| CopperheadOS | |
|---|---|
 | |
 Screenshot of CopperheadOS on a Nexus 5X | |
| Developer | Copperhead |
| OS family | Unix-like |
| Working state | Current |
| Source model | Closed source |
| Latest release | 13.09.28 / 28 September 2023; 2 years ago (2023-09-28) |
| Marketing target | Secure smartphones |
| Update method | Over-the-air (OTA) or sideloaded update packages |
| Package manager | APK withF-Droid bundled as a frontend |
| License | CC BY-NC-SA 4.0 |
| Official website | copperhead |
CopperheadOS is amobile operating system forsmartphones, based on theAndroid mobile platform. It adds privacy and security features to the official releases of theAndroid Open Source Project byGoogle. CopperheadOS is developed by Copperhead, a Canadianinformation security company. It is licensed under Creative CommonsBY-NC-SA 4.0, although its source code is not available for public download.
CopperheadOS supports smartphones in the Google Pixel product line; other devices are not targeted in order to preserve the resources of the development team. It has several security features not found in stock Android, such as a hardened version of theLinux kernel, and the ability to use separate passwords for unlocking the device and for encryption. Rather than use theGoogle Play Store found on most Android devices, CopperheadOS ships with theF-Droid store in order to reduce the risk of users installing malicious apps.
Development of CopperheadOS began in 2014, and the operating system had an initial alpha release in August 2015. This was followed by a beta release in February 2016, followed by several other releases targeting theGoogle Nexus andPixel phones. The project was initially released under theGNU General Public License, with the project's source code publicly available onGitHub. In October 2016 the license was changed toCreative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA), and as of June 2020 access to the source code was restricted to members of Copperhead's partner network.
The CopperheadOS project was started in 2014 by Copperhead, an information security company based inToronto, Canada. The company was founded in the same year by James Donaldson, the CEO, and Daniel Micay, the CTO and lead developer, and initially served clients in the Canadian legal and intelligence industries. During this work, the founders noticed an absence of secure,open-source operating systems for mobile devices, and they created CopperheadOS under an open source license to try to address this need.[1][2][3]
Copperhead announced the development of CopperheadOS in April 2015. According to the announcement, the operating system was designed to be a "secure-by-default version ofAndroid" aimed at privacy-conscious users.[4] At first, CopperheadOS was licensed under theGNU General Public License,[5] and the project's code was located onGitHub.[6] Copperhead contributed several of their bug fixes and improvements developed for CopperheadOS to theAndroid Open Source Project, the main project for Android development byGoogle.[7]
In August 2015, Copperhead released the first alpha version of CopperheadOS.[8] At this point, the project was based onCyanogenMod, and included support for theGoogle Nexus 5 andSamsung Galaxy S4.[9] This was followed by a beta version in February 2016, with support for the Nexus 5,Nexus 9 andNexus 5X. The beta was based directly on the Android Open Source Project instead of using CyanogenMod, as were subsequent releases. The move away from CyanogenMod and the lack of vendor support led to dropping support for the Samsung Galaxy S4.[10] In May 2016, Copperhead launched an online store where the Nexus 5X could be purchased directly with CopperheadOS pre-loaded. TheNexus 6P was made available for purchase from the store in July of the same year.[11]
From October 2016, for versions of CopperheadOS based on Android 7.0 Nougat, Copperhead changed the CopperheadOS license to theCreative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA) license.[5][12] According to Donaldson, this was to prevent other companies from using the CopperheadOS code without paying Copperhead for licensing, in order to keep the project sustainable.[5]
Copperhead began sellingGoogle Pixel phones pre-loaded with CopperheadOS in March 2017, in addition to their lineup of Nexus phones.[13] For Nexus devices, users could download and install CopperheadOS for free;[14] however, this option was not made available for Pixel phones.[15] For Pixel phones, users could either buy a phone from the Copperhead store with CopperheadOS pre-loaded, or send their own phone to Copperhead for the operating system to be installed on it. This was done to prevent violations of CopperheadOS's non-commercial license; Copperhead competitors had been selling Nexus phones with CopperheadOS installed without obtaining a commercial license, and Copperhead wanted to avoid this issue with the Pixel.[15] The issue came to a head in November the same year, when Copperhead briefly shut down the update server for Nexus devices in order to stop the continued license violations. The company restored the update server after two days.[15]
