicator spam on 19.1 has been fixed.

Workspace Updates

    Device Updates

      Roster Updates

        App Updates

        • Updated Mulch (WebView) to Chromium 102.0.5005.59-1, has 32 security fixes.
        • Updated Mull to 100.1.3, 100.3.0, 101.1.0, and 101.1.1, has 0, 2, ?, and 0 security fixes respectively.

        Website Updates

          Other Updates

            19.1 Bringup Status

            Support for 19.1 has been added, builds for many devices are already available available.

            • [parity] The Private DNS preset servers are not available yet.
            • [parity] The captive portal toggle in Settings is not available yet.
            • [improvement] Many legacy hacks have been dropped.
            • [improvement] Full bionic hardening patchset from GrapheneOS has been enabled.
            • [quirk] The Settings app has some missing video animations.
            • [issue] Network restrictions on other profiles are semi-broken, pending upstream patchset.
            • Only devices with kernel 4.4 or higher will be supported due to increased requirements.
            • In-place upgrade from 11 to 12 while locked has been tested working.
            • Please report any issues you find.
            • While they are so new, use them at your own risk, and make a backup before upgrading!
            • Private DNS must be reset and Sensors Off toggle disabled before upgrading.

            Past News

            May 11th 2022 Update

            System Updates

            • This release has confirmed reports of certain apps losing special permissions like all file access or screen overlay. Cause unknown. Likely upstream bug.
            • 19.1 release candidate #1 May ASB builds were published on May 11th.
            • 14.1 and 18.1 release candidate #1 May ASB builds were published on May 9th.
            • 16.0 and 17.1 release candidate #1 May ASB builds were published on May 8th.
            • 14.1, 15.1, and 16.0 rebuilds were published on May 7th.
            • 19.1 now includes the Camera app from GrapheneOS. This is a much more user friendly and faster camera compared to OpenCamera.
            • The default launcher layouts have been fixed.
            • Some more proprietary blobs have been removed.
            • Many unnecessary kernel debug options were disabled which should slightly increase performance and reduce memory usage.
            • An issue with non-executable DRM leftovers was fixed that caused Chromium-based browsers like Brave to freeze/crash.
            • 19.1 rebuilds were published on April 26th.
            • 18.1 and 19.1 now features an option to disable /etc/hosts blocking. Useful for when a site is falsely blocked.
            • On 17.1 and up, a warning is now shown when running 32-bit apps on a 64-bit device.
            • Supported kernels using an internal wireless regulations database are now updated to latest database.
            • Silence has been dropped in favor of the AOSP Messaging app.

            Device Updates

            • bonito and sargo, now likely end-of-life, have firmware included.

            App Updates

            • Updated Mulch (WebView) to Chromium 101.0.4951.61-1, has 13 security fixes.
            • Updated Mull to 100.1.0, has 20 security fixes and now enables HTTPS only mode by default. This release was delayed due to a change upstream and fixed by Relan, give them a big thanks!
            • Updated Mulch (WebView) to Chromium 100.0.4896.127-1 and 101.0.4951.41-1, has 2 and 30 security fixes respectively.

            Website Updates

            • Patch levels page now makes it more evident how insecure devices are.
            • Device blob counts were removed due to maintenance overhead.
            • Device status lines are now more specific.

            Other Updates

            • The /r/DivestOS subreddit is now the official DivestOS subreddit for those who prefer the non-free Reddit.

            Pending Removal of Silence

            What is happening

            DivestOS has included Silence as the SMS app since the very beginning. However this app has been completely unmaintained for well over two years now. It has many annoying bugs and likely has unfound security issues. DivestOS plans to remove Silence and replace it back with the LineageOS fork of the AOSP SMS app.

            What steps you need to take

            In order to prevent loss of your message history, or to keep the app if you want to continue using it please follow these steps.

            • Open Silence and export an encrypted backup, this will ensure you can recover if the app fails to persist.
            • Download the current version of Silence from one of these mirrors: F-Droid, Divested, GitLab, Cloudflare
            • Install it.
            • After the system update you should still have Silence available.
            • If after the system update Silence is missing, install it again, and restore your backup.

            April 14th 2022 UpdateVery variant

            Roster Updates

            • Fourteen new 18.1 variants: d800, d801, d850, d851, f400, h830, h918, jflteatt, jfltespr, jfltevzw, ls990, ls997, vs985, vs995
            • Two new 15.1 variants: deb, flounder_lte
            • Nine new 14.1 variants: d2att, d2spr, d2tmo, d2vzw, h811, hero2lte, himawl, n5100, n5120

            April 13th 2022 UpdateMay I have another RAM please?

            System Updates

            • 14.1, 15.1, 16.0, 17.1, and partial 18.1 rebuilds were published on April 13th.
            • The FDroidPrivExt has been dropped due to breakage caused by the per-app sensors permission patchset.
            • The exec spawning feature has been default disabled due to usability issues, especially on devices with <=4GB of RAM.
            • In order to improve usabilty, the following additional devices now have low RAM tweaks applied: clark, crackling, flox, fp2, fugu, harpia, jfltexx, klte, m8, mako, merlin, osprey, serrano3gxx, serranoltexx, surnia, victara
            • 16.0/17.1/18.1 have switched to the more robust GrapheneOS implementation of per-app sensors permission.

            App Updates

            • Updated Mulch (WebView) to Chromium 100.0.4896.88-1, has 11 security fixes.
            • Hypatia received a translation into Finnish thanks to @huuhaa!

