Patch Levels

Below is version information for branches and devices for you to judge your device's security upon.

A note on operating system security¶

There is a singular all-or-nothing, all-encompassing Android security bulletin released every month that covers security issues across the entire system.
Below we break it into five parts solely for ease of understanding for you to determine the general security of a given operating system.
Being behind on any one part means the system is inherently insecure.

  1. the version of Android itself, newer versions have more security features/hardening
  2. the ASB patch level, these are essential security patches
  3. the Pixel ASB patch level, these are recommended security patches and are only provided for the latest Android version. Despite the name, the majority are NOT Pixel specific as described here.
  4. the vendor ASB patch level, see Qualcomm
  5. and lastly the Linux kernel version
Briefly for each operating system:
  • GrapheneOS, with the exception of the Pixel 4 series, strictly only supports devices that have all parts updated.
  • CalyxOS, with the exception of the Pixel 3/4 series and other non-Pixel devices, in theory only supports devices that have all parts updated.
  • LineageOS can help with 1, 2, 3, and usually 5, but if a device is out of support by its manufacturer it cannot help with 4.
  • DivestOS, being Lineage based helps with 1, 2, 3, can minimize 4 via the deblobber, and improve 5 significantly using the CVE auto-patcher.
  • Any of the above operating systems will be an improvement for any device that is no longer receiving support from its manufacturer if they continue to offer monthly updates with at least some parts covered.
Furthermore GrapheneOS is a substantially hardened operating system. DivestOS includes some of the security features from GrapheneOS along with its own.
Such hardening changes can prevent exploitation of both known and unknown issues and are not found in LineageOS, CalyxOS, or most other aftermarket systems.

If you are choosing an operating system for security the order is GrapheneOS, then DivestOS, then official LineageOS, with the choice depending on what device you have or can acquire/afford.
At the potential cost of freedom and/or privacy, you may even want to consider the stock OS as long as it is not end-of-life.

What about this other OS?¶

  • CalyxOS occasionally falls behind updates (see 1 and 2), has no added hardening features, and primarily only supports Pixels which are better supported by GrapheneOS.
  • /e/OS has many severe issues as documented here.
  • iodéOS has numerous issues as documented here.
  • UBports, based on Ubuntu 20.04, lacks encryption support, retains many of the Android components via Halium, and uses unpatched & end of life kernels in many of its featured devices.
  • Replicant 6.0, based on LineageOS-13.0, hasn't received any security patches in years and the devices run decade+ old Linux 3.0 kernels.
  • LeOS GSI has occasional source code without license declarations available and was bundling a modified proprietary `Phone/Dialer` app. The Dialer sitaution was addressed quickly after being pointed out.
  • Proprietary aftermarket systems should be avoided as they generally do not provide enough additional value over the existing open source options that are available.
  • GSIs should be avoided, they do not provide the kernel or vendor components and cannot utilize many security features.
  • Lastly many aftermarket systems often do not provide consistent and timely updates to the system WebView component as documented here. This is a security critical component of the system not included in the ASB that is frequently overlooked and/or ignored.
  • See also this independent comparison of systems here.

Does DivestOS make my device secure?¶

The short answer: No.
The long answer is that DivestOS is likely the best harm reduction option if your device is no longer in support by its manufacturer or vendor.
Any project or product claiming they make end-of-life devices secure should be rigorously scrutinized.
If you want a reasonably secure and well-maintained device, please acquire a newer Pixel (6/6a/7) that is fully supported by GrapheneOS and use it instead.
Lastly it must be noted that privacy and security go hand-in-hand, there is a fundamental limit of how much privacy you can achieve if you do not have security backing it up.

Branches¶

Last updated: 2023-12-09
Asterisk* denotes known missing patches
DivestOS inherently cannot and does not include all patches from the monthly Android Security Bulletin.
The patch level shown in the Settings app on DivestOS should not be regarded as accurate, in favor of this page. It merely conveys the most recent month that it may contain patches from.
Also of note, DivestOS typically takes eight months to stabilize after a new Android version is released.

