CopperheadOS

Last updated
CopperheadOS
Copperhead logo.svg
CopperheadOS homescreen.png
Screenshot of CopperheadOS on a Nexus 5X
Developer Copperhead
OS family Unix-like
Working stateCurrent
Source model Closed source
Latest release 13.09.28 / 28 September 2023;3 months ago (2023-09-28)
Marketing targetSecure smartphones
Update method Over-the-air (OTA) or sideloaded update packages
Package manager APK with F-Droid bundled as a frontend
License CC BY-NC-SA 4.0
Official website copperhead.co/android OOjs UI icon edit-ltr-progressive.svg

CopperheadOS is a mobile operating system for smartphones, based on the Android mobile platform. It adds privacy and security features to the official releases of the Android Open Source Project by Google. CopperheadOS is developed by Copperhead, a Canadian information security company. It is licensed under Creative Commons BY-NC-SA 4.0, although its source code is not available for public download.

Contents

CopperheadOS supports smartphones in the Google Pixel product line; other devices are not targeted in order to preserve the resources of the development team. It has several security features not found in stock Android, such as a hardened version of the Linux kernel, and the ability to use separate passwords for unlocking the device and for encryption. Rather than use the Google Play Store found on most Android devices, CopperheadOS ships with the F-Droid store in order to reduce the risk of users installing malicious apps.

Development of CopperheadOS began in 2014, and the operating system had an initial alpha release in August 2015. This was followed by a beta release in February 2016, followed by several other releases targeting the Google Nexus and Pixel phones. The project was initially released under the GNU General Public License, with the project's source code publicly available on GitHub. In October 2016 the license was changed to Creative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA), and as of June 2020 access to the source code was restricted to members of Copperhead's partner network.

History

Project inception and initial releases

The CopperheadOS project was started in 2014 by Copperhead, an information security company based in Toronto, Canada. The company was founded in the same year by James Donaldson, the CEO, and Daniel Micay, the CTO and lead developer, and initially served clients in the Canadian legal and intelligence industries. During this work, the founders noticed an absence of secure, open-source operating systems for mobile devices, and they created CopperheadOS under an open source license to try to address this need. [1] [2] [3]

Copperhead announced the development of CopperheadOS in April 2015. According to the announcement, the operating system was designed to be a "secure-by-default version of Android" aimed at privacy-conscious users. [4] At first, CopperheadOS was licensed under the GNU General Public License, [5] and the project's code was located on GitHub. [6] Copperhead contributed several of their bug fixes and improvements developed for CopperheadOS to the Android Open Source Project, the main project for Android development by Google. [7]

In August 2015, Copperhead released the first alpha version of CopperheadOS. [8] At this point, the project was based on CyanogenMod, and included support for the Google Nexus 5 and Samsung Galaxy S4. [9] This was followed by a beta version in February 2016, with support for the Nexus 5, Nexus 9 and Nexus 5X. The beta was based directly on the Android Open Source Project instead of using CyanogenMod, as were subsequent releases. The move away from CyanogenMod and the lack of vendor support led to dropping support for the Samsung Galaxy S4. [10] In May 2016, Copperhead launched an online store where the Nexus 5X could be purchased directly with CopperheadOS pre-loaded. The Nexus 6P was made available for purchase from the store in July of the same year. [11]

License change and departure of Daniel Micay

From October 2016, for versions of CopperheadOS based on Android 7.0 Nougat, Copperhead changed the CopperheadOS license to the Creative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA) license. [5] [12] According to Donaldson, this was to prevent other companies from using the CopperheadOS code without paying Copperhead for licensing, in order to keep the project sustainable. [5]

Copperhead began selling Google Pixel phones pre-loaded with CopperheadOS in March 2017, in addition to their lineup of Nexus phones. [13] For Nexus devices, users could download and install CopperheadOS for free; [14] however, this option was not made available for Pixel phones. [15] For Pixel phones, users could either buy a phone from the Copperhead store with CopperheadOS pre-loaded, or send their own phone to Copperhead for the operating system to be installed on it. This was done to prevent violations of CopperheadOS's non-commercial license; Copperhead competitors had been selling Nexus phones with CopperheadOS installed without obtaining a commercial license, and Copperhead wanted to avoid this issue with the Pixel. [15] The issue came to a head in November the same year, when Copperhead briefly shut down the update server for Nexus devices in order to stop the continued license violations. The company restored the update server after two days. [15]