            April 10th 2022 Update

            System Updates

            • 16.0 release candidate #1 April ASB builds were published on April 9th.
            • Rebuilds for beryllium, lavender, lmi, and vayu along with enchdilada and fajita were published on April 9th with AVB permissive again after boot issues. If your device was affected you should be able to update to new build via adb sideload without issue.
            • 14.1 release candidate #1 April ASB builds were published on April 8th.
            • UnifiedNlp and backends are no longer included due to potential privacy concerns.
            • 18.1 release candidate #1 April ASB builds were published on April 8th.
            • 17.1 release candidate #1 April ASB builds were published on April 7th.
            • During bringup of 19.1 it was discovered that all AVB devices had AVB set permissive. This has been corrected and new builds will be released soon. Please make a backup and ensure OEM unlocking toggle is allowed/enabled before updating. The offending code was added 11 months ago to actually enable AVB after LineageOS had disabled it, however it was incorrect. If you have knowledge of Android systems and the free time please kindly take a stroll through our source code for any further issues, I cannot do this all on my own.
            • There have been many new kernel CVE patches as usual.
            • The kernel CVE patcher now supports pulling patches from the CIP 4.4 branch. While 4.4 was EOL in 2022-02, CIP 4.4 has support until 2027-01.

            App Updates

            • GMapsWV had a bugfix release to fix cases where cookies were not cleared.
            • Updated Mulch (WebView) to Chromium 100.0.4896.79-1, has 1 security fix.
            • Hypatia now supports custom server endpoints.

            Website Updates

            • A new table is now available that shows historical patch level dates for a handful of Android projects.
            • The full browser table has been split up.

            April 3rd 2022 Update Update

            System Updates

            • 18.1 rebuilds were published on April 3rd.
            • Kernel defconfig hardening function has been adjusted to ensure init_on_alloc/free is used over page_poision when available.
            • 14.1, 15.1, 16.0, and 17.1 rebuilds were published on April 2nd.
            • 15.1 rebuilds were published on April 1st and were discovered to not boot due to the WebView overlay change added on March 14th. Less than 5 users were likely impacted. Sideload the latest build to fix.
            • APN and Visual VoiceMail configs have been synced from LineageOS 19.1.
            • There have been many new kernel CVE patches as usual.
            • Clang's -ftrivial-auto-var-init=zero is now enabled on 22 supported kernels and additionally on all of 17.1 userspace just like Android 11+ thanks to a patchset from GrapheneOS.
            • 17.1 and 18.1 now include an option to always randomize Wi-Fi MAC addresses by default thanks to GrapheneOS. Be sure to enable it on any applicable existing saved networks.
            • 17.1 and 18.1 now sports a toggle to disable and enable the exec spawning feature thanks to GrapheneOS. You might consider using it if you don't want the app launch delay or increased memory usage.
            • 16.0 and higher now feature the powerful exec spawning patchset from GrapheneOS.

            App Updates

            • Updated Mulch (WebView) to Chromium 99.0.4844.88-1 and 100.0.4896.58-1, has 1 and 28 security fixes respectively.
            • Updated Mull to 98.3.0.

            Website Updates

            • The Chromium versions table now has past release dates for select variants.

            March 22nd 2022 UpdateRuff ruff!

            System Updates

            • This was a bumpy release due to boot failures on select devices despite extensive testing, however the result is very much worth it.
            • 17.1 and 18.1 rebuilds were published on March 21st.
            • 16.0 release candidate #3 March ASB builds were published on March 19th.
            • There have been many new kernel CVE patches as usual, with CVE-2022-23960 patches applied to 6 trees.
            • 16.0 and higher now includes many additional hardening patches from GrapheneOS.
            • 18.1 now uses the GrapheneOS hardened memory allocator on 64-bit devices just like 16.0 and 17.1.
            • 18.1 now provides an option to block secondary users from installing apps thanks to a patch from GrapheneOS.
            • 17.1 and 18.1 now allows prohibiting native debugging via ptrace_scope thanks to patches from GrapheneOS.
            • 17.1 and 18.1 now features timeouts to automatically reboot, disable Bluetooth, and disable Wi-Fi thanks to patches from GrapheneOS and CalyxOS.
            • Ability to optionally use the Bromite WebView instead of Mulch via the override in Developer Settings thanks to @MSe1969.

            App Updates

            • Updated Mulch (WebView) to Chromium 99.0.4844.73-1, has 11 security fixes.
            • Hypatia received a translation into Afrikaans thanks to Oswald van Ginkel!

            March 14th 2022 Update

            System Updates

            • 18.1 release candidate #1 March ASB builds were published on March 13th and 14th.
            • 14.1, 15.1, and 16.0 rebuilds were published on March 12th.
            • 17.1 release candidate #1 March ASB builds were published on March 11th.
            • 14.1 release candidate #1 March ASB builds were published on March 10th.
            • Kernel CVE patch database had long overdue maintenance:
              • Nearly all patches were reimported after adding local import support to the checker.
              • Many missing patches were added due to the reimport.
              • Many AOSP diffs were replaced with patches thanks to local import support.
              • All inclusive patch versions were automatically corrected after adding support to the checker.
              • All links were verified, fixing a hundred or so broken ones along the way.
              • No regressions in generated patchers, only a few additions here or there.
            • 15.1, 16.0, and 17.1 rebuilds were published on March 8th.
            • 14.1 rebuilds were published on March 7th.
            • There have been many new kernel CVE patches as usual, with CVE-2022-0847 and CVE-2022-25375 patches applied to 15 and 24 trees respectively.
            • FIFO and regular file protections were enabled back in 2019, however were not actually enabled on select devices due to missing SELinux labels. Now fixed thanks to a patch from GrapheneOS.
            • Many duplicate or incorrectly applied CVE patches have been removed from the kernel patchers after a thorough cleanup. Should fix some latent camera, Wi-Fi, Bluetooth, and display issues across devices.
            • Some kernels are broken and when combined with usage of the app data restriction options on 17.1/18.1 would cause a "random reboot". A workaround is now in place to retry the restriction instead of crashing the system server. This is known to affect cheeseburger, dumpling, and maybe a few other Linux 4.4 series devices.

            App Updates

            • Updated Mulch (WebView) to Chromium 99.0.4844.58-1, fixes blank new tab page and broken WebView scrolling.
            • Updated Mull to 98.1.1 and 98.2.0, has 2 and 1 security fixes respectively.

            Website Updates

            • Chromium version comparison list has been overhauled.
            • Installation steps have been much improved.
            • Signed copy-partitions.zip scripts by Erfan Abdi, filipepferraz, and Lanchon are now available for devices that require it.
            • The list of recommended devices on the FAQ page has been updated.