Copperhead released an alpha version of CopperheadOS for thePixel 2 and Pixel 2 XL in January 2018. Official releases for the Pixel 2 and 2 XL were marked as "for internal use", and could not be downloaded from the Copperhead website without authentication. This maintained the status quo of only Nexus releases being available for public download.[16]
Disagreements between the two founders over business policy became increasingly heated over the first few months of 2018, and led to Donaldson firing Micay in June of that year.[17][18] Micay responded by posting his dismissal notice onReddit, and by deleting the cryptographic keys necessary to release updates for the project.[17][19] Micay said that he considered "the company and infrastructure to be compromised", and that he would "prevent [Donaldson] from harming any users".[20] Copperhead failed to provide CopperheadOS updates for several months afterwards.[18] Micay continued the development of the open source parts of CopperheadOS as the Android Hardening project, which was later rebranded asGrapheneOS.[21] According to Donaldson, as of February 2019 he and Micay were in a legal dispute over the incident.[22]
The next release of CopperheadOS following Micay's departure was in March 2019; this version was based onAndroid Pie (9), and had support for the Pixel, Pixel XL, Pixel 2 and Pixel 2 XL. Pixel devices pre-installed with CopperheadOS could be purchased from Copperhead's website.[23] This was followed in February 2020 with a version of CopperheadOS based on Android 10, available for the Pixel 2 and Pixel 2 XL.[24] As of June 2020, CopperheadOS sources and installation files were no longer available for public download and could only be obtained from Copperhead's partner network. Copperhead cites "mass violation of Copperhead's non-Commercial licensing" as the reason for this change.[25]
Copperhead released a version of CopperheadOS based onAndroid 11 in November 2020.[26] This was followed with a version based onAndroid 12 in February 2022. This version added support for thePixel 4a, the Pixel 4a 5G, thePixel 5, thePixel 5a, and thePixel 6.[27] In February 2023, the project added support forPixel 6a andPixel 7 with theAndroid 13 update.[28]
CopperheadOS is focused on hardening the Android operating system to make it more difficult for attackers to exploit any potential security vulnerabilities. In a 2016 interview, Copperhead CEO James Donaldson said, "The point of it is to increase the amount of resources an attacker needs to expend ... to the point where hopefully they will just give up."[1] The operating system features several security improvements over stock Android related to how programs interact withmemory. It implements thePaX security patches for theLinux kernel, which improves resistance against executing code that has managed to find its way into writeable memory.[10] It also features improvedaddress space layout randomization, a version ofmalloc with better memory layout randomization, and more secureSELinux policies.[10][29] CopperheadOS also featuresverified boot, which protects against malware taking over the boot process or the recovery process of the device.[30]
There are also various changes from stock Android in user-facing features. CopperheadOS separates the password used to unlock the device from the device's encryption password; users can use a relatively simple password to unlock their devices, but if the wrong password is entered five times in a row, the device reboots and the encryption password must be entered, which would be presumably more difficult for an attacker to guess.[10] The operating system ships with theF-Droid store, from which users can install open-source applications, instead of theGoogle Play Store usually found on Android phones. This is intended to prevent users from unknowingly installing malicious apps on their devices.[1]
The project supportssmartphones in the Google Pixel product line. This is done to preserve Copperhead's development resources, and to enable quick patching when Google releases security updates.[31] As of September 2022[update], the supported phones are thePixel 3a, thePixel 3a XL, thePixel 4, thePixel 4 XL, thePixel 4a, thePixel 4a 5G, thePixel 5, thePixel 5a, and thePixel 6.[32]
In January 2018, Tarus Balog of opensource.com was favorably impressed by features in CopperheadOS, but he found the lack of Google applications difficult, and was confused by licensing terms and conditions. Balog said he initially used a Nexus 6P because available Pixel and Pixel XL phones from Copperhead were too expensive. At that time source code was available, but he was unable to successfully complete his own build.[31]
In 2016,The Tor Project released a prototype smartphone based on CopperheadOS named theTor Phone, which gave users the ability to route their network connections throughTor for anonymity. CopperheadOS was chosen for its focus on security, in particular its use of verified boot and its prevention of system apps being overridden by apps from the Google Play Store. The prototype only worked on Google Nexus and Pixel hardware, and had many unfinished pieces.[30][33]
