|Source model||Closed source|
|Latest release||11.9.2 / 30 September 2021|
|Marketing target||Secure smartphones|
|Update method||Over-the-air (OTA) or sideloaded update packages|
|Package manager||APK with F-Droid bundled as a frontend|
|License||CC BY-NC-SA 4.0|
CopperheadOS is a mobile operating system for smartphones, based on the Android mobile platform. It adds privacy and security features to the official releases of the Android Open Source Project by Google. CopperheadOS is developed by Copperhead, a Canadian information security company. It is licensed under Creative Commons BY-NC-SA 4.0, although its source code is not available for public download.
CopperheadOS supports smartphones in the Google Pixel product line; other devices are not targeted in order to preserve the resources of the development team. It has several security features not found in stock Android, such as a hardened version of the Linux kernel, and the ability to use separate passwords for unlocking the device and for encryption. Rather than use the Google Play Store found on most Android devices, CopperheadOS ships with the F-Droid store in order to reduce the risk of users installing malicious apps.
Development of CopperheadOS began in 2014, and the operating system had an initial alpha release in August 2015. This was followed by a beta release in February 2016, followed by several other releases targeting the Google Nexus and Pixel phones. The project was initially released under the GNU General Public License, with the project's source code publicly available on GitHub. In October 2016 the license was changed to Creative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA), and as of June 2020 access to the source code was restricted to members of Copperhead's partner network.
The CopperheadOS project was started in 2014 by Copperhead, an information security company based in Toronto, Canada. The company was founded in the same year by James Donaldson, the CEO, and Daniel Micay, the CTO and lead developer, and initially served clients in the Canadian legal and intelligence industries. During this work, the founders noticed an absence of secure, open-source operating systems for mobile devices, and they created CopperheadOS under an open source license to try to address this need.
Copperhead announced the development of CopperheadOS in April 2015. According to the announcement, the operating system was designed to be a "secure-by-default version of Android" aimed at privacy-conscious users. At first, CopperheadOS was licensed under the GNU General Public License, and the project's code was located on GitHub. Copperhead contributed several of their bug fixes and improvements developed for CopperheadOS to the Android Open Source Project, the main project for Android development by Google.
In August 2015, Copperhead released the first alpha version of CopperheadOS. At this point, the project was based on CyanogenMod, and included support for the Google Nexus 5 and Samsung Galaxy S4. This was followed by a beta version in February 2016, with support for the Nexus 5, Nexus 9 and Nexus 5X. The beta was based directly on the Android Open Source Project instead of using CyanogenMod, as were subsequent releases. The move away from CyanogenMod and the lack of vendor support led to dropping support for the Samsung Galaxy S4. In May 2016, Copperhead launched an online store where the Nexus 5X could be purchased directly with CopperheadOS pre-loaded. The Nexus 6P was made available for purchase from the store in July of the same year.
From October 2016, for versions of CopperheadOS based on Android 7.0 Nougat, Copperhead changed the CopperheadOS license to the Creative Commons Attribution-NonCommercial-ShareAlike (BY-NC-SA) license. According to Donaldson, this was to prevent other companies from using the CopperheadOS code without paying Copperhead for licensing, in order to keep the project sustainable.
Copperhead began selling Google Pixel phones pre-loaded with CopperheadOS in March 2017, in addition to their lineup of Nexus phones. For Nexus devices, users could download and install CopperheadOS for free; however, this option was not made available for Pixel phones. For Pixel phones, users could either buy a phone from the Copperhead store with CopperheadOS pre-loaded, or send their own phone to Copperhead for the operating system to be installed on it. This was done to prevent violations of CopperheadOS's non-commercial license; Copperhead competitors had been selling Nexus phones with CopperheadOS installed without obtaining a commercial license, and Copperhead wanted to avoid this issue with the Pixel. The issue came to a head in November the same year, when Copperhead briefly shut down the update server for Nexus devices in order to stop the continued license violations. The company restored the update server after two days.
Copperhead released an alpha version of CopperheadOS for the Pixel 2 and Pixel 2 XL in January 2018. Official releases for the Pixel 2 and 2 XL were marked as "for internal use", and could not be downloaded from the Copperhead website without authentication. This maintained the status quo of only Nexus releases being available for public download.
Disagreements between the two founders over business policy became increasingly heated over the first few months of 2018, and led to Donaldson firing Micay in June of that year. Micay responded by posting his dismissal notice on Reddit, and by deleting the cryptographic keys necessary to release updates for the project. Micay said that he considered "the company and infrastructure to be compromised", and that he would "prevent [Donaldson] from harming any users". Copperhead failed to provide CopperheadOS updates for several months afterwards. Micay continued the development of the open source parts of CopperheadOS as the Android Hardening project, which was later rebranded as GrapheneOS. According to Donaldson, as of February 2019 he and Micay were in a legal dispute over the incident.
In March 2019, Copperhead released a version of CopperheadOS based on Android Pie (9), which had support for the Pixel, Pixel XL, Pixel 2 and Pixel 2 XL. Pixel devices pre-installed with CopperheadOS could be purchased from Copperhead's website. This was followed in February 2020 with a version of CopperheadOS based on Android 10, available for the Pixel 2 and Pixel 2 XL. As of June 2020, CopperheadOS sources and installation files were no longer available for public download and could only be obtained from Copperhead's partner network. Copperhead cites "mass violation of Copperhead's non-Commercial licensing" as the reason for this change.
CopperheadOS is focused on hardening the Android operating system to make it more difficult for attackers to exploit any potential security vulnerabilities. In a 2016 interview, Copperhead CEO James Donaldson said, "The point of it is to increase the amount of resources an attacker needs to expend ... to the point where hopefully they will just give up." The operating system features several security improvements over stock Android related to how programs interact with memory. It implements the PaX security patches for the Linux kernel, which improves resistance against executing code that has managed to find its way into writeable memory. It also features improved address space layout randomization, a version of malloc with better memory layout randomization, and more secure SELinux policies. CopperheadOS also features verified boot, which protects against malware taking over the boot process or the recovery process of the device.
There are also various changes from stock Android in user-facing features. CopperheadOS separates the password used to unlock the device from the device's encryption password; users can use a relatively simple password to unlock their devices, but if the wrong password is entered five times in a row, the device reboots and the encryption password must be entered, which would be presumably more difficult for an attacker to guess. The operating system ships with the F-Droid store, from which users can install open-source applications, instead of the Google Play Store usually found on Android phones. This is intended to prevent users from unknowingly installing malicious apps on their devices.
The project supports smartphones in the Google Pixel product line. This is done to preserve Copperhead's development resources, and to enable quick patching when Google releases security updates. As of September 2020[update], the supported phones are the Pixel 2, the Pixel 2 XL, the Pixel 3, the Pixel 3 XL, the Pixel 3a, and the Pixel 3a XL.
In January 2018, Tarus Balog of opensource.com was favorably impressed by features in CopperheadOS, but he found the lack of Google applications difficult, and was confused by licensing terms and conditions. Balog said he initially used a Nexus 6P because available Pixel and Pixel XL phones from Copperhead were too expensive. At that time source code was available, but he was unable to successfully complete his own build.
In 2016, The Tor Project released a prototype smartphone based on CopperheadOS named the Tor Phone, which gave users the ability to route their network connections through Tor for anonymity. CopperheadOS was chosen for its focus on security, in particular its use of verified boot and its prevention of system apps being overridden by apps from the Google Play Store. The prototype only worked on Google Nexus and Pixel hardware, and had many unfinished pieces.