            March 2nd 2022 UpdateHash me if you can!

            System Updates

            • 18.1 rebuilds were published on March 1st.
            • 16.0 rebuilds were published on February 28th.
            • 17.1 rebuilds were published on February 26th.
            • 16.0, 17.1, and 18.1 now feature the NETWORK permission from GrapheneOS. This is an extremely effective way for denying all network access of an app. It should be used in-place of the existing "Allow network access" toggle.
            • 14.1, 15.1, and 16.0 release candidate #3 February ASB builds were published on February 24th.
            • Loose versioning of the CVE checker has been improved to apply 4.9 patches to 4.4 and 3.18 kernels now that 4.4 is EOL.
            • Developer options crash on 15.1 should be fixed.

            Roster Updates

            • 17.1 removals: marlin, sailfish, m8, z2_plus
            • marlin and sailfish has been moved to 18.1, tested working.

            App Updates

            • Updated Mull to 97.2.0 and 98.1.0, has 0 and 7 security fixes respectively.
            • Updated Mulch (WebView) to Chromium 98.0.4758.101-1 and 99.0.4844.48-1, has 11 and 28 security fixes respectively.

            Website Updates

            • The verified boot hashes are now documented on their own new page.

            February 14th 2022 UpdateWill you be my build?

            System Updates

            • 16.0 release candidate #2 February ASB builds were published on February 14th.
            • 14.1 release candidate #2 February ASB builds were published on February 13th. They contain one additional security patch compared to RC#1.
            • 18.1 release candidate #1 February ASB builds were published on February 13th.
            • 14.1 release candidate #1 February ASB builds were published on February 12th.
            • 14.1, 15.1, and 16.0 rebuilds were published on February 11th.
            • FairEmail and Vanilla Music, along with their AOSP fallbacks, have been dropped from inclusion in part due to responses demonstrated in a recent user poll.
            • The provisioner repository has been dropped, as the feature was disabled in official F-Droid.
            • 17.1 release candidate #1 February ASB builds were published on February 11th.
            • 16.0 rebuilds were published on January 29th.
            • 15.1 release candidate #2 January ASB builds were published on January 28th.
            • 14.1 rebuilds were published on January 27th.
            • Secondary users now have a logout option available on 16.0+, thanks to a patch from GrapheneOS.
            • The hamper analytics patchset has been dropped due to causing app crashes. The HOSTS file sufficiently blocks them anyway.
            • 14.1 release candidate #2 January ASB builds were published on January 19th. They contain three additional security patches compared to RC#1.

            Workspace Updates

            • Workspace was migrated to a larger Intel S3710 thanks to user contributions! Their support also enabled doubling the RAM of the build machine to 64GB.

            Device Updates

            • Likely fixed calling issues on Pixel devices, by restoring a handful of previously removed blobs.
            • Some re-lockable devices were missing the option to enable OEM unlocking, affected devices should now be fixed.
            • guacamole*/hotdog*: cellular radio has been fixed after adding back a previously removed blob.

            Roster Updates

            • jellypro builds are now available again after it turned out it was commented in the uploader since October 2021.

            App Updates

            • Updated Mulch (WebView) to Chromium 97.0.4692.87-1, 97.0.4692.98-1, and 98.0.4758.87-1 has 0, 26, and 27 security fixes respectively.
            • Updated Mull to 96.2.0, 96.3.0, 97.1.0, and 97.1.1, has 0, 1, 12, and 0 security fixes respectively.

            Website Updates

            • A new table is now available for comparing Chromium releases in the wild.

            Other Updates

            • AOSP 9.0/16.0 now appears to be end of life.
            • Linux 4.4 is now end of life.
            • The Anarchy-Droid tool now has basic support for installing DivestOS.

            January 2022 IncidentRuh Roh!

            What Happened

            • Builds for twenty devices were pulled due to boot failure and rebuilt versions were later uploaded.

            Impact

            • Affected devices: alioth, Amber, avicii, bramble, coral, davinci, discovery, flame, guacamole, guacamoleb, hotdog, hotdogb, lmi, pioneer, redfin, sunfish, vayu, voyager, z2_plus

            Timeline

            • Jan 13th: Patches for CVE-2021-4203 were added to the Linux patch repo.
            • Builds containing this patch were released on Jan 14th and 16th.
            • Jan 16th @ 20:08: A report was received of guacamole not booting, initially suspected to be firmware related.
            • Jan 16th @ 23:02: The report of guacamole not booting was confirmed and ruled out firmware.
            • Jan 16th @ 23:18: All guacamole* and hotdog* builds were pulled.
            • Using the error message ("creds_are_invalid") and `git blame` the CVE-2021-4203 patches were identified as the issue.
            • Jan 16th @ 23:45: All devices that included the patch were pulled.
            • In-depth checking of why this broke led to DEBUG_CREDENTIALS catching the NULL credential objects, due to missing this patch.
            • This is confirmed by looking at the Linux stable patches released on Oct 6th, both patches are included.
            • Jan 17th @ 00:24: CVE patchers were regenerated and rebuilds of the affected devices started.
            • Jan 17th @ 10:31: Rebuilds of the 15 affected 18.1 devices started uploading. Finished @ 13:10.
            • Jan 17th @ 13:11: Rebuilds of the 5 affected 17.1 devices started uploading. Finished @ 14:50.

            Steps to take if you installed the broken build

            • If your bootloader is unlocked or your recovery is still functional, simply flash the newest fixed build.
            • If your bootloader is locked and your recovery is not functional, you will have to unlock (which wipes your device) and reinstall the newest fixed build. Then restore your data from backup.

            Steps to take as a user in the future

            • Keep a copy of the most recent known working build for your device.
            • Backup your data before every update.

            Steps we plan to take in the future

            • Acquire more devices for testing, to catch such issues before release.

