GrapheneOS

cross-posted from: https://lemmy.world/post/37439450

  S.B. No. 2420

AN ACT relating to the regulation of platforms for the sale and distribution of software applications for mobile devices. BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: SECTION 1. Subtitle C, Title 5, Business & Commerce Code, is amended by adding Chapter 121 to read as follows: CHAPTER 121. SOFTWARE APPLICATIONS SUBCHAPTER A. GENERAL PROVISIONS Sec. 121.001. SHORT TITLE. This chapter may be cited as the App Store Accountability Act. Sec. 121.002. DEFINITIONS. In this chapter: (1) "Age category" means information collected by the owner of an app store to designate a user based on the age categories described by Section 121.021(b). (2) "App store" means a publicly available Internet website, software application, or other electronic service that distributes software applications from the owner or developer of a software application to the user of a mobile device. (3) "Minor" means a child who is younger than 18 years of age who has not had the disabilities of minority removed for general purposes. (4) "Mobile device" means a portable, wireless electronic device, including a tablet or smartphone, capable of transmitting, receiving, processing, and storing information wirelessly that runs an operating system designed to manage hardware resources and perform common services for software applications on handheld electronic devices. (5) "Personal data" means any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual. The term includes pseudonymous data when the data is used by a person who processes or determines the purpose and means of processing the data in conjunction with additional information that reasonably links the data to an identified or identifiable individual. The term does not include deidentified data or publicly available information. SUBCHAPTER B. DUTIES OF APP STORES Sec. 121.021. DUTY TO VERIFY AGE OF USER; AGE CATEGORIES. (a) When an individual in this state creates an account with an app store, the owner of the app store shall use a commercially reasonable method of verification to verify the individual's age category under Subsection (b). (b) The owner of an app store shall use the following age categories for assigning a designation: (1) an individual who is younger than 13 years of age is considered a "child"; (2) an individual who is at least 13 years of age but younger than 16 years of age is considered a "younger teenager"; (3) an individual who is at least 16 years of age but younger than 18 years of age is considered an "older teenager"; and (4) an individual who is at least 18 years of age is considered an "adult." Sec. 121.022. PARENTAL CONSENT REQUIRED. (a) If the owner of the app store determines under Section 121.021 that an individual is a minor who belongs to an age category that is not "adult," the owner shall require that the minor's account be affiliated with a parent account belonging to the minor's parent or guardian. (b) For an account to be affiliated with a minor's account as a parent account, the owner of an app store must use a commercially reasonable method to verify that the account belongs to an individual who: (1) the owner of the app store has verified belongs to the age category of "adult" under Section 121.021; and (2) has legal authority to make a decision on behalf of the minor with whose account the individual is seeking affiliation. (c) A parent account may be affiliated with multiple minors' accounts. (d) Except as provided by this section, the owner of an app store must obtain consent from the minor's parent or guardian through the parent account affiliated with the minor's account before allowing the minor to: (1) download a software application; (2) purchase a software application; or (3) make a purchase in or using a software application. (e) The owner of an app store must: (1) obtain consent for each individual download or purchase sought by the minor; and (2) notify the developer of each applicable software application if a minor's parent or guardian revokes consent through a parent account. (f) To obtain consent from a minor's parent or guardian under Subsection (d), the owner of an app store may use any reasonable means to: (1) disclose to the parent or guardian: (A) the specific software application or purchase for which consent is sought; (B) the rating under Section 121.052 assigned to the software application or purchase; (C) the specific content or other elements that led to the rating assigned under Section 121.052; (D) the nature of any collection, use, or distribution of personal data that would occur because of the software application or purchase; and (E) any measures taken by the developer of the software application or purchase to protect the personal data of users; (2) give the parent or guardian a clear choice to give or withhold consent for the download or purchase; and (3) ensure that the consent is given: (A) by the parent or guardian; and (B) through the account affiliated with a minor's account under Subsection (a). (g) If a software developer provides the owner of an app store with notice of a change under