Conversation

Replying to
There's a serious issue when doing an over-the-air update from the March release of the AndroidHardening project to GrapheneOS. It doesn't occur when sideloading, despite both using essentially the same update_engine implementation. Thankfully, I always test the upgrade path.
1
For each release, I always upload the releases to the update server and use a special testing channel not exposed via the app UI to make sure the update package works as an over-the-air update. Afterwards, I test that the future upgrade path works to temporary sample releases.
1
1
This is my priority when testing, above everything else. It's very important to maintain the upgrade path. I used to test the incremental updates too, which I'll do again when GrapheneOS starts using them. That's why I switched to only using incrementals for previous -> current.
1
1
I also plan to add support for multiple update domains, with it choosing a random one and perhaps cycling through them on failure. Relying on a single domain was an exploitable weakness used cripple the project before. It was a mistake to trust the company sponsoring the project.
2