            January 16th 2022 Update

            System Updates

            • 18.1 release candidate #1 January ASB builds were published on January 16th.
            • 17.1 rebuilds were published on January 14th.
            • 14.1, 15.1, and 16.0 rebuilds were published on January 13th.
            • 16.0 and 17.1 release candidate #1 January ASB builds were published on January 12th.
            • 15.1 rebuilds were published on January 11th.
            • 14.1 release candidate #1 January ASB builds were published on January 11th.
            • A handful of additional tracker libraries are now disabled after overhauling our `hamper analytics` patchset.
            • Much work went into reducing the number of falsely blocked hosts in the included HOSTS file. Please report any others you find.
            • Firmware inclusion repository has had further improvements. Notably enabling updates for enchilada/fajita.

            Roster Updates

            • Many new 18.1 devices, untested: h910, lavender, pioneer, voyager, discovery, akari, aurora, xz2c

            App Updates

            • WebRTC was enabled in Mull 96.x builds and would leak LAN IP addresses to websites. WebRTC was again disabled in 96.1.1-3. Few users would have been impacted due to needing to manually update to 96.x in the first place.
            • Updated Mulch (WebView) to Chromium 97.0.4692.70-1, has 38 security fixes.
            • Updated Mull to 96.1.0, 96.1.1, and 96.1.1-2, has 18 security fixes.

            Website Updates

            • The browser tables page has been overhauled to be more informative and accurate.
            • Patch levels page has updated blob counts and more prominent end of life dates.

            December 17th 2021 Update

            System Updates

            • 14.1, 15.1 and 16.0 release candidate #2 December ASB builds were published on December 17th.

            Device Updates

            • Wi-Fi has been fixed on a handful of devices such as amber, raphael, lmi, alioth, guacamole*, and hotdog*.

            App Updates

            • Updated Mull to 95.2.0.

            December 14th 2021 Update"patch patch patch!"

            System Updates

            • Firmware inclusion repository has had some improvements and now has an index available for users.
            • 17.1 and 18.1 release candidate #1 December ASB builds were published on December 13th.
            • 14.1 release candidate #1 December ASB builds were published on December 8th.
            • This is an absolutely massive and exciting kernel security update for all devices using Linux 3.x series thanks to loose versioning work. This modification to the CVE checker allows checking newer versioned patches against older kernels when a matching version patch is unavailable. This feature was rolled out in three stages, firstly applying one version higher, then applying up to two versions higher, and lastly attempting all 4.4 patches on all 3.x versions. The result is anywhere between 50 and 180 additional CVE patches per 3.x kernel. Rebuilds of all impacted devices were published between November 26th and 29th.
            • There have been many new kernel CVE patches as usual.

            Device Updates

            • Camera2 is now in place of OpenCamera on flox due to driver quirks.

            Roster Updates

            • harpia and merlin 17.1 builds are now available, untested.
            • jellypro 14.1 builds are now available, untested.

            App Updates

            • Updated Mull to 95.1.0-4, enables the RLBox security hardening feature.
            • Updated Mull to 95.1.0, has 13 security fixes.
            • Updated Mulch (WebView) to Chromium 96.0.4664.45-1, 96.0.4664.92-1, and 96.0.4664.104-1, has 25, 22, and 5 security fixes respectively.

            Website Updates

            • The patch levels page has been cleaned up, received more links, and documents 'end of life' dates.
            • Security patch counts for Mull and Mulch have been added to the changelogs.

            Other Updates

            • The chat room recently peaked at 24 users connected.

            November 9th 2021 Update

            System Updates

            • 15.1 release candidate #3 November ASB builds were published on November 9th.

            November 8th 2021 UpdateA sanity check

            System Updates

            • 18.1 release candidate #2 November ASB builds were published on November 7th.
            • 14.1, 16.0, and 17.1 release candidate #2 November ASB builds were published on November 6th.
            • [upstream] Updated to November ASB.
            • 15.1 rebuilds were published on November 5th and 6th. They do not contain November ASB patches.
            • The per-app sensors permission patches have been disabled on 14.1, 15.1 and 16.0 due to breakage in select cases.
            • 14.1 release candidate #1 November ASB builds were published on November 3rd.
            • AVB2.0 devices had an AVB1.0 flag set likely preventing boot.
            • Many AVB1.0 devices turned out to not be enforcing, now fixed.
            • Verified boot enablement has been overhauled.
            • The script used to change the default DNS has been expanded to cover more files.
            • The `Private DNS` menu of the Settings app on 17.1+ now includes thirteen presets for various DNS providers. Based off of work by CalyxOS.
            • Firmware inclusion has been disabled for select devices, pending update and re-enablement.
            • The included HOSTS file has been further reduced in size after making our wildcard optimizer more thorough.
            • There have been many new kernel CVE patches as usual.

            Workspace Updates

            • All scripts have been verified working as intended.
            • Various script fixes.
            • Scripts will now fail loudly.
            • Some patches had minor adjustments to them for `git am` correctness.
            • A non-critical patch was found to not have been applied due to a typo.
            • Patches are now refreshed on apply.
            • Patches are now applied via a helper function based on `git am` instead of `patch -p1 <`.
            • Workspace reset function has been made more thorough.
            • All branches have been deleted and re-downloaded.
            • Manifests have been trimmed.
            • 11.0/KitKat support has been removed.

            Device Updates

            • The recovery firmware extraction script has been tested working on clark after resolving SELinux denials. Likely also fixes osprey and surnia.
            • The enchilada/fajita kernel has been updated to 4.9.277 from 4.9.227.

            Roster Updates

            • z2_plus has been moved to 18.1, untested.
            • kccat6, lentislte, land, and santoni 16.0 builds are now available, untested.
            • apollo 14.1 builds are now available, untested.

            App Updates

            • Updated Mull to 94.1.0 and 94.1.1, has 13 security fixes.
            • Updated Mulch (WebView) to Chromium 95.0.4638.50-1 and 95.0.4638.74-1, has 19 and 9 security fixes respectively.

            Website Updates

            • The patch levels page now has direct links to kernel CVE patchers.

