I think there are some misconceptions in this thread (due to the title).
Personally I use CopperheadOS as my daily driver because it stays continually ahead of Google (and groups like AOKP, LineageOS etc) in terms of Android hardening. It goes well beyond just not having Google Play services.
They make continued patches to Android as part of a security and privacy first approach. Many of their patches get upstreamed by google months later (if at all) but CopperheadOS users get them right away.
Google has their engineering efforts focused mostly on new features and compatibility. They are happy to let firms like CopperheadOS be further ahead in security research and take their patches where it does not break compatibility.
It really depends on what you want to optimize for. Security/privacy or being able to run all the latest games and social media apps and the consequences that come with them.
Copperhead uses Grsecurity, and I used to use Grsecurity, when it was widely available, now that it's not and the developer has decided to act in hostile ways to the Linux community(1), it's made me rethink using his work and/or supporting him. Plenty of consultants make do fine without resorting to closing off their source code, and decide to act better with the community and/or companies.
We've reverted the title above to the article title, since that's what the guidelines call for anyhow, unless it's misleading or linkbait. The submitted title was "Copperhead OS – De-Google Your Phone".
Your otherwise good comment probably should include two things that are critical to Google's stance on Android security:
1. They're a surveillance company that has more actual and potential earnings the more they know about their customers. They get good margins when their customers lack privacy with devices locked into Google by default.
2. They don't care about users' safety since make billions off Android platform but wont even patch vulnerabilities quickly. They have enough money to design a server UNIX from scratch plus a full-custom CPU plus mitigations from code injection at CPU level with all that leaving them with a few billion in revenue left out of Android alone. They just don't care since they're a public company about squeezing out every ounce of profit.
So, their incentives ensure they will leave the devices insecure. Someone will have to make their own versions that are secure like Copperhead and separation kernels before them (eg OK Labs) did. Alternatively, convince Google to offer a paid, secure option for their own internal use if nothing else with them recovering costs by eating up the cryptophone market's revenues.
Sometimes I am wondering what Google employees think when they read headlines like this one. I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
A few days ago I was thinking about a new smartphone and because my main problem with my current android is the outdated kernel and driver setup, I was searching for smartphone with open source drivers. Wikipedia tells us since the start of the Smartphone era about 22 phones had open source drivers (with the exception of the proprietary baseband firmware):
Doesn't look like something where you can select the hardware specifications you prefer. So I feel a little lost.
In general, I like Android but for my taste the Google services are too intrusive. Uploading my data before I had a chance to deactivate it is just unacceptable. Asking me every day to add photos to Maps sucks too. I can accept giving some of my information to Google to improve the product, but lately Google feels like the data mooch on my smartphone...
> Sometimes I am wondering what Google employees think when they read headlines like this one.
Hello Google employee here! I suspect we don't all have the same opinion but I can share my own since you asked. Note that I work in Cloud so I work in an area far far away from this stuff and opinions are obviously my own.
Frankly the headline makes me a little bit sad because of course I would like to make things which people are happy about. On the other hand, I also realize that it's not easy to make a product which fits every single person's use case, and in this case I suspect most this level of privacy is overkill for most people, and it's wonderful that there is something for those who want that extra privacy and security.
I also think it's awesome these people contribute security patches to AOSP!
> I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
Is there a reason that removing Google services would be better for the users? I can understand from a philosophical or ideological standpoint why it would be better but not really from a product point of view since I think I can confidently say 99% of Android users do not care or even know that it is open source..
Google services are entirely optional to Android. See AOSP. This criticism appears often on HN, despite how little sense it makes. If you don't like the data that Google Maps collects, simply use another map application. I delete all the useless Google apps off my phone as soon as I get it and keep only the ones that are actually useful.
I love Copperhead OS on my Nexus 5X. Amazing battery life, great trustworthy apps and strong security.
Frankly I think the project would be a lot more successful with lower prices. I'm willing to pay $50 per year for the OS, right now the price to get Copperhead OS installed on a Pixel phone is $400. That's just out of whack when taking into consideration the phone price (I paid around $180 for a used Nexus 5X a year ago) and the usual software prices. I guess I'm not the only one not buying a Pixel with Copperhead OS for that reason.
I'm overall quite pleased with my Copperhead phone, and very much appreciate getting actual OS updates.