Section 121.053, the owner of the app store shall: (1) notify any individual who has given consent under this section for a minor's use or purchase relating to a previous version of the changed software application; and (2) obtain consent from the individual for the minor's continued use or purchase of the software application. (h) The owner of an app store is not required to obtain consent from a minor's parent or guardian for: (1) the download of a software application that: (A) provides a user with direct access to emergency services, including: (i) 9-1-1 emergency services; (ii) a crisis hotline; or (iii) an emergency assistance service that is legally available to a minor; (B) limits data collection to information: (i) collected in compliance with the Children's Online Privacy Protection Act of 1998 (15 U.S.C. Section 6501 et seq.); and (ii) necessary for the provision of emergency services; (C) allows a user to access and use the software application without requiring the user to create an account with the software application; and (D) is operated by or in partnership with: (i) a governmental entity; (ii) a nonprofit organization; or (iii) an authorized emergency service provider; or (2) the purchase or download of a software application that is operated by or in partnership with a nonprofit organization that: (A) develops, sponsors, or administers a standardized test used for purposes of admission to or class placement in a postsecondary educational institution or a program within a postsecondary educational institution; and (B) is subject to Subchapter D, Chapter 32, Education Code. Sec. 121.023. DISPLAY OF AGE RATING FOR SOFTWARE APPLICATION. (a) If the owner of an app store that operates in this state has a mechanism for displaying an age rating or other content notice, the owner shall: (1) make available to users an explanation of the mechanism; and (2) display for each software application available for download and purchase on the app store the age rating and other content notice. (b) If the owner of an app store that operates in this state does not have a mechanism for displaying an age rating or other content notice, the owner shall display for each software application available for download and purchase on the app store: (1) the rating under Section 121.052 assigned to the software application; and (2) the specific content or other elements that led to the rating assigned under Section 121.052. (c) The information displayed under this section must be clear, accurate, and conspicuous. Sec. 121.024. INFORMATION FOR SOFTWARE APPLICATION DEVELOPERS. The owner of an app store that operates in this state shall, using a commercially available method, allow the developer of a software application to access current information related to: (1) the age category assigned to each user under Section 121.021(b); and (2) whether consent has been obtained for each minor user under Section 121.022. Sec. 121.025. PROTECTION OF PERSONAL DATA. The owner of an app store that operates in this state shall protect the personal data of users by: (1) limiting the collection and processing of personal data to the minimum amount necessary for: (A) verifying the age of an individual; (B) obtaining consent under Section 121.022; and (C) maintaining compliance records; and (2) transmitting personal data using industry-standard encryption protocols that ensure data integrity and confidentiality. Sec. 121.026. VIOLATION. (a) The owner of an app store that operates in this state violates this subchapter if the owner: (1) enforces a contract or a provision of a terms of service agreement against a minor that the minor entered into or agreed to without consent under Section 121.022; (2) knowingly misrepresents information disclosed under Section 121.022(f)(1); (3) obtains a blanket consent to authorize multiple downloads or purchases; or (4) shares or discloses personal data obtained for purposes of Section 121.021, except as required by Section 121.024 or other law. (b) The owner of an app store is not liable for a violation of Section 121.021 or 121.022 if the owner of the app store: (1) uses widely adopted industry standards to: (A) verify the age of each user as required by Section 121.021; and (B) obtain parental consent as required by Section 121.022; and (2) applies those standards consistently and in good faith. Sec. 121.027. CONSTRUCTION OF SUBCHAPTER. Nothing in this subchapter may be construed to: (1) prevent the owner of an app store that operates in this state from taking reasonable measures to block, detect, or prevent the distribution of: (A) obscene material, as that term is defined by Section 43.21, Penal Code; or (B) other material that may be harmful to minors; (2) require the owner of an app store that operates in this state to disclose a user's personal data to the developer of a software application except as provided by this subchapter; (3) allow the owner of an app store that operates in this state to use a measure required by this chapter in a manner that is arbitrary, capricious, anticompetitive, or unlawful; (4) block or filter spam; (5) prevent criminal activity; or (6) protect the security of an app store or software application. SUBCHAPTER C. DUTIES OF SOFTWARE APPLICATION DEVELOPERS Sec. 121.051. APPLICABILITY OF SUBCHAPTER. This subchapter applies only to the developer of a software application that the developer makes available to users in this state through an app store. Sec. 121.052. DESIGNATION OF AGE RATING. (a) The developer of a software application shall assign to each software application and to each purchase that can be made through the software application an age rating based on the age categories described by Section 121.021(b). (b) The developer of a software application shall provide to each app store through which the developer makes the software application available: (1) each rating assigned under Subsection (a); and (2) the specific content or other elements that led to each rating provided under Subdivision (1). Sec. 121.053. CHANGES TO SOFTWARE APPLICATIONS. (a) The developer of a software application shall provide notice to each app store through which the developer makes the software application available before making any significant change to the terms of service or privacy policy of the software application. (b) For purposes of this section, a change is significant if it: (1) changes the type or category of personal data collected, stored, or shared by the developer; (2) affects or changes the rating assigned to the software application under Section 121.052 or the content or elements that led to that rating; (3) adds new monetization features to the software application, including: (A) new opportunities to make a purchase in or using the software application; or (B) new advertisements in the software application; or (4) materially changes the functionality or user experience of the software application. Sec. 121.054. AGE VERIFICATION. (a) The developer of a software application shall create and implement a system to use information received under Section 121.024 to verify: (1) for each user of the software application, the age category assigned to that user under Section 121.021(b); and (2) for each minor user of the software application, whether consent has been obtained under Section 121.022. (b) The developer of a software application shall use information received from the owner of an app store under Section 121.024 to perform the verification required by this section. Sec. 121.055. USE OF PERSONAL DATA. (a) The developer of a software application may use personal data provided to the developer under Section 121.024 only to: (1) enforce restrictions and protections on the software application related to age; (2) ensure compliance with applicable laws and regulations; and (3) implement safety-related features and default settings. (b) The developer of a software application shall delete personal data provided by the owner of an app store under Section 121.024 on completion of the verification required by Section 121.054. (c) Notwithstanding Subsection (a), nothing in this chapter relieves a social media platform from doing age verification as required by law. Sec. 121.056. VIOLATION. (a) Except as provided by this section, the developer of a software application violates this subchapter if the developer: (1) enforces a contract or a provision of a terms of service agreement against a minor that the minor entered into or agreed to without consent under Section 121.054; (2) knowingly misrepresents an age rating or reason for that rating under Section 121.052; or (3) shares or discloses the personal data of a user that was acquired under this subchapter. (b) The developer of a software application is not liable for a violation of Section 121.052 if the software developer: (1) uses widely adopted industry standards to determine the rating and specific content required by this section; and (2) applies those standards consistently and in good faith. (c) The developer of a software application is not liable for a violation of Section 121.054 if the software developer: (1) relied in good faith on age category and consent information received from the owner of an app store; and (2) otherwise complied with the requirements of this section. SUBCHAPTER D. ENFORCEMENT Sec. 121.101. DECEPTIVE TRADE PRACTICE. A violation of this chapter constitutes a deceptive trade practice in addition to the practices described by Subchapter E, Chapter 17, and is actionable under that subchapter. Sec. 121.102. CUMULATIVE REMEDIES. The remedies provided by this chapter are not exclusive and are in addition to any other action or remedy provided by law. SECTION 2. It is the intent of the legislature that every provision, section, subsection, sentence, clause, phrase, or word in this Act, and every application of the provisions in this Act to every person, group of persons, or circumstances, is severable from each other. If any application of any provision in this Act to any person, group of persons, or circumstances is found by a court to be invalid for any reason, the remaining applications of that provision to all other persons and circumstances shall be severed and may not be affected. SECTION 3. This Act takes effect January 1, 2026.