            Other Updates

            • AOSP 8.1/15.1 is now end of life.
            • Google has finally stopped supporting Linux 3.18, resulting in a grand total of 339 additional CVE patches after official support ended.

            October 11th 2021 UpdateLights out!

            System Updates

            • 18.1 October ASB builds were published on October 10th.
            • 14.1, 15.1, 16.0, and 17.1 release candidate #1 October ASB builds were published on October 7th.
            • [upstream] Updated to October ASB.
            • A new `Support` app is included with links to common resources. git repository
            • 17.1 rebuilds were published on October 3rd.
            • 14.1, 15.1, and 16.0 rebuilds were published on October 2nd.
            • 18.1 had full wildcard hosts support fixed after more testing.
            • DivestOS now includes its own WebView build named Mulch. Previously DivestOS depended on the LineageOS WebView. However this limited how quickly we could release security updates and prevented our ability to disable various anti-features in Chromium. Mulch is largely based off of and will track closely the Vanadium browser from GrapheneOS. A standalone version of Mulch is also available to all Android users on our F-Droid repository. git repository
            • 17.1 and 18.1 now feature a quick settings tile to globally block all apps from accessing the camera, microphones, and sensors.
            • All versions now have an option to disable sensors on a per-app basis, thanks to @MSe1969
            • All 3.4 devices have received numerous (3-30) prima (Wi-Fi driver) related security patches.
            • hardenDefconfig function has been reworked to better ensure all changes are made to all devices. Previously there were some cases where changes were only partially applied.
            • It has been shown some devices have an extremely long command line passed to the kernel by the bootloader. The hardenBootArgs function exacerbated this issue and caused some devices to not boot. It has now been shortened dramatically.
            • The hamper analytics patches have been fixed after converting the booleans to strings.

            Device Updates

            • i9100 has fallen behind due to space constraints.
            • Bluetooth on thor has likely been fixed.
            • klte build 20210913 had a broken recovery due to kernel commandline. If installed, you will need to manually update. Steps here

            App Updates

            • Updated Mulch (WebView) to Chromium 94.0.4606.71-3 and 94.0.4606.80-1, has 4 and 4 security fixes respectively.
            • Updated Mull to 93.1.0, has 8 security fixes.
            • [upstream] Updated WebView to Chromium 94.0.4606.61, has 1 security fix. commit
            • Hypatia 2.22 was released, mostly internal changes, and should be much more responsive.
            • [upstream] Updated WebView to Chromium 93.0.4577.82, has 10 security fixes. commit

            Website Updates

            • The Patch Levels page now details the number of proprietary blobs each device includes and has removed.
            • Credits section has been made more readable

            September 14th 2021 UpdateCan you hear me now?

            System Updates

            • 18.1 September ASB builds were published on September 13th and 14th.
            • 14.1, 15.1, 16.0, and 17.1 release candidate #3 September ASB builds were published on September 12th.
            • slub_nomerge has been enabled for pre 3.18 kernels, providing some of the slab_nomerge benefits.
            • PROC_PAGE_MONITOR is no longer disabled, fixing app and service memory stats (eg. previously 0B shown in Settings).
            • 14.1 and 15.1 release candidate #2 September ASB builds were published on September 12th.
            • [upstream] The APN list has been updated, especially many changes for carriers in China.
            • 14.1 and 15.1 release candidate #1 September ASB builds were published on September 9th.
            • [upstream] Updated to September ASB.
            • There have been many new kernel CVE patches as usual.
            • TalkBack is now included on all versions. This is thanks to our work removing its proprietary blobs back in July and the subsequent upstreaming to F-Droid. Notably it is the first libre-build featuring the Braille keyboard.
            • The included HOSTS list for blocking ads/trackers has now been optimized using wildcards.
            • Wildcard HOSTS support has been backported from 16.0 branch to 14.1 and 15.1.
            • [upstream] Updated WebView to Chromium 92.0.4515.159, has 9 security fixes. commit

            Device Updates

            • Camera on taimen and walleye is fixed.

            Roster Updates

            • vayu 18.1 builds are now available, untested.
            • davinci 17.1 builds are now available, untested.
            • surnia builds are now available, tested working.
            • sunfish, bramble, and redfin 18.1 builds are now available, untested.
            • beryllium, lmi, and alioth 18.1 builds are now available, untested.

            App Updates

            • Updated Mull to 91.1.0, 91.2.0, and 92.1.1, has 11, 1, and 5 security fixes respectively.
            • Hypatia had a bug fix to identify multiple files with the same hashes (inverted hashmap).

            Website Updates

            • The messengers page now details offline message support and multiple device support.
            • The screenshots page has been overhauled.
            • Many refinements to the device downloads page:
              • Device names have been refined.
              • Update check counts are now shown for each device.
              • Fuzzy dates for images are now shown for each device.

            Other Updates

            • The privacy policy has been updated to better comply with GDPR regulations.
            • An F-Droid repository for serving system WebView updates out-of-band is now included. You might need to manually add it.

            August 7th 2021 UpdateI said deets, not beets!

            System Updates

            • 18.1 August ASB builds were published on August 7th.
            • 14.1, 15.1, 16.0, and 17.1 August ASB builds were published on August 6th.
            • [upstream] Updated to August ASB.
            • [upstream] Updated WebView to Chromium 92.0.4515.131, has 10 security fixes. commit
            • 14.1 release candidate #1 August ASB builds were published on August 4th.
            • A path quoting issue in the CVE patcher was fixed that now allows correctly applying alternate root patches. Now fixed, many devices have received a fair number of added patches. Alternate root patches are primarily used for the Qualcomm Wi-Fi drivers.
            • [upstream] Updated WebView to Chromium 92.0.4515.115, has 35 security fixes. commit

            Device Updates

            • LTE (band 4) support for mako was enabled if using a hybrid modem. Tested working with and without hybrid modem.

            Roster Updates

            • osprey has been moved to 17.1, untested.
            • FP3 has been moved to 18.1, untested.