I have one issue however that I thought I'd put out there from a customer service standpoint. If you buy a phone from them, you pay what seems to me like a nice premium (Pixel XL $1,269.00; though it's hard to find a good comparison point), and it comes with a service plan. Copperhead (as I understand) takes stock AOSP and (among other things) swaps out some of the default applications. Notably, the SMS application is something called Silence (silence.im).
Here's the issue. I've had a problem or two with Silence, and I contacted their customer support. They suggested trying other SMS apps to see if that solved my problem, which is in itself fine. However, at that point they closed the issue, because they claim that they're not responsible for 3rd party apps, even ones that they bundle and (I presume) update with system upgrades. The reason given is that they don't control the source for those, unlike the OS. I don't accept this at all. I paid a good premium (unless I'm mistaken) for the phone, I expect a _working phone_. This, these days, includes a functioning SMS client. How they go about making that happen is _their_ responsibility. They can work with me to find a suitable replacement, they can submit a pull request or a bug report, etc. But I argue they should consider the issue open until it's fixed or I decide it doesn't matter.
Anyway, not a big deal, I worked around it. Perhaps if I pressed enough they would have been okay with me returning the thing on these grounds, but it's nowhere near worth it. I just disagree with their philosophy on this issue. I understand it must be _really_ hard to deal with all this as such a small operation. But then they should put this point in big bold letters when you buy it, or something. ¯\_(ツ)_/¯
OP here. I actually liked the pointers to F-Droid apps, too. I'm on LineageOS. I've used F-Droid for years but mainly for things like Adaway. Timber and notes apps look interesting, also K-9 of course.
> do think it will happen, however. The use case involves corporations, especially those involved in privacy sensitive fields such as health care. Wouldn’t it be cool to have a locked down “business” VM that is separate from a “personal” VM with your Facebook, games and private stuff on it.
This already exists for businesses with Samsung Knox / Android for Business. No it's not a full OS but it fits all of their needs and separates data. Having one OS in a "vm" on a phone sounds horrible UX wise.
I'm a big fan of the "Island" app [0], which lets you set up a locally-administered Android for Work profile. It's great for, say, cloning a second copy of a messaging app for an alternate account.
Sometimes I don't understand all the hatred toward Google having our data on their servers. Most alternative solutions offer fragmented services (as opposed to the all-in-one experience I get with Google) and are too cumbersome to setup. Yes, I know data is sort of power these days. But before bashing at Google/Apple/Microsoft... and banning their services, people should ask themselves: "What sacrifices are they making and for what?" I mean, I would totally feel convenient when my contacts are synced on my devices and I get a unified experience. Google knowing about my contacts is just the price I pay to get that service and honestly, from my experience, it's better for Google to have my data because they keep adjusting the service I get in return.
> Having one OS in a "vm" on a phone sounds horrible UX wise
I believe most android people are doing this with users.
Since Android is now up to the task of docker (kernel 3.10+), it would be very nice to see apps sandboxed with permissions exposed via networked APIs.
Then it is impossible for an app (sans exploit) to access private data, and simple for the OS to route certain apps to certain data sets (ie, fake contacts for apps that shouldn't need your damn contact to begin with).
CyanogenMod accomplished some of this through various methods, but they were detectable. If you build it this way, it should be entirely undetectable.
YalpStore [1,2] makes getting Play Store apps a lot less painful than going through the process of extracting an APK from one phone and side loading it onto another. There are some that simply won't / don't work without Google Play Services, but most do. This made switching to Copperhead OS much easier for me.
Turn it back on, sure, until the next time you want an APK that's not listed in F-Droid. Seems like a bad idea. How about writing to your favorite app developers and asking them to list on F-Droid instead of sideloading?
FWIW, the "trusted sources" checkbox has been more of a way to scare away people from using Google's competitors (like the Amazon Appstore or F-Droid) than actually indicating any true trustworthiness, given that tons of malware comes from the Play Store, and Google Play Protect ranks dead last on AVTEST.org benchmarks for malware detection.
I believe Google finally introduced a way to deem other app stores as trusted on your phone, but given this is just a block on the manual installation feature, I would consider the trusted sources checkbox to be more "anticompetition focused" than "security focused".
Not only this, he won't receive security updates for his apps any more.
Thank you, I'm staying with default Android and continuing to read what I am prompted for. He could've just opted out of most data collection, no, he had to skip it without even reading it like a 60 year old office worker at a insurance company.
