This is our final release based on Android 16 QPR2/QPR3 since we've completed our initial port to Android 17 and are resolving regressions to prepare it for a public release very soon.

Tags:

• 2026061600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026060600 release:

• skip replacing pairip Play Store installer check with Play Store source stamp checks for apps installed from the Play Store
• hardened_malloc: add support for Cuttlefish build targets
• Network Location: require TLSv1.3 for Apple and Apple China location services in addition to the GrapheneOS service
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.174
• kernel (6.6): update to latest GKI LTS branch revision
• kernel (6.12): update to latest GKI LTS branch revision
• Vanadium: update to version 149.0.7827.102.0
• Vanadium: update to version 149.0.7827.114.0
• GmsCompatConfig: update to version 170
• Speech Services: update to version 3

All of the Android 16 security patches from the current July 2026, August 2026, September 2026, October 2026, November 2026 and December 2026 Android Security Bulletins are included in the 2026061601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604, CVE-2026-28618, CVE-2026-28639, CVE-2026-28662, CVE-2026-45515, CVE-2026-45531
• High: CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2026-0053, CVE-2026-0054, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0084, CVE-2026-28572, CVE-2026-28582, CVE-2026-28583, CVE-2026-28584, CVE-2026-28585, CVE-2026-28588, CVE-2026-28593, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28606, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28613, CVE-2026-28614, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620, CVE-2026-28623, CVE-2026-28624, CVE-2026-28626, CVE-2026-28631, CVE-2026-28632, CVE-2026-28633, CVE-2026-28634, CVE-2026-28635, CVE-2026-28636, CVE-2026-28638, CVE-2026-28642, CVE-2026-28643, CVE-2026-28644, CVE-2026-28645, CVE-2026-28650, CVE-2026-28652, CVE-2026-28655, CVE-2026-28656, CVE-2026-28657, CVE-2026-28658, CVE-2026-28660, CVE-2026-28663, CVE-2026-28664, CVE-2026-28665, CVE-2026-28667, CVE-2026-28668, CVE-2026-28670, CVE-2026-28671, CVE-2026-45513, CVE-2026-45514, CVE-2026-45516, CVE-2026-45517, CVE-2026-45518, CVE-2026-45519, CVE-2026-45520, CVE-2026-45521, CVE-2026-45522, CVE-2026-45523, CVE-2026-45525, CVE-2026-45527, CVE-2026-45528, CVE-2026-45529, CVE-2026-49880
• Unclassified: CVE-2026-28653

For detailed information on security preview releases, see our post about it.