A historical comparison of operating system patch levels is available here, along with patch counts documented here.

VersionEnd of LifeAndroid Security BulletinPixel Security Bulletin
20.0 / 13.0 / T ★Late ~2026?LOS: 2023-12, DOS: 2023-122023-09, BEHIND!
19.1 / 12.1 / SMid ~2025LOS: 2023-12, DOS: 2023-122022-07, BEHIND!
18.1 / 11.0 / RLate ~2023LOS: 2023-11, DOS: 2023-112021-10, BEHIND!
17.1 / 10.0 / Q2023-02, EOL!LOS: 2023-02, DOS: 2023-11*2020-08, BEHIND!
16.0 / 9.0 / P2022-01, EOL!LOS: 2022-01, DOS: 2023-11*2019-08, BEHIND!
15.1 / 8.1.0 / O2021-10, EOL!LOS: 2021-10, DOS: 2023-11*2018-12, BEHIND!
14.1 / 7.1.2 / N2019-10, EOL!LOS: 2021-06, DOS: 2023-12*2017-12, BEHIND!

Linux Version Status¶

Last updated: 2023-12-06

VersionLatest AvailableFirst ReleasedEnd of Life
6.66.6.42023-10-292026-12
6.16.1.652022-12-112026-12
5.155.15.1412021-10-312026-12
5.105.10.2022020-12-132026-12 + 2031-01 (CIP)
5.45.4.2622019-11-252025-12
4.194.19.3002018-10-222024-12 + 2029-01 (CIP)
4.144.14.3312017-11-122024-01
4.94.9.3372016-12-112023-01-07
4.44.4.3022016-01-102022-02-03 + 2027-01 (CIP)
3.183.18.1402014-12-072019-05-16 + 2021-10-05 (Google/Linaro)
3.103.10.1082013-06-302017-11-04
3.43.4.1132012-05-202016-10-26
3.03.0.1012011-07-212013-10-22

Devices¶

Last updated: 2023-11-13
Of note, DivestOS only includes firmware on select devices as documented here.
Devices listed below denoted with a '★' can be considered reasonably secure if firmware is included, the device is relocked, and it supports verified boot.
Please also take into account whether or not a device actually has a working bootloader.

