These are strictly Android's upstream patches, not our patches or any code that we create. We only have access to these through a new OEM partnership. They're simply an opt-in for people who want to benefit getting all of these patches the moment they are made, rather than waiting for a quarterly release like every other Android OEM / distribution will do. If you don't want to run embargoed code, then you'll just wait like everyone else / how we used to wait for patches before this month.

Standard GrapheneOS is completely open source and reproducible. This is simply a separate addition to a standard GrapheneOS install and that's why the first boot will give you the choice to do so. We recommend security patches for obvious reasons.

We openly call out people to try and download our update packages to reverse engineer them and review any changes. People can make their own code which standard GrapheneOS and other Android distributions can get earlier. We have source code access but we cannot disclose it ourselves.

What we do and any additions we make are totally open source and will remain that way.