            App Updates

            • Updated Mull to 90.1.3.
            • Hypatia now has more detailed database descriptions and a new database source from @botherder.
            • GMaps WV now supports loading addresses shared from other apps thanks to R Raj (@accountForIssues).

            Website Updates

            • An effort will be made to better sort News entries by date, most recent first.
            • Technical Details page has been overhauled. Many changes are now documented and easily viewable.
            • Patch Levels page has been overhauled. Device info is now generated automatically. Linux version status is added.

            Other Updates

            • Contributions to DivestOS and related projects now require sign-off as per the DCO.

            July 20th 2021 Update

            System Updates

            • 18.1 rebuilds were published on July 20th.
            • 15.1 rebuilds were published on July 18th.
            • July 13/17th 15.1 builds were missing two security patches compared to 18th.
            • 14.1, 15.1, 16.0, and 17.1 rebuilds were published on July 17th.
            • July 13th 16.0 builds were missing two security patches compared to 17th.
            • [upstream] Updated WebView to Chromium 91.0.4472.164, has 8 security fixes. commit

            Roster Updates

            • FP2 has been moved to 18.1, untested.
            • aura, hotdog, and hotdogb 18.1 builds are now available, untested.

            July 14th 2021 Update

            System Updates

            • 18.1 July ASB builds were published on July 14th.
            • 15.1, 16.0, and 17.1 July ASB builds were published on July 13th.
            • 14.1 July ASB builds were published on July 12th.
            • 14.1 release candidate #1 July ASB builds were published on early July 10th and again later in the day.
            • 14.1, 15.1, 16.0 June rebuilds were published on July 5th.
            • July 5th 14.1 builds had a broken bootanimation due to overzealous optipng.
            • Fallback DNS has been changed from Cloudflare to Quad9.
            • All versions now have an option in the Network section of the Settings app to toggle captive portal checks thanks to @MSe1969.
            • Workspace on build server has been re-initialized, should fix a few subtle issues.
            • A handful of patches from GrapheneOS and CalyxOS have been integrated.
            • There have been a handful of new kernel CVE patches as usual, with over 200 for the 3.4 branch thanks to @haggertk's backports.
            • [upstream] Updated to July ASB.
            • [upstream] Updated WebView to Chromium 91.0.4472.120, has 4 security fixes. commit

            Device Updates

            • bonito/sargo for 18.1 are still failing to compile, any assistance appreciated. error: ln: cannot create symbolic link from '/data/vendor/rfs/mpss' to 'out/target/product/bonito/vendor/rfs/msm/mpss//readwrite': No such file or directory
            • taimen has reported camera issues, if anyone can provide a logcat that would be welcomed

            Roster Updates

            • serrano 18.1 builds are available

            App Updates

            • All but one of our apps are now available on the official F-Droid repository.
            • Updated Mull to 90.1.1 and 90.1.1-2, has 9 security fixes.
            • IR Remote has received a translation into Spanish thanks to Diego Sanguinetti!

            June 16th 2021 Update

            System Updates

            • 15.1, and 16.0 June ASB builds were published on June 11th.
            • 14.1 and 17.1 June ASB builds were published on June 12th.
            • 18.1 June ASB builds were published on June 15th.
            • There have been a handful of new kernel CVE patches as usual.
            • [upstream] Updated to June ASB.
            • [upstream] Updated WebView to Chromium 91.0.4472.101, has 14 security fixes. commit

            Device Updates

            • oneplus2 and ether have been tested booting after amending the deblobber. crackling and kipper are likely also fixed.
            • i9305 SIM detection should be fixed.

            App Updates

            • Many of our apps have been submitted for inclusion in F-Droid. Pending approval/merge.
            • Updated Mull to 89.1.1, has 11 security fixes.

            Website Updates

            • "Name Your Price" donations are now accepted on the about page via Stripe. For freedom preservation there is a prompt before loading any proprietary JavaScript.

            Other Updates

            • It has been one year since the public release of DivestOS!
            • cm-14.1 is likely on its last legs ASB-wise

            May 10th 2021 Update

            System Updates

            • 14.1, 15.1, and 16.0 May ASB builds were published on May 8th.
            • 17.1 May ASB builds were published on May 9th.
            • 18.1 May ASB builds were published on May 10th.
            • 14.1, 15.1, and 16.0 rebuilds were published on April 15th.
            • 17.1, and 18.1 rebuilds were published on April 16th.
            • Devices using `encryptable=footer` were tested broken with `forceencrypt` again in the previous build cycle. Force encryption will once again only be set for devices with a dedicated encryption metadata partition.
            • There have been a handful of new kernel CVE patches as usual.
            • [upstream] Updated to May ASB.
            • [upstream] Updated WebView to Chromium 90.0.4430.82, has 7 security fixes. commit
            • 18.1 Updater Tor support was fixed.

            Device Updates

            • cheeseburger/dumpling has finally been fixed on newer releases, likely caused by a stray toolchain. Should hopefully allow other similar devices to boot too.
            • Firmware repository has been updated and now supports 28 devices.

            App Updates

            • Updated Mull to 88.1.1 and 88.1.3, has 14 and 2 security fixes respectively.
            • Hypatia on Android 11 was fixed.
            • GMaps WV has received support for Google Consent handling.
            • Hypatia received a translation into Russian thanks to @q1011!

            Website Updates

            • The website has been relicensed from GPL-3.0 to AGPL-3.0 for better freedom assurance.

            April 13th 2021 Update

            System Updates

            • 17.1 March rebuilds were published on April 2nd.
            • 14.1, 15.1, and 16.0 April ASB builds were published on April 11th.
            • 17.1 April ASB builds were published on April 12th.
            • 18.1 April ASB builds were published on April 13th.
            • [upstream] 18.1 branch has been marked as stable by LineageOS.
            • [upstream] Updated to April ASB.
            • 18.1 builds have begun for many devices.
            • 17.1 recovery has been updated to latest after utilizing rebranding work from 18.1 branch.
            • 17.1 and 18.1 include SeedVault for creating and restoring encrypted backups of app data. A USB OTG cable/adapter and flash drive is strongly recommended.
            • Experimental 18.1 builds before 04/06 for klte, bacon, and mako had broken recoveries. For klte please flash latest recovery via heimdall. For bacon/mako flash latest recovery via fastboot if unlocked. During testing it was discovered that it is impossible to unlock bacon once locked with an AOSP recovery flashed. A signed factory recovery for bacon can be provided if you've locked yours.
            • eSpeak-NG has replaced PicoTTS in 18.1 builds for the system text-to-speech provider.