DeviceBranchVendor ASBKernel
akari20.02020-09-014.9.227 + 458 patches
akatsuki20.02020-09-014.9.227 + 458 patches
alioth20.02023-06-014.19.282 + 127 patches
apollon20.02023-06-014.19.282 + 127 patches
Amber17.12020-10-054.4.205 + 477 patches
angler15.1Unknown3.10.73 + 600 patches
apollo14.1Unknown3.4.0 + 815 patches
athene14.1Unknown3.10.108 + 525 patches
aura20.02021-02-054.9.337 + 132 patches
aurora20.02020-09-014.9.227 + 458 patches
avicii20.02023-03-054.19.275 + 148 patches
axon715.1Unknown3.18.71 + 737 patches
bacon18.12016-09-013.4.113 + 389 patches
barbet20.02023-10-014.19.269 + 195 patches
beryllium20.02020-12-014.9.337 + 135 patches
dipper20.02020-12-014.9.337 + 135 patches
equuleus20.02020-12-014.9.337 + 135 patches
polaris20.02020-12-014.9.337 + 135 patches
ursa20.02020-12-014.9.337 + 135 patches
bluejay20.02023-10-015.10.157
blueline20.02021-10-054.9.337 + 137 patches
bonito20.02022-05-054.9.337 + 137 patches
bramble20.02023-10-014.19.269 + 195 patches
bullhead15.1Unknown3.10.73 + 611 patches
cheeseburger20.02020-09-014.4.302 + 195 patches
cheetah20.02023-10-015.10.157
cheryl20.02019-11-054.4.302 + 195 patches
clark17.12017-10-013.10.108 + 440 patches
coral20.02022-10-054.14.326 + 75 patches
crackling17.12016-12-013.10.108 + 473 patches
crosshatch20.02021-10-054.9.337 + 137 patches
crownlte20.02021-11-014.9.118 + 616 patches
d2att14.1Unknown3.4.112 + 584 patches
d2spr14.1Unknown3.4.112 + 584 patches
d2tmo14.1Unknown3.4.112 + 584 patches
d2vzw14.1Unknown3.4.112 + 584 patches
d80018.12015-12-013.4.113 + 447 patches
d80118.12015-12-013.4.113 + 447 patches
d80218.12015-12-013.4.113 + 447 patches
d80318.12015-12-013.4.113 + 447 patches
d85018.1Unknown3.4.113 + 463 patches
d85118.1Unknown3.4.113 + 463 patches
d85218.1Unknown3.4.113 + 463 patches
d85518.1Unknown3.4.113 + 463 patches
davinci20.0Unknown4.14.326 + 77 patches
debx18.1Unknown3.4.113 + 431 patches
discovery20.02020-11-014.4.302 + 209 patches
dragon15.1Unknown3.18.0 + 760 patches
dumpling20.02020-09-014.4.302 + 195 patches
enchilada20.02021-11-014.9.337 + 132 patches
ether18.12017-04-013.10.108 + 493 patches
f40018.1Unknown3.4.113 + 463 patches
fajita20.02021-11-014.9.337 + 132 patches
flame20.02022-10-054.14.326 + 75 patches
flounder15.12017-10-053.10.103 + 471 patches
flounder_lte15.12017-10-053.10.103 + 471 patches
flox18.12016-08-053.4.113 + 431 patches
FP218.12018-04-013.4.113 + 247 patches
FP320.02023-08-054.9.337 + 131 patches
FP420.02023-08-054.19.295 + 86 patches
fugu15.12017-11-053.10.20 + 681 patches
griffin18.12021-10-013.18.124 + 567 patches
grouper14.1Unknown3.4.113 + 472 patches
guacamoleb20.02022-12-054.14.180 + 504 patches
guacamole20.02022-12-054.14.180 + 504 patches
h81114.1Unknown3.10.84 + 668 patches
h81514.1Unknown3.10.84 + 668 patches
h83020.02019-01-014.4.302 + 195 patches
h85020.02019-01-014.4.302 + 195 patches
h87020.02019-05-014.4.302 + 195 patches
h91020.02019-05-014.4.302 + 195 patches
h91820.02019-05-014.4.302 + 195 patches
h99020.02019-05-014.4.302 + 195 patches
ham16.02016-06-013.4.113 + 436 patches
hammerhead18.12016-10-053.4.113 + 400 patches
harpia17.12018-06-013.10.108 + 524 patches
hero2lte14.1Unknown3.18.14 + 796 patches
herolte14.1Unknown3.18.14 + 796 patches
himaul14.1Unknown3.10.84 + 582 patches
himawl14.1Unknown3.10.84 + 582 patches
hotdogb20.02022-12-054.14.180 + 504 patches
hotdog20.02022-12-054.14.180 + 504 patches
i910014.1Unknown3.0.101 + 435 patches