The article mentions launchers; all the launchers in the app store seem sketchy. Does anyone know of a good Open Source launcher, maybe a version of the AOSP launcher compiled for current Android? I'd love to have something that reclaims the pile of space (thumb-reachable space even) devoted to the Google search bar that now stays on the bottom of the main screen all the time.
The stock launcher that ships with AOSP (and Copperhead OS) [1] is OK but leaves something to be desired. I used Nova Launcher [2] for years before switching to Copperhead and liked it quite a bit, but after forgetting to back up my settings and being to lazy to reconfigure it just the way I liked it, I switched to KISS Launcher [3]. It took a few days to adjust, but I prefer it now, and it has the added benefit of being open source and available through F-Droid.
KISS. I love it. It's a input bar. You get the history when you click on it. It's common to find whatever you want to do here. You also get favorite apps bar. You can search contacts, wikipedia, shortcuts (awesome with http post shortcuts or chrome webpages shortcuts). Contacts have a sms/call button on the side and they also appear on the history list. I use it on all my phones. It's lightweight, open source and half my friends don't know how to use my phone.
It's kind of hilarious that copperhead OS is considered de-googled when all the hw support and firmware updates still rely on google. After google drops hw support for a device copperhead discontinues support.
I've used copperhead OS for months.. and believe me when I went back to my 5x that had it and had to attempt to break into my own phone because I forgot the password.. that thing is secure! It does suck to side-load somethings, but the worst part is a lot of things use google play services more than you think.. which is always weird to me. If anyone has any questions let me know, but I enjoyed it. Without google battery life is pretty awesome.
Hardening the OS is not enough. As the infamous Intel ME taught us in a different context, unless one uses only 100% open hardware, security cannot be guaranteed by software.
We need open (documented, reproducible) hardware rather than alternative OSes; until that day security on current platforms is to be considered a myth.
I use CopperheadOS on my Nexus 5X and I am extremely happy with it. My job is android development and I have some personal paid apps on Google play and one Foss app on F-Droid.
Access clipboard in the background and record audio in the background have been lately added to the security features available on CopperheadOS, and I can't imagine now using my phone without COS hardened implementation. I use FDroid for all the apps I need and yalp for a couple of other apps not available on FDroid.
The majority of apps now depends on Google play services and that is flattering and disappointing: all those GPS APIs are very appealing to developers and teams because makes things easier and all but IMHO using all those services is contributing to data mining and I don't think it is fair.
I may have to go this or a similar route, to go back to using WiFi and Bluetooth on my ~5.5 month old Motorola G5+ [1].
I mean, come on! Ship a patch/update, already!
1) That replaced a bootlooped ~1.4 year old Nexus 5X. Wasn't going to spend big bucks after that burn and while waiting for the Pixel 2 or Samsung whatever, or Apple's new line, to drop in a month or two.
And now, with all the crap going on with all those various new models...
I've griped about this, before, but damn it, they deserve the criticism. And the only time they make positive changes seems to be when the public image and pressure get bad enough. (And things get worse again, as soon as that pressure relents -- or gets distracted.)
Copperhead OS is a great project and seems to be short on funding (based on threads on Twitter and Reddit). If you'd like to support it, donations can be made at https://copperhead.co/android/donate.
(I'm not affiliated with the project, I just use it as my primary phone OS.)
[+] [-] lrvick|8 years ago|reply
Personally I use CopperheadOS as my daily driver because it stays continually ahead of Google (and groups like AOKP, LineageOS etc) in terms of Android hardening. It goes well beyond just not having Google Play services.
See their details on their approach and design: https://copperhead.co/android/docs/technical_overview
They make continued patches to Android as part of a security and privacy first approach. Many of their patches get upstreamed by google months later (if at all) but CopperheadOS users get them right away.
Google has their engineering efforts focused mostly on new features and compatibility. They are happy to let firms like CopperheadOS be further ahead in security research and take their patches where it does not break compatibility.
It really depends on what you want to optimize for. Security/privacy or being able to run all the latest games and social media apps and the consequences that come with them.
[+] [-] ece|8 years ago|reply
(1) https://www.theregister.co.uk/2017/12/22/grsecurity_defamati...