            Device Updates

            • Fenix based browsers were fixed on flo and hammerhead.
            • Sensors have been fixed on flox 17.1+.
            • In-place upgrade to 18.1 has been tested working on the following devices: mata, klte
            • The following devices cannot be in-place upgraded to 18.1 and must be wiped: bacon, clark, crackling, d852, d855, flox, fp2, m8, mako, shamu, victara.

            Roster Updates

            • Many devices have been moved to 18.1 and dropped from 17.1.
            • avicii 17.1 builds are available (untested).
            • axon7 15.1 builds are available (untested).

            App Updates

            • Updated Mull to 87.0.0, has 10 security fixes.
            • MergedWiFiNLP had updates to support newer Android versions and added a database import file picker.

            Website Updates

            • A unified script has been made for handling device downloads page metadata.
            • There are two new device statuses: "mostly works" and "likely works".

            March 25th 2021 Update

            System Updates

            • 15.1 rebuilds were published on March 14th with a patch for CVE-2019-2033.
            • 14.1, 15.1, and 16.0 rebuilds were published between the 24th and 25th.
            • Support for building on top of LineageOS 18.1 was added.
            • Scripts have been fixed to only include Silence on devices that support SMS.
            • Tweaks have been made to reduce RAM usage on devices with less than 2GB of RAM. Some of these tweaks cause graphical artifacts.
            • There have been a handful of new kernel CVE patches as usual.
            • [upstream] Updated WebView to Chromium 89.0.4389.105, has 5 security fixes. commit

            Device Updates

            • dragon has been fixed and tested working on 15.1.

            Roster Updates

            • Experimental 18.1 builds have been made available for select devices. More will be available and switched out once LineageOS marks 18.1 as stable.
            • FP3 17.1 builds are available (untested).
            • m7 14.1 builds are available (untested).
            • Users on flo 15.1 are urged to repartition to flox 17.1+.
            • Users on mako 15.1/16.0 are urged to repartition to mako 17.1.
            • Many devices had support dropped from old versions if they compile for newer versions to reduce maintenance burden.

            App Updates

            • Hypatia received a full translation into Italian thanks to @dantecpu and Petra Mirelli!
            • Hypatia and Extirpater received a translation into Portuguese thanks to @inkhorn!
            • Hypatia received an initial translation into Spanish thanks to Petra Mirelli!

            March 8th 2021 Update

            System Updates

            • March ASB builds were released between the 5th and 8th.
            • There have been a handful of new kernel CVE patches as usual.
            • [upstream] Updated to March ASB.
            • [upstream] Updated WebView to Chromium 89.0.4389.72, has 47 security fixes. commit

            Device Updates

            • cheryl now has verified boot support enabled after being missed.

            Roster Updates

            • mako 16.0 will likely be dropped due to space requirements. Any users should repartition and update to 17.1.

            App Updates

            • Updated Mull to 86.1.1, has 12 security fixes.
            • Hypatia received a handful of bug fixes and necessary improvements.
            • Hypatia was translated into French thanks to Jean-Luc Tibaux and Petra Mirelli.
            • All F-Droid services had the .onion addresses added as available mirrors.
            • All F-Droid repos were upgraded to use 'fdroidserver' 2.0.
            • Hypatia now has translated app descriptions on F-Droid.
            • Extirpater, GMaps WV, MergedWifiNLP, and MotionLock all had their dependencies updated.

            Website Updates

            • 'Device downloads' has gained per-device bootloader unlocking, relocking, and verified boot information.
            • AVB public keys are now available for all supported devices on the 'Device downloads' page.
            • 'Bootloader Unlocking' page received many refinements.
            • 'Browser Tables' page received some additions.
            • 'Device downloads' page now loads faster by reusing connection to the Redis instance.
            • Website should now be indexed by search engines, after removing 'robots' flags.
            • More information on donating was added.

            Other Updates

            • GitHub and GitLab repositories were cleaned up (disabled unused features, labels added).

            February 12th 2021 Update

            System Updates

            • February ASB builds were released between the 6th and 8th.
            • Over 30 CVE patches for 3.10 were added. import and update
            • There have been many new kernel CVE patches as usual.
            • [upstream] Updated to February ASB.
            • [upstream] Updated WebView to Chromium 88.0.4324.152, has 1 security fix. commit

            Roster Updates

            • starlte and star2lte have been dropped due to being broken.

            App Updates

            • Hypatia was translated into German by Petra Mirelli. link
            • Updated Mull to 85.1.2, has 1 security fix.
            • Petra Mirelli also made an F-Droid banner graphic for Hypatia. link
            • F-Droid banner graphics were also created for Mull and Extirpater.
            • F-Droid screenshots were added for Mull, Hypatia, and Extirpater.

