In the 21st century, customer’s choice of mobile phones has been reduced to smart phones equipped with only two operating systems. It has always been pointless to argue, which one is better in the terms of privacy and security, as only those companies that were able to monetise information gathered from their customers have survived. The rest is history. As a result, here and there, now and then, another hopeful project arises from the ashes in an attempt to refresh and disrupt the stale environment of mobile communication only to return back where it came from due to lack of resources, promotion or general interest.
The keystones of a mobile operating system called CopperheadOS were:
- Protection from zero-days – prevents many vulnerabilities and makes exploits harder.
- Hardened C standard library and compiler toolchain – catches memory corruption and integer overflows.
- Hardened kernel – kernel self-protection and high quality ASLR.
- Stronger sandboxing and isolation for apps & services – stricter SELinux policies, seccomp-bpf and more.
- Backported security features and quicker patching – benefiting from upstream changes long before stock.
- Firewall & network hardening – along with improvements like MAC randomisation.
- Open-source and free of proprietary services – uses alternatives to Google apps/services like F-Droid.
- Security-centric user experience changes – better defaults, finer-grained permission control.
The Death of the CopperheadOS
There was a lot of noise around the internet, Hacker News especially.