The demise of CopperheadOS and rise of its successors
Remember CopperheadOS? The privacy centric, Google-less version of Android with enforced security hardening was created by a two-man team based on Toronto. Their startup, Copperhead Limited, used to sell Nexus and Pixel phones with preinstalled CopperheadOS.
Unfortunately it did not last long. The differences in business policy led to a fight between the CEO James Donaldson and the lead developer Daniel Micay. James ultimately fired Daniel.
His patches to AOSP get merged by Google frequently. Mocking the shortcomings of the claims by Copperhead Limited is a favorite game for him.
The update notes at https://t.co/E1ekVle3Fy falsely claim that the new incarnation of CopperheadOS has been updated to the latest security patch levels. However, that isn't the case. In reality, it hasn't received the full August, September, October or November security patches.
— DanielMicay (@DanielMicay) November 30, 2018
Without the presence of Daniel, Copperhead has failed to continue providing monthly updates. Their long term support phones are 1st and 2nd gen Google Pixels, which are officially upgraded to Android 9 Pie by Google. Copperhead still treats them with Android Oreo along with Daniel’s old codebase.
Please help get the word out about what has happened with Copperhead. They're tricking people into buying an insecure product misrepresented as hardened. It isn't even updated to Android 9 and lacks full security updates. Pixels don't receive full security updates via Android 8.
— DanielMicay (@DanielMicay) November 15, 2018
What happened next
Well, we all know the drill.
Open source enthusiasts have tried to come up with alternatives of CopperheadOS. One such example is RattlesnakeOS. The developer doesn’t want to blatantly replicate the former, but tries to bring some of its core facilities on top of AOSP.
RattlesnakeOS was created initially as an alternative to CopperheadOS, a security hardened Android OS created by Daniel Micay, after it stopped being properly maintained back in June 2018. To be clear, this project is not attempting to add or recreate any of the security hardening features that were present in CopperheadOS. Instead, it is looking to fill a gap now that CopperheadOS is no longer available in its previous form, as there are no real alternatives that provide the same level of privacy and security.
Dan Vittegleo AKA dan-v is the man behind the ambitious project, who also came up with ‘rattlesnakeos-stack’. It is a nifty cross-platform tool to anchor the whole build process via AWS cloud infrastructure with user-supplied signing keys.
To compare with other custom ROMs, RattlesnakeOS enforces critical security features like enabled verified boot and completely replaces core Google services with third party open source alternatives. Ready-to-flash precompiled builds are not possible in this case, as they are signed by user specific keys.
Android Hardening / Hardened Android Open Source Project
This should not be considered as a fork, as this one is created and maintained by the principal developer of CopperheadOS himself.
Yes, Daniel brought the essence of CopperheadOS back under a new name. For now, the developer doesn’t want to call them production ready. The famous port of OpenBSD’s malloc implementation is the main attraction.
Kernels older than 4.4 are not supported so OG Pixels are dropped from the supported device list. Builds for 2nd and 3rd gen Pixel phones are available via seamlessupdate.app.
Another example is #!os / hashbangOS, which clearly draws its inspiration from CopperheadOS.
Heavily inspired by the former CopperheadOS (RIP) project. We seek to provide a trustable path to free public AOSP builds patched for privacy and security.
Unlike RattlesnakeOS, they are planning to provide reproducible builds using automated CI/CD. Rest of the features are pretty much same.
These guys follow Android Hardening as closely as possible and integrate patches from it. 2016 1st gen Pixels are also supported by this project.
Those who are still curious about the fundamental differences between these forks and other popular custom ROMs, hashbang guys have you covered.
Rocking a Pixel and want to taste a Google-less Android? Give them a try and let us know.
PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.