            Website Updates

            • The 'recommended apps' page had some additions. commit
            • The 'screenshots' page had some updates. commit

            January 26th 2021 Update

            System Updates

            • January ASB builds were released between the 10th and 14th.
            • Rebuilds were published on the 24th thru 26th primarily for CVE patcher updates.
            • IMS/VoLTE was made working on supported devices. image
            • CNE was removed after being briefly included in the Dec/Jan builds. This removal breaks Wi-Fi calling, but is likely worth the security benefits.
            • The deblobber received tweaks to better handle more property edits. commit
            • Part two of the Debian/retired Linux CVE import was completed. Linux 3.0, 3.4, and 3.10 devices benefit the most from this, averaging between 10 and 90 added CVE patches. import and update
            • The exec-based spawning feature from GrapheneOS was disabled. We likely failed to port it over correctly and the result is many subtle breakages.
            • All versions now include the LineageOS 17.1 APN list for better cell carrier compatibility. commit
            • All versions were mostly patched against the old CVE-2019-2306. commit
            • umask is now explicitly set in the build scripts and many files had their permissions corrected. This fixes many subtle issues.
            • [upstream] Updated to January ASB.
            • [upstream] Updated WebView to Chromium 88.0.4324.93, has 36 security fixes. commit

            Device Updates

            • mata has long-standing audio issues, Lineage team has been trying to fix them. Currently the earpiece speaker works on calls, but the loud speaker cannot have its volume adjusted.
            • The microphone issue on shamu was resolved, was caused by our removal of some voice recognition blobs (which are required for adspd bring-up). commit
            • bullhead now installs (and works) after removing the firmware images to workaround the missing proprietary additions needed for their flashing. related

            Roster Updates

            • mako was re-enabled for 16.0 for users who do not want to re-partition their device.
            • flo was re-enabled for 15.1, for users who do not want to re-partition their device.
            • mako was re-enabled for 15.1 for testing purposes.
            • hammerhead was re-enabled for 15.1 due to Bluetooth issues in 16.0.
            • ether and shamu were re-enabled for 15.1 as they are the last versions with working IMS.
            • star2lte was added to 17.1 and was tested broken, likely due to its usage of stock vendor.img.

            App Updates

            • Updated Mull to 84.1.2, 84.1.4 and 85.1.0, has 0, 1, and 13 security fixes respectively.
            • Hypatia had some commits forward-ported from the stable branch to the unfinished dev branch. git log
            • The PrebuiltApps repository saw a handful of app updates. git log

            Website Updates

            • The device downloads page now supports serving multiple build versions per device. commit
            • A 'news' page was added for changelogs and project history. commit
            • A 'network connections' page was added for documenting connections made by the system. commit
            • Pages with tables were fixed up for mobile.
            • The 'recommended apps' page had some additions. commit
            • The 'messengers' page received some needed updates.
            • The credits and legal notices section of the 'about' page was updated.
            • Some typos were fixed. commit

            Other Updates

            December 16th 2020 Update

            General Updates

            • November and December ASB builds have been released.
            • Mull is now on its 3rd Fenix based release, with the latest 84.1.0 including 14 security fixes. Huge thanks to @relan for their build scripts. repo link
            • Hypatia has been updated to show database release/update dates in addition to a multi-threading fix.
            • Etar is now used for the calendar app across all versions.
            • A handful of more proprietary blob variants have been removed.
            • Vendor build fingerprints are now all replaced.
            • Lots of miscellaneous fixes and cleanup.
            • All 15.1 builds and higher are now fully dexpreopted, this allows for reduced memory usage and also decreased boot times on FDE devices.
            • TCP SACK is no longer disabled. SACK PANIC has now been patched on nearly all kernels supported. It has valuable bandwidth saving benefits.
            • There have been many new CVE patches, especially for 3.18 kernels.

            Roster Updates

            • clark has been updated from 14.1 to 17.1 (potential modem issues). In-place upgrade has been tested to work, but your mileage may vary.
            • flo has been updated from 15.1 to 17.1, but requires re-partitioning.
            • cheeseburger/dumpling are compiling for 17.1, but not booting.
            • coral and flame 17.1 builds are available (untested).
            • rs988 and h990 17.1 builds are available (untested).
            • yellowstone 16.0 builds are available (untested).
            • h870 15.1 builds are available (untested).

            Website Updates

            • Paragraphs now have links for easy saving/sharing.
            • Browser, recommended apps, and functionality tables have all been updated.
            • A handful of credit updates.
            • There is now a captcha required to access the device downloads page. It works without JavaScript, and has audio support.
            • There is a new vanity onion address divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion. The old address also still works. tool used
            • Most pages are now cached by the browser.
            • Most text based content served up will now be compressed either by deflate or brotli.

            Other things

            • Old DivestOS patches have been used to remove AmbientSDK from Replicant. git tag
            • 3G is starting to be rapidly phased out, meaning calls with most carriers will not be possible unless IMS/VoLTE works on your device.
            • Heads up: LineageOS will most likely be dropping official 16.0 builds once 18.0/18.1 is released.

            Future work

            • Test how much breakage the deblobber is causing to the IMS stack, or if that is upstream.
            • Finish importing this
            • Add back AOSP patching support to the CVE patcher. It is undecided how to best implement it.

            October 10th 2020 Update

            • Most 3.4 devices should expect 40-100 more kernel CVE patches. git commit
            • Most 3.18 devices should expect 10-40 more kernel CVE patches. git commit
            • A handful of other kernel CVE patches are available for all other devices as per usual.
            • Lots of work has been done on making the CVE patcher easier for other projects to use. repo link
            • Mull is now severely out of date. There hasn't been the time to rebase it. It is strongly suggested to use Bromite or the new Fennec F-Droid until then. Bromite repo is already included in DivestOS F-Droid.
            • victara build failed last month due to recovery image being too large, however it is now once again available.
            • h850 and zenfone3 builds have been pulled as they were last updated in 2018 and 2019 respectively.
            • [upstream] Updated to October security bulletin.
            • [upstream] Updated WebView to Chromium 86.0.4240.75, has 35 security fixes.
            • 11/R builds will likely not be available until March with most devices hopefully being updated by May.

            September 1st 2020 Update

            • The CVE patch database now has many more patches thanks to importing data from the Civil Infrastructure Platform CVE tracker.
            • The CVE patcher has had some minor fixes to improve output reliability.
            • There have been some GPS fixes for all branches, will be available in the next rebuilds.
            • Many new (untested) devices: pro1, enchilada, fajita, guacamole, guacamoleb, and broken beryllium.
            • Mull is likely on its last release due to ESR 68 branch being closed off.
            • Hypatia now supports an extra malware hash database from ESET.
            • Credits and screenshots on the website have been updated.
            An orange bear
            Bear needs your support!
            Donate Now