Comment by timschumi
2 days ago
As far as I have heard they have not actually secured partner access for themselves, they just got someone who has access to break their NDA.
2 days ago
As far as I have heard they have not actually secured partner access for themselves, they just got someone who has access to break their NDA.
No, GrapheneOS is partnered with a major Android OEM and has security partner access through them. Our security preview releases are in full compliance with the terms set by Google. It's permitted to ship the patches early with delayed source releases for the patches on the dates the embargoes end. The current patches are from the November 2025, December 2025 and January 2026 bulletins. We've shipped the full set of currently available patches for those 3 months.
See https://discuss.grapheneos.org/d/24134-devices-lacking-stand... for a more detailed explanation.
The access comes from GrapheneOS' OEM partner who isn't breaking any kind of NDA.
I don't know the exact terminology, but they described what they currently have as security partner access or at least advanced access to security patches. To my knowledge they are still working on full partner access that would grant them timely access to the AOSP source code.