Copperhead released an alpha version of CopperheadOS for the Pixel 2 and Pixel 2 XL in January 2018. Official releases for the Pixel 2 and 2 XL were marked as "for internal use", and could not be downloaded from the Copperhead website without authentication. This maintained the status quo of only Nexus releases being available for public download. [16]

Disagreements between the two founders over business policy became increasingly heated over the first few months of 2018, and led to Donaldson firing Micay in June of that year. [17] [18] Micay responded by posting his dismissal notice on Reddit, and by deleting the cryptographic keys necessary to release updates for the project. [17] [19] Micay said that he considered "the company and infrastructure to be compromised", and that he would "prevent [Donaldson] from harming any users". [20] Copperhead failed to provide CopperheadOS updates for several months afterwards. [18] Micay continued the development of the open source parts of CopperheadOS as the Android Hardening project, which was later rebranded as GrapheneOS. [21] According to Donaldson, as of February 2019 he and Micay were in a legal dispute over the incident. [22]

Android Pie and beyond

The next release of CopperheadOS following Micay's departure was in March 2019; this version was based on Android Pie (9), and had support for the Pixel, Pixel XL, Pixel 2 and Pixel 2 XL. Pixel devices pre-installed with CopperheadOS could be purchased from Copperhead's website. [23] This was followed in February 2020 with a version of CopperheadOS based on Android 10, available for the Pixel 2 and Pixel 2 XL. [24] As of June 2020, CopperheadOS sources and installation files were no longer available for public download and could only be obtained from Copperhead's partner network. Copperhead cites "mass violation of Copperhead's non-Commercial licensing" as the reason for this change. [25]

Copperhead released a version of CopperheadOS based on Android 11 in November 2020. [26] This was followed with a version based on Android 12 in February 2022. This version added support for the Pixel 4a, the Pixel 4a 5G, the Pixel 5, the Pixel 5a, and the Pixel 6. [27] In February 2023, the project added support for Pixel 6a and Pixel 7 with the Android 13 update. [28]

Features and compatibility

CopperheadOS is focused on hardening the Android operating system to make it more difficult for attackers to exploit any potential security vulnerabilities. In a 2016 interview, Copperhead CEO James Donaldson said, "The point of it is to increase the amount of resources an attacker needs to expend ... to the point where hopefully they will just give up." [1] The operating system features several security improvements over stock Android related to how programs interact with memory. It implements the PaX security patches for the Linux kernel, which improves resistance against executing code that has managed to find its way into writeable memory. [10] It also features improved address space layout randomization, a version of malloc with better memory layout randomization, and more secure SELinux policies. [10] [29] CopperheadOS also features verified boot, which protects against malware taking over the boot process or the recovery process of the device. [30]

There are also various changes from stock Android in user-facing features. CopperheadOS separates the password used to unlock the device from the device's encryption password; users can use a relatively simple password to unlock their devices, but if the wrong password is entered five times in a row, the device reboots and the encryption password must be entered, which would be presumably more difficult for an attacker to guess. [10] The operating system ships with the F-Droid store, from which users can install open-source applications, instead of the Google Play Store usually found on Android phones. This is intended to prevent users from unknowingly installing malicious apps on their devices. [1]

The project supports smartphones in the Google Pixel product line. This is done to preserve Copperhead's development resources, and to enable quick patching when Google releases security updates. [31] As of September 2022, the supported phones are the Pixel 3a, the Pixel 3a XL, the Pixel 4, the Pixel 4 XL, the Pixel 4a, the Pixel 4a 5G, the Pixel 5, the Pixel 5a, and the Pixel 6. [32]

Reception

In January 2018, Tarus Balog of opensource.com was favorably impressed by features in CopperheadOS, but he found the lack of Google applications difficult, and was confused by licensing terms and conditions. Balog said he initially used a Nexus 6P because available Pixel and Pixel XL phones from Copperhead were too expensive. At that time source code was available, but he was unable to successfully complete his own build. [31]

Influence

In 2016, The Tor Project released a prototype smartphone based on CopperheadOS named the Tor Phone, which gave users the ability to route their network connections through Tor for anonymity. CopperheadOS was chosen for its focus on security, in particular its use of verified boot and its prevention of system apps being overridden by apps from the Google Play Store. The prototype only worked on Google Nexus and Pixel hardware, and had many unfinished pieces. [30] [33]

See also

Related Research Articles

Android is a mobile operating system based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008.