  ______________________________ 	______________________________
     President of the Senate 	Speaker of the House     

         I hereby certify that S.B. No. 2420 passed the Senate on
  April 16, 2025, by the following vote: Yeas 30, Nays 1; and that
  the Senate concurred in House amendments on May 14, 2025, by the
  following vote: Yeas 30, Nays 1.
  

  ______________________________
  Secretary of the Senate    

         I hereby certify that S.B. No. 2420 passed the House, with
  amendments, on May 9, 2025, by the following vote: Yeas 120,
  Nays 9, three present not voting.
  

  ______________________________
  Chief Clerk of the House   

  

  Approved:
  
  ______________________________ 
              Date
  
  
  ______________________________ 
            Governor

cross-posted from: https://lemmy.blahaj.zone/post/33020379

cross-posted from: https://lemmy.blahaj.zone/post/33020376

One more step to unhitching from Google...

Right now the only option I see in F-Droid is Aegis.

I'm not sure what to actually look for side from checking for unexpected permissions and reasonably frequent updates.

Hopefully something I can sync with a GNOME app...

cross-posted from: https://lemmy.blahaj.zone/post/33012882

Planning on switching to GrapheneOS soon. Anyone know if they're planning on implementing the side-loading restrictions?

My RCS messages randomly stopped working a couple days ago. I tried troubleshooting steps like turning off my vpn, reinstalling the app, and resetting permissions but no luck. Anyone else having this issue?

I switched to Graphene on my Pixel 9a Pro, I don't know, maybe a month ago. It's, as the title says, almost perfect. However, I'm having two issues:

• Android Auto -- From what I've looked up, this should work. It does if I wire it up, but wireless is supposed to work also. I thought this was due to my VPN, but I've tried with Auto allowed through and even with the VPN (and kill switch) disabled. With the VPN on - passthrough or no - Auto just tells me to disable my VPN. With it and the kill switch off, it just says that it failed to connect. It's been a while since I tried it with the kill switch on, but I think I remember it trying to connect to some oddly named Wi-Fi network offered by the car. This did not work. edit: Essentially the same result has been encountered in two different cars. I did try toggling the developer settings with no impact. I was able to get Bluetooth working.

• Okta MFA. I don't think this is a Graphene issue because I also put Graphene on my tablet and it works fine there, with or without a VPN. However, on my phone, if I try to add the account it just says some form of "there was an error, please contact your administrator." My administrator has no interest in troubleshooting this.

Any guidance would be appreciated!

Just got set up with latest update and am having issues with up swipes when scrolling (e.g. on webpages), when up swiping to access open apps/full app listing, and when trying to "back" swipe (i.e. trying to back out of a menu.

To be more descriptive, if I stop scrolling with up swipes, usually the next up swipe won't work and I'll need to do it twice to have it register the gesture.

For opening my list of apps and the full app listing (swiping from very bottom) I usually have to try about 5 times for it to register the gesture. Same for back swiping.

I use the standard Grapheme launcher and haven't installed any new apps since the update. Issue started this morning after the reboot for OS upgrade. I do have a screen protector, but I'm not seeing any issues with any tapping gestures, so I doubt that's the cause.

Is anyone else experiencing this? Anyone know any fixes?

I want to install Graphene on my Pixel 6. It is rooted and i use NeoBackup for app state, wifi, call logs, etc.

I do not want to startvfrom scratch and rebuild everything. Is it possible to port most of my data?

Can someone please help me test https://f-droid.org/packages/com.github.axet.callrecorder on non-rooted latest GrapheneOS? It is able to auto start but it records silence.

thanks a lot for your kindly help

I think bitmask VPN broke my VPN setting somehow. I cannot connect to internet in my secondary profile but no problem in other profile

• can not connect to anything in this profile
• bitmask initial config is unsuccessful
• there is a notification "Disconnected from always-on VPN" even though I have I removed all VPN from my settings.
• clicking on "Disconnected from always-on VPN" notification gives "Can't connect to always-on VPN / [Legacy VPN] is set up to stay connected all the time. but it can't connect at the moment, you won't have a connection until the VPN can reconnect, change VPN settings"
• nothing to change in "VPN settings" as i have deleted all the VPN
• I have tried reset wifi and bluetooth in owner profile but still no connection in secondary profile

thanks a lot for any help

Okay so I'm not really sure how to describe this, I use graphene and ente for my photos which works great. On my phone, when I go into Signal or WhatsApp and try to attach a photo, I don't get ente as an option for where to get photos from so I can't get to my gallery in that way.