[+] [-] dang|8 years ago|reply
https://news.ycombinator.com/newsguidelines.html
[+] [-] nickpsecurity|8 years ago|reply
1. They're a surveillance company that has more actual and potential earnings the more they know about their customers. They get good margins when their customers lack privacy with devices locked into Google by default.
2. They don't care about users' safety since make billions off Android platform but wont even patch vulnerabilities quickly. They have enough money to design a server UNIX from scratch plus a full-custom CPU plus mitigations from code injection at CPU level with all that leaving them with a few billion in revenue left out of Android alone. They just don't care since they're a public company about squeezing out every ounce of profit.
So, their incentives ensure they will leave the devices insecure. Someone will have to make their own versions that are secure like Copperhead and separation kernels before them (eg OK Labs) did. Alternatively, convince Google to offer a paid, secure option for their own internal use if nothing else with them recovering costs by eating up the cryptophone market's revenues.
[+] [-] billpollock|8 years ago|reply
[+] [-] JepZ|8 years ago|reply
A few days ago I was thinking about a new smartphone and because my main problem with my current android is the outdated kernel and driver setup, I was searching for smartphone with open source drivers. Wikipedia tells us since the start of the Smartphone era about 22 phones had open source drivers (with the exception of the proprietary baseband firmware):
https://en.wikipedia.org/wiki/List_of_open-source_mobile_pho...
Doesn't look like something where you can select the hardware specifications you prefer. So I feel a little lost.
In general, I like Android but for my taste the Google services are too intrusive. Uploading my data before I had a chance to deactivate it is just unacceptable. Asking me every day to add photos to Maps sucks too. I can accept giving some of my information to Google to improve the product, but lately Google feels like the data mooch on my smartphone...
[+] [-] rifung|8 years ago|reply
Hello Google employee here! I suspect we don't all have the same opinion but I can share my own since you asked. Note that I work in Cloud so I work in an area far far away from this stuff and opinions are obviously my own.
Frankly the headline makes me a little bit sad because of course I would like to make things which people are happy about. On the other hand, I also realize that it's not easy to make a product which fits every single person's use case, and in this case I suspect most this level of privacy is overkill for most people, and it's wonderful that there is something for those who want that extra privacy and security.
I also think it's awesome these people contribute security patches to AOSP!
> I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
Is there a reason that removing Google services would be better for the users? I can understand from a philosophical or ideological standpoint why it would be better but not really from a product point of view since I think I can confidently say 99% of Android users do not care or even know that it is open source..
[+] [-] notspanishflu|8 years ago|reply
Now I'm running UBPorts in my Nexus 5 https://ubports.com/
Edit: if you are downvoting this comment, please explain why at least. It improves the conversation. Thank you.
[+] [-] lern_too_spel|8 years ago|reply
[+] [-] Tepix|8 years ago|reply
The Copperhead guys should get a copy of http://www.dummies.com/education/economics/how-to-determine-...
[+] [-] slphil|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] orblivion|8 years ago|reply
I have one issue however that I thought I'd put out there from a customer service standpoint. If you buy a phone from them, you pay what seems to me like a nice premium (Pixel XL $1,269.00; though it's hard to find a good comparison point), and it comes with a service plan. Copperhead (as I understand) takes stock AOSP and (among other things) swaps out some of the default applications. Notably, the SMS application is something called Silence (silence.im).
Here's the issue. I've had a problem or two with Silence, and I contacted their customer support. They suggested trying other SMS apps to see if that solved my problem, which is in itself fine. However, at that point they closed the issue, because they claim that they're not responsible for 3rd party apps, even ones that they bundle and (I presume) update with system upgrades. The reason given is that they don't control the source for those, unlike the OS. I don't accept this at all. I paid a good premium (unless I'm mistaken) for the phone, I expect a _working phone_. This, these days, includes a functioning SMS client. How they go about making that happen is _their_ responsibility. They can work with me to find a suitable replacement, they can submit a pull request or a bug report, etc. But I argue they should consider the issue open until it's fixed or I decide it doesn't matter.
Anyway, not a big deal, I worked around it. Perhaps if I pressed enough they would have been okay with me returning the thing on these grounds, but it's nowhere near worth it. I just disagree with their philosophy on this issue. I understand it must be _really_ hard to deal with all this as such a small operation. But then they should put this point in big bold letters when you buy it, or something. ¯\_(ツ)_/¯
[+] [-] meneame2|8 years ago|reply
That, coupled with the fact that Pixel devices are way more expensive than Nexus used to be limits its usefulness.