A mobile operating system is an operating system for smartphones, tablets, smartwatches, smartglasses, or other non-laptop personal mobile computing devices. While computers such as typical/mobile laptops are "mobile", the operating systems used on them are generally not considered mobile ones, as they were originally designed for desktop computers that historically did not have or need specific mobile features. This line distinguishing mobile and other forms has become blurred in recent years, due to the fact that newer devices have become smaller and more mobile unlike hardware of the past. Key notabilities blurring this line are the introduction of tablet computers and light-weight laptops and the hybridization of the two in 2-in-1 PCs.

<span class="mw-page-title-main">Google Authenticator</span> Two-step verification app

Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.

<span class="mw-page-title-main">Sailfish OS</span> Mobile operating system

Sailfish OS is a Linux-based operating system based on free software, and open source projects such as Mer as well as including a closed source UI. The project is being developed by the Finnish company Jolla.

Google Pixel is a brand of portable consumer electronic devices developed by Google that run either ChromeOS or the Android operating system. The main line of Pixel products consist of Android-powered smartphones, which have been produced since October 2016 as the replacement of the older Nexus, and of which the Pixel 8 and 8 Pro are the current models. The Pixel brand also includes laptop and tablet computers, as well as several accessories, and was originally introduced in February 2013 with the Chromebook Pixel.

<span class="mw-page-title-main">Guardian Project (software)</span>

The Guardian Project is a global collective of software developers, designers, advocates, activists, and trainers who develop open-source mobile security software and operating system enhancements. They also create customized mobile devices to help individuals communicate more freely and protect themselves from intrusion and monitoring. The effort specifically focuses on users who live or work in high-risk situations and who often face constant surveillance and intrusion attempts into their mobile devices and communication streams.

<span class="mw-page-title-main">Nexus 5X</span> Android smartphone manufactured by LG Electronics

The Nexus 5X is an Android smartphone manufactured by LG Electronics, co-developed with and marketed by Google as part of its Nexus line of flagship devices. Unveiled on September 29, 2015, it was a successor to the Nexus 5. The phone, along with the Nexus 6P, served as launch devices for Android 6.0 Marshmallow, which introduced a refreshed interface, performance improvements, increased Google Now integration, and other new features.

<span class="mw-page-title-main">Nexus 6P</span> Android smartphone developed and marketed by Google and manufactured by Huawei

Nexus 6P is an Android smartphone developed and marketed by Google and manufactured by Huawei. It succeeded the Nexus 6 as the flagship device of the Nexus line of Android devices by Google. Officially unveiled on 29 September 2015 along with the Nexus 5X at the Google Nexus 2015 press event held in San Francisco, it was made available for pre-order on the same day in United States, United Kingdom, Ireland, and Japan.

<span class="mw-page-title-main">Pixel C</span> 2015 Android tablet computer by Google

The Pixel C is a 10.2-inch (260 mm) Android tablet developed and marketed by Google. The device was unveiled during a media event on September 29, 2015. On October 9, 2018, it was succeeded by the Pixel Slate.

Paranoid Android is an open-source operating system for smartphones and tablet computers, based on the Android mobile platform. The latest official version is Topaz, based on Android 13, released on 15 October 2022.

<span class="mw-page-title-main">Android Nougat</span> Seventh major version of the Android operating system

Android Nougat is the seventh major version and 14th original version of the Android operating system. First released as an alpha test version on March 9, 2016, it was officially released on August 22, 2016, with Nexus devices being the first to receive the update. The LG V20 was the first smartphone released with Nougat.