Is there a thing I need to do to tell the os that ente is the place for photos?

Thanks!

I have banking apps in a separate User profile. I was wondering if this was preferable (or worse) than putting those apps in Private Space.

Anybody have a "Separate User vs Private Space" comparison?

https://grapheneos.org/releases#2024123000

add support for adding a PIN as a 2nd factor to fingerprint unlock to enable our new recommended high threat model configuration of a random diceware passphrase as the primary unlock method and fingerprint+PIN with a random 4-6 digit PIN as the regularly used secondary unlock method (the usual limitations of secondary unlock only being usable for 48 hours after successful primary unlock and our limit of 5 total secondary unlock attempts apply)

add support for limiting charging the battery to 80% with support for bypass charging similar to the new Android 15 QPR1 stock Pixel OS feature, although unlike the stock Pixel OS our implementation still works while using a secondary user (the limit is currently hard-wired to 80% due to that being what's fully supported for the stock OS usage, but we can eventually make it configurable)

TWO AMAZING updates on this release!

Hey, If i were to buy a pixel 8 straight from Google, unlock the bootloader, install graphene, lock the bootloader, and then put it under my carrier… would I still be able to use grapheneos? I’m not sure if when T-Mobile carrier locks the bootloader, they also delete any OS that isn’t stock android.

Thanks!

So I really want GrapheneOS but I also want to have my phone rooted to have some features (like Aurora/Droid-ify background updates) but I don't know if this is incompatible and searching it on Google showed some old posts and forum discussions.

I know and I understand that rooting my phone basically breaks the logic of using GrapheneOS, but I still want to do it, is it possible?

I mean "possible" because from what I understand, when you flash a custom rom you need to format your whole phone, but the same process when rooting your phone, so it's possible?

cross-posted from: https://discuss.tchncs.de/post/13702771

Beware of used Pixels with a replaced screen

I very recently bought a used Pixel 6 with a replacement screen, not thinking too much of it. I even made sure that the screen looked good during pickup.

One thing I missed though, was that apparently my Pixel doesn't have a fingerprint sensor anymore. I did some research, apparently it's quite easy to break the fingerprint sensor (or some places simply just don't include a sensor in the repair?) when replacing the screen.

Today I also noticed (through Show refresh rate in developer options) that my screen will only do 60 Hz as well.

Also I have stupidly high battery drain, I'm not 100% if that's related though.

Long story short, learn from my mistakes and either don't buy a used phone with a replacement screen or carefully test all functionalities associated with the screen, mainly high refresh rate and the fingerprint sensor.

Can we possibly get an (accessibility?) option to move or change the emergency call button placement on a password or PIN lock screen?

Adhd / sleep addled brain waking to irritating alarm that prompted me with a pin and BUTTON which I hit thinking it was the enter key I guess.... Heh, oops. Got a call back on that one, as i then hung up because was still trying to find and kill the alarm keeping me from sleep.

I cant be the only one? Is there a way to not make the option look like part of standard workflow (to half conscious brains), because it most definitely is not standard workflow by definition, and should be distinct.

Hi all, I'm brand new to GrapheneOS and to pixel phones. Been on android since the beginning though.

I bought a pixel 8 pro and straight away put on GrapheneOS on. I have a dual Sim setup (one for work, one personal). On the default app I can't set the app to remember which Sim to use with which contact, anyone else have the same issue?

Looking for advice for what others have done that works. The biggest problem is that calling people while driving I have to interact with the phone to tell it which SIM to use.

Thanks in advance

Hey there,

Not sure if someone is here except, but gonna ask. I have a few of apps that I've purchased on Play Store over time and still use. Probably most important is MySudo, which is a subscription. Can I have paid apps from Play Store in GrapheneOS? If I can, can I connect my existing Google account and still maintain privacy of OS and other apps?

I can't find this setting anymore. What happened to it? Or is an issue with my phone?