i930014.1Unknown3.0.101 + 435 patches
i930514.1Unknown3.0.101 + 435 patches
instantnoodle20.02023-08-054.19.295 + 84 patches
instantnoodlep20.02023-08-054.19.295 + 84 patches
jactivelte18.12017-04-183.4.113 + 468 patches
jflteatt18.12017-08-013.4.113 + 468 patches
jfltespr18.12016-09-013.4.113 + 468 patches
jfltevzw18.12016-12-093.4.113 + 468 patches
jfltexx18.12017-08-013.4.113 + 468 patches
jfvelte18.12016-10-013.4.113 + 468 patches
kccat616.0Unknown3.10.108 + 325 patches
kebab20.02023-08-054.19.295 + 84 patches
lemonades20.02023-08-054.19.295 + 84 patches
kipper16.0Unknown3.10.108 + 473 patches
klte18.12017-08-013.4.113 + 274 patches
hlte18.12016-06-013.4.113 + 274 patches
lavender18.12021-06-014.4.302 + 213 patches
jasmine_sprout18.12021-07-014.4.302 + 213 patches
platina18.12020-08-014.4.302 + 213 patches
twolip18.12018-11-014.4.302 + 213 patches
wayne18.12018-11-014.4.302 + 213 patches
whyred18.12018-11-014.4.302 + 213 patches
lemonade20.02023-09-055.4.254 + 51 patches
lemonadep20.02023-09-055.4.254 + 51 patches
lentislte16.0Unknown3.10.108 + 325 patches
lmi20.02023-06-014.19.282 + 127 patches
lmi20.02023-06-014.19.282 + 127 patches
ls99018.1Unknown3.4.113 + 463 patches
ls99720.02019-05-014.4.302 + 195 patches
m714.1Unknown3.4.113 + 509 patches
m8d18.12016-07-013.4.113 + 541 patches
m818.12016-07-013.4.113 + 541 patches
maguro14.1Unknown3.0.101 + 428 patches
mako18.12015-09-083.4.113 + 41 patches
manta14.1Unknown3.4.113 + 385 patches
marlin18.12019-10-063.18.137 + 556 patches
mata20.02020-02-054.4.302 + 249 patches
Mi893720.02017-04-014.9.337 + 131 patches
Mi891720.02017-04-014.9.337 + 131 patches
merlin17.12018-06-013.10.108 + 524 patches
n510014.1Unknown3.0.101 + 435 patches
n511014.1Unknown3.0.101 + 435 patches
n512014.1Unknown3.0.101 + 435 patches
oneplus217.12017-10-013.10.108 + 442 patches
oneplus318.12019-10-013.18.124 + 555 patches
oriole20.02023-10-015.10.157
osprey17.12018-06-013.10.108 + 524 patches
panther20.02023-10-015.10.157
pioneer20.02020-11-014.4.302 + 209 patches
pro120.02020-04-054.4.302 + 195 patches
pro1x20.02022-06-014.19.297 + 84 patches
raven20.02023-10-015.10.157
redfin20.02023-10-014.19.269 + 195 patches
rs98820.02019-01-014.4.302 + 195 patches
sailfish18.12019-10-063.18.137 + 556 patches
sargo20.02022-05-054.9.337 + 137 patches
serrano3gxx18.12016-08-013.4.113 + 552 patches
serranoltexx18.12016-08-013.4.113 + 552 patches
serranodsdd18.12016-08-013.4.113 + 552 patches
shamu18.12017-10-013.10.108 + 360 patches
starlte20.02021-11-014.9.118 + 616 patches
star2lte20.02021-11-014.9.118 + 616 patches
sunfish20.02023-10-014.14.326 + 75 patches
surnia17.12018-06-013.10.108 + 524 patches
taimen20.02020-10-054.4.302 + 213 patches
thor14.1Unknown3.4.0 + 815 patches
toro14.1Unknown3.0.101 + 428 patches
toroplus14.1Unknown3.0.101 + 428 patches
us99620.02019-05-014.4.302 + 195 patches
us99720.02019-05-014.4.302 + 195 patches
v1awifi14.1Unknown3.4.113 + 262 patches
vayu19.12022-07-014.14.180 + 538 patches
victara18.12016-08-013.4.113 + 515 patches
voyager20.02020-11-014.4.302 + 209 patches
kirin20.02020-11-014.4.302 + 209 patches
mermaid20.02020-11-014.4.302 + 209 patches
vs98518.1Unknown3.4.113 + 463 patches
vs99520.02019-05-014.4.302 + 195 patches
walleye20.02020-10-054.4.302 + 213 patches
xz2c20.02020-09-014.9.227 + 458 patches
yellowstone16.02014-09-303.10.96 + 521 patches
Z00T15.12018-02-053.10.108 + 475 patches
z2_plus20.02018-11-054.4.302 + 205 patches