The Pixel and Pixel XL are a pair of Android smartphones designed, developed, and marketed by Google as part of the Google Pixel product line, succeeding the Nexus line of smartphones. They were officially announced on October 4, 2016 at the Made by Google event and released in the United States on October 20. On October 4, 2017, they were succeeded by the Pixel 2 and Pixel 2 XL.

<span class="mw-page-title-main">Android Oreo</span> Eighth major version of the Android mobile operating system

Android Oreo is the eighth major release and the 15th version of the Android mobile operating system. It was first released as an alpha quality developer preview in March 2017 and released to the public on August 21, 2017.

The Pixel 2 and Pixel 2 XL are a pair of Android smartphones designed, developed, and marketed by Google as part of the Google Pixel product line. They collectively serve as the successors to the Pixel and Pixel XL. They were officially announced on October 4, 2017 at the Made by Google event and released in the United States on October 19. On October 9, 2018, they were succeeded by the Pixel 3 and Pixel 3 XL.

<span class="mw-page-title-main">Android Pie</span> Ninth major version of the Android mobile operating system

Android Pie, also known as Android 9 is the ninth major release and the 16th version of the Android mobile operating system. It was first released as a developer preview on March 7, 2018, and was released publicly on August 6, 2018.

<span class="mw-page-title-main">Pixel 3</span> 2018 Android smartphone designed by Google

The Pixel 3 and Pixel 3 XL are a pair of Android smartphones designed, developed, and marketed by Google as part of the Google Pixel product line. They collectively serve as the successors to the Pixel 2 and Pixel 2 XL. They were officially announced on October 9, 2018 at the Made by Google event and released in the United States on October 18. On October 15, 2019, they were succeeded by the Pixel 4 and Pixel 4 XL.

<span class="mw-page-title-main">Android 10</span> Tenth major version of the Android mobile operating system

Android 10 is the tenth major release and the 17th version of the Android mobile operating system. It was first released as a developer preview on March 13, 2019, and was released publicly on September 3, 2019.

<span class="mw-page-title-main">GrapheneOS</span> Android-based mobile operating system

GrapheneOS is an Android-based, open source, privacy and security-focused mobile operating system for selected Google Pixel smartphones.

