GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
The end result is that GrapheneOS users end up with an OS that's not just more secure but has additional bug fixes since our exploit protections force us to fix these issues right after they're introduced instead of remaining dormant breaking things for some users for months.

Our users have found additional Android 14 QPR2 Bluetooth memory corruption bugs which so far appear to be specific to pairing recent Galaxy Watch devices with GrapheneOS. We’re working on finding and fixing this as we did with the BLE audio bugs.

https://grapheneos.social/deck/@GrapheneOS/112066872276203917

The Android 14 QPR2 Bluetooth LE audio bugs we found were fixed in the March 9th release of GrapheneOS: https://grapheneos.org/releases#2024030900.

We also reported it as an Android vulnerability in the same day and it has been initially triaged by them as a High severity and High quality report.

Users on the stock OS are experiencing Bluetooth regressions with Android 14 QPR2 too. These latent and often exploitable bugs breaking functionality for certain users in certain situations often get turned into reliable crashes/breakage due to our memory corruption protections.

The downside is that more of our users get impacted by the issues and they tend to break a specific niche feature completely such as whatever is being used by the Galaxy Watch. On the stock OS, it breaks for some users and may break in a subtle way such as corrupting other data.

The end result is that GrapheneOS users end up with an OS that’s not just more secure but has additional bug fixes since our exploit protections force us to fix these issues right after they’re introduced instead of remaining dormant breaking things for some users for months.