
CopperheadOS: A hardened open-source operating system based on Android - ymse
https://copperhead.co/android/
======
tkinom
I like to see it enable the user to logs and optionally block connections
attempt base on IP/dns names with both whitelist and blacklist.

And track/logs all of them per Apk.

~~~
dublinben
>And track/logs all of them per Apk.

Don't run programs you can't trust.

~~~
bunnymancer
No point in a smartphone if you were to follow that mindset

~~~
gcb0
good luck with THAT mindset.

edit: i never touched ios (except for my employer, but it's their data) and my
Android phones all have my kernel and pf tables limiting all apps network
access. specially to the local network!

------
hackuser
Copperhead seems designed to protect against malicious attackers, but does it
protect confidentiality against commercial tracking (another kind of attack)?

I'll add: I haven't come across another fork of Android that focuses on
security so I'm rooting for these guys.

~~~
strcat
Privacy enhancements are definitely within the scope of the project. Most of
the current features are exploit mitigations though. If you look through
[https://copperhead.co/android/docs/technical_overview](https://copperhead.co/android/docs/technical_overview)
you'll see that there are a few privacy features already, and there are many
in-progress. They won't be listed there until they're actually completed
though.

~~~
hackuser
Are you connected to the project somehow?

~~~
strcat
Yes, I'm the (lead) developer of the OS.

~~~
hackuser
Great! Thanks for your hard work, and thanks for participating in the
discussion. I've been looking forward to Copperhead's first release for
awhile.

------
mmanfrin
"Protection from zero-days" \-- how can you make a claim like this?

~~~
rinon
I'm not affiliated with Copperhead at all, but I am familiar with the sorts of
techniques they are using. Exploit mitigations, such as Address Space Layout
Randomization, Control-Flow Integrity, Fine-grained Randomization, etc.
provide a layer of hardening to make exploitation of a source code
vulnerability harder, or even not possible on the protected device. The bug
(zero-day) still exists, it's just not as exploitable to do bad stuff.

~~~
vox_mollis
ASLR is already a part of pretty much every current operating system ( save
FreeBSD-RELEASE )

~~~
neerdowell
Not all ASLR implementations are equal, eg. PaX's ASLR vs standard Linux
KASLR.

~~~
mtgx
Or Android's almost useless 32-bit ASLR (even on 64-bit platforms) for that
matter:

[https://googleprojectzero.blogspot.com/2015/09/stagefrighten...](https://googleprojectzero.blogspot.com/2015/09/stagefrightened.html)

[https://copperhead.co/blog/2015/05/11/aslr-android-
zygote](https://copperhead.co/blog/2015/05/11/aslr-android-zygote)

------
aorth
It looks like CopperheadOS has managed to upstream quite a number of
mitigations! Bravo to them. This makes them the sort of OpenBSD research OS of
the Android world, and everyone benefits from their work.

[https://copperhead.co/android/docs/technical_overview](https://copperhead.co/android/docs/technical_overview)

------
ocdtrekkie
"It will not support devices outside of the Nexus and Pixel lines."

This is really sad to me. :/ As far as we've come, everything mobile is still
irritatingly device-specific.

~~~
ninjin
"Devices will be supported until Google drops support from the Android Open
Source Project. Google guarantees major version updates for at least two years
after launch. Security updates are guaranteed for three years after launch
along with 1.5 years after the last device is sold."

As someone that is still using a phone from 2012, this is problematic since I
have no intention of getting a new phone that often. Is there no stable,
secure, and open combination of OS and smartphone out there?

~~~
carkje9
Cyanogenmod still supports security updates for the Galaxy S, a model released
in 2010.[0] Is it still worth using a six-year-old phone? Maybe not, but if
your device is lucky enough to have support it can last you a long time.

[0][https://download.cyanogenmod.org/?type=nightly&device=galaxy...](https://download.cyanogenmod.org/?type=nightly&device=galaxysmtd)

~~~
e12e
I recently lost my Note 3, subsequently bricked my HTC "Pico" explorer -
bought as a dev phone and GPS device due to the notorious GPS issues on my
first Android; a Galaxy S. So now I'm back (typing this in Firefox) on my
ancient Galaxy S, running a recent cyanogen build [Ed: 11 nightly, based on
Android 4.4.4 kitkat. I believe I tried 12 - but it failed to install].

It kinda works. Had to force a move from dalvik to art, and force HW rendering
- there are quite a few stalls. I haven't tried encrypting the device; it's
already slow enough.

Ironically(?) Firefox works better than Chrome. Signal seems to work OK (only
for sms so far due to missing network effect; I don't message anyone with
signal installed).