References

  1. 1 2 3 Pauli, Darren (December 13, 2016). "Pre-rolled stripped, hardened Copperhead Androids hit Oz, NZ". The Register. Archived from the original on September 25, 2020. Retrieved September 25, 2020.
  2. Howell, Jason; Richards, Ron; Trapani, Gina; Donaldson, James (August 17, 2016). All About Android 279: Peak Phablet (Podcast). This Week in Tech. 9 minutes in. Retrieved September 25, 2020 via YouTube.
  3. 17-4-19 Interview with James Donaldson - Copperhead CEO (Podcast). CryptoTech.Solutions. May 11, 2017. 2 minutes in. Retrieved September 25, 2020 via YouTube.
  4. "Copperhead OS: Secure Android ROM". Copperhead Limited. April 22, 2015. Archived from the original on March 29, 2020. Retrieved September 23, 2020.
  5. 1 2 3 17-4-19 Interview with James Donaldson - Copperhead CEO (Podcast). CryptoTech.Solutions. May 11, 2017. 25 minutes in. Retrieved September 25, 2020 via YouTube.
  6. Schirrmacher, Dennis (September 28, 2015). "CopperheadOS: Alternatives System will Android sicherer machen" [CopperheadOS: Alternative system wants to make Android more secure] (in German). Heise. Archived from the original on October 1, 2015. Retrieved September 23, 2020.
  7. Armasu, Lucian (November 13, 2015). "Copperhead CTO: Nexus Phones Already More Secure Than BlackBerry Priv". Tom's Hardware. Retrieved September 26, 2020.
  8. "CopperheadOS Alpha". Copperhead Limited. August 21, 2015. Archived from the original on March 29, 2020. Retrieved September 23, 2020.
  9. Quiroli, Lorenzo (September 8, 2015). "La prima alpha di CopperheadOS, il firmware open-source sicuro" [The first alpha of CopperheadOS, the secure open-source firmware]. www.androidworld.it (in Italian). Archived from the original on September 9, 2015.
  10. 1 2 3 4 Corbet, Jonathan (February 17, 2016). "CopperheadOS: Securing the Android". lwn.net. Retrieved October 6, 2020.
  11. Chokkattu, Julian (July 12, 2016). "Copperhead is selling Google's Nexus devices with its pre-installed secure OS". www.digitaltrends.com. Retrieved August 11, 2020.
  12. Zanolla, Irven (August 27, 2016). "Maru OS e Copperhead OS diventano open source" [Maru OS and Copperhead OS become open source] (in Italian). Archived from the original on August 28, 2016. Retrieved September 26, 2020.
  13. Sohail, Omar (March 6, 2017). "Google Pixel Is Available Running a New OS – More Secure But Also Very Expensive". Wccftech. Archived from the original on March 6, 2017. Retrieved September 28, 2020.
  14. "Google Pixel with CopperheadOS is Available for Purchase in the U.S. and Canada". xda-developers. March 6, 2017. Retrieved August 25, 2020.
  15. 1 2 3 "CopperheadOS Disables Nexus Update Server After Licensing Violations". xda-developers. November 12, 2017. Retrieved August 19, 2020.
  16. Wright, Arol (January 17, 2018). "CopperheadOS is Coming to the Google Pixel 2/2 XL". xda-developers. Retrieved August 25, 2020.
  17. 1 2 Perrone, Alessandro (June 12, 2018). "CopperheadOS potrebbe non avere un futuro" [CopperheadOS may not have a future] (in Italian). Tutto Android. Retrieved September 29, 2020.
  18. 1 2 De, Kingshuk (February 5, 2019). "The demise of CopperheadOS and rise of its successors". PiunikaWeb. Retrieved September 29, 2020.
  19. Mocanu, Iulian (June 18, 2018). "CopperheadOS este mort" [CopperheadOS is dead] (in Romanian). Retrieved September 29, 2020.
  20. Puljek, Kristijan (June 12, 2018). "Raspao se CopperheadOS" [CopperheadOS fell apart] (in Croatian). Mobil.hr. Retrieved September 29, 2020.
  21. Tremmel, Moritz; Grüner, Sebastian. "GrapheneOS: Ein gehärtetes Android ohne Google, bitte - Golem.de" [GrapheneOS: A hardened Android without Google, please]. www.golem.de (in German). Retrieved August 11, 2020.
  22. "Ex-CopperheadOS dev spits fire as CEO says project not dead". PiunikaWeb. February 6, 2019. Retrieved August 26, 2020.
  23. "CopperheadOS' Android Pie update is now available for the Pixel & Pixel 2". XDA Developers. March 28, 2019. Retrieved August 19, 2020.
  24. Naresh, Sagar (February 17, 2020). "CopperheadOS Android 10 update is now available". PiunikaWeb. Retrieved September 29, 2020.
  25. "Installation". Copperhead. Archived from the original on June 15, 2020. Retrieved October 4, 2020. Versions archived before June 2020 specify how to obtain factory images.
  26. "CopperheadOS Release: Android 11". Copperhead. November 3, 2020. Archived from the original on August 29, 2022. Retrieved September 25, 2022.
  27. "CopperheadOS Pixel 5a, Pixel 5, Pixel 4a 5G available now". Copperhead. February 7, 2022. Archived from the original on August 29, 2022. Retrieved September 25, 2022.
  28. "CopperheadOS Android 13 - Copperhead". copperhead.co. Archived from the original on 2022-05-19. Retrieved 2023-03-22.
  29. Porup, J. M. (August 9, 2016). "Copperhead OS: The startup that wants to solve Android's woeful security". Ars Technica. Retrieved October 6, 2020.
  30. 1 2 Porup, J. M. (November 22, 2016). "Tor phone is antidote to Google "hostility" over Android, says developer". Ars Technica. Retrieved October 6, 2020.
  31. 1 2 Balog, Tarus (January 29, 2018). "CopperheadOS: Security features, installing apps, and more". Opensource.com. Retrieved August 20, 2020.
  32. "Device comparison". Copperhead. Archived from the original on May 8, 2022. Retrieved September 25, 2022.
  33. Verma, Adarsh (November 25, 2016). "Tor Phone Is The "Super-secure Version Of Android", Developed By Tor Project". Fossbytes. Retrieved August 28, 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.