[+] [-] billpollock|8 years ago|reply
[+] [-] JetSpiegel|8 years ago|reply
[+] [-] agentdrtran|8 years ago|reply
This already exists for businesses with Samsung Knox / Android for Business. No it's not a full OS but it fits all of their needs and separates data. Having one OS in a "vm" on a phone sounds horrible UX wise.
[+] [-] mintplant|8 years ago|reply
[0] https://forum.xda-developers.com/android/apps-games/closed-b...
[+] [-] bhnmmhmd|8 years ago|reply
[+] [-] chisleu|8 years ago|reply
I believe most android people are doing this with users.
Since Android is now up to the task of docker (kernel 3.10+), it would be very nice to see apps sandboxed with permissions exposed via networked APIs.
Then it is impossible for an app (sans exploit) to access private data, and simple for the OS to route certain apps to certain data sets (ie, fake contacts for apps that shouldn't need your damn contact to begin with).
CyanogenMod accomplished some of this through various methods, but they were detectable. If you build it this way, it should be entirely undetectable.
[+] [-] Tijdreiziger|8 years ago|reply
[+] [-] jonafato|8 years ago|reply
[1] https://github.com/yeriomin/YalpStore
[2] https://f-droid.org/packages/com.github.yeriomin.yalpstore/
[+] [-] seba_dos1|8 years ago|reply
[+] [-] wffurr|8 years ago|reply
Turn it back on, sure, until the next time you want an APK that's not listed in F-Droid. Seems like a bad idea. How about writing to your favorite app developers and asking them to list on F-Droid instead of sideloading?
[+] [-] ocdtrekkie|8 years ago|reply
I believe Google finally introduced a way to deem other app stores as trusted on your phone, but given this is just a block on the manual installation feature, I would consider the trusted sources checkbox to be more "anticompetition focused" than "security focused".
[+] [-] Mo3|8 years ago|reply
Thank you, I'm staying with default Android and continuing to read what I am prompted for. He could've just opted out of most data collection, no, he had to skip it without even reading it like a 60 year old office worker at a insurance company.
[+] [-] JoshTriplett|8 years ago|reply
[+] [-] jonafato|8 years ago|reply
[1] https://android.googlesource.com/platform/packages/apps/Laun...
[2] http://novalauncher.com/
[3] http://kisslauncher.com/
[+] [-] izacus|8 years ago|reply
[+] [-] ORioN63|8 years ago|reply
https://f-droid.org/en/packages/fr.neamar.kiss/
[+] [-] bradfa|8 years ago|reply
F-droid link: https://f-droid.org/en/packages/com.benny.openlauncher/ Google play: https://play.google.com/store/apps/details?id=com.benny.open...
[+] [-] chrisper|8 years ago|reply
It's free and the prime one is affordable.
Just try it out.
[+] [-] thatcat|8 years ago|reply
[+] [-] dweekly|8 years ago|reply
http://www.tdcommons.org/dpubs_series/500/
[+] [-] Improvotter|8 years ago|reply
They show a Nexus 5 on the landing page for CopperheadOS. Why not show a supported device?
[+] [-] aknfo1341|8 years ago|reply
[+] [-] squarefoot|8 years ago|reply
[+] [-] makepkg|8 years ago|reply
[+] [-] pasbesoin|8 years ago|reply
I mean, come on! Ship a patch/update, already!
1) That replaced a bootlooped ~1.4 year old Nexus 5X. Wasn't going to spend big bucks after that burn and while waiting for the Pixel 2 or Samsung whatever, or Apple's new line, to drop in a month or two.
And now, with all the crap going on with all those various new models...
I've griped about this, before, but damn it, they deserve the criticism. And the only time they make positive changes seems to be when the public image and pressure get bad enough. (And things get worse again, as soon as that pressure relents -- or gets distracted.)
[+] [-] gman83|8 years ago|reply
https://techspecs.blog/blog/2017/3/15/fuchsias-hypervisor
[+] [-] z3t4|8 years ago|reply
[+] [-] jonafato|8 years ago|reply
(I'm not affiliated with the project, I just use it as my primary phone OS.)
[+] [-] parfamz|8 years ago|reply