I'm considering just getting a new battery (replaceable battery, yay!) - as it
is cheaper than getting an LG g3, nexus 5 (no memory card slot, bleh) or a
Sony xperia z3 (waterproof). I wouldn't really say it's _usable_ \- but a g2
or 3 might be OK. [Ed:The low RAM on the early devices appear to me to be the
worst issue. I wouldn't recommend buying a device with less than a gig of ram.
the Galaxy S has ~384mb.]

------
corbet
See also: [https://lwn.net/Articles/675719/](https://lwn.net/Articles/675719/)

------
nickpsecurity
Interesting development. Good to see another project trying to improve the
mobile situation for Android. Getting us off iOS or Android without loosing
all the good apps probably isn't happening due to lock-in effects and patent
issues. At the least, projects that try to allow safer use of Android apps
will benefit a lot of people.

------
dsl
You had me interested until "..based on Android."

What we need is more original codebases in the mobile ecosystem, not endless
modifications on top of the same old shaky foundation.

~~~
conradev
That shaky foundation also has a large ecosystem of useful software. I guess
it doesn't need to be "based on Android" to run Android apps, though.

I'm not too familiar with security on Android (much more familiar with iOS) –
what are the weakest links?

~~~
dsl
Android 0days at this point are so numerous, I find they are relatively
worthless compared to time invested elsewhere. Other people seem to have the
same experience (i've seen offers of double that amount for iOS remotes):
[http://blogs-
images.forbes.com/andygreenberg/files/2012/11/e...](http://blogs-
images.forbes.com/andygreenberg/files/2012/11/exploitpricechart.jpg)

~~~
strcat
Android vulnerabilities aren't more numerous than iOS vulnerabilities. The key
difference is that 97% of Android devices do not get security updates. There
is no need for 0 day vulnerabilities for attackers, in general. Few users have
Nexus devices.

------
tempVariable
Do they have a comparison table for how it fairs compared to cyanogen ? I'm
interested if this is a good os if I want my personal data completely isolated
away from any other app regardless of their initial permissions.

------
ausjke
How does this compare to CyanogenMod? Security is definitely important but how
much should I trust this OS?

Both CyanogenMod and CopperheadOS should be able to run smoothly withoug
google-specific apps I believe, which is nice for some.

~~~
dogma1138
The problem is the vast majority of applications actually require Google
services to run on Android devices. Running an Android device without GApps is
pretty much pointless unless you are really using it for a very very specific
purpose.

~~~
ForHackernews
It would be (relatively) easy to put together another suite of utilities
offering the same API as the standard GApps, in order to allow 3rd party apps
that depend on that API to function. Rumor has it Samsung has just such a
project in the works, in case they need to punch the eject button on their
relationship with Google: [http://www.digitaltrends.com/mobile/samsungs-
secret-mission-...](http://www.digitaltrends.com/mobile/samsungs-secret-
mission-cut-google-galaxy/)

~~~
carkje9
It's in progress.

[https://microg.org/](https://microg.org/)

------
nxzero
Besides USB Armory, are there any other open source harden hardware solutions?

~~~
hackcasual
The Yubikey neo can be programmed with JavaCard. There's a handful of applets
on their github

~~~
nxzero
The Yubikey neo hardware is not open source though, right?

------
spurgu
Couldn't find the Android version it's based on?

~~~
strcat
6.0.1_r20 for the Nexus 5 and Nexus 9, and 6.0.1_r24 for the Nexus 5X. You can
see the versions of the downloads page (it uses
AOSP_TAG.COPPERHEADOS_TIMESTAMP) It's the same as stock. It will move to 7.0
shortly after it's released.

------
homero
Google needs to step it up

------
MuggleFucker
Built by drug dealers for drug dealers.

------
bache
This is a hoenypot for the NSA

~~~
rinon
That's called a baseband processor.

But no, in all seriousness, Copperhead (and AOSP itself) are open source. Go
audit it for NSA backdoors yourself if you're worried about that.

------
fweespee_ch
This project seems interesting but largely impractical until a truly
independent FOSS app store exists with a wide selection + security track
record as good as Google Play or iTunes.

I don't see how it gets there with such a narrow hardware selection.

~~~
akerro
[https://guardianproject.info/2016/03/28/copperhead-
guardian-...](https://guardianproject.info/2016/03/28/copperhead-guardian-
project-and-f-droid-partner-to-build-open-verifiably-secure-mobile-ecosystem/)

There you go!

~~~
superskierpat
This makes the project alot more interesting to me.

