Many smartphone buyers are surprised when they get a phone with non-removable apps and features. They affect the user experience and take up unnecessarily valuable storage space. This is why custom ROMs are so popular. They give users granular control over the security and privacy of their smartphones.
Not to be confused with the process of rooting, custom ROMs replace the entire operating system of your device. With over a dozen of them available for Android devices, they each meet different needs. CopperheadOS is one of the most popular privacy-oriented custom ROMs. Let’s take a closer look.
What is CopperheadOS?
CopperheadOS was developed as a hardened version of the Android Open Source Project (AOSP) to strengthen the privacy and security features of your phone. This is the foundation on which all flavors of Android are built, including CopperheadOS. Although AOSP is managed by Google, its open source nature allows anyone to review or contribute to its code.
CopperheadOS itself is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 license (for userspace) and the GPL2 license (for the kernel).
This connection between CopperheadOS and AOSP is important to understand as Copperhead’s hardened security features will be updated from the later version of AOSP. This is not the case with some other custom ROMs that branch into different versions when upgrading AOSP.
The operating system was first launched in 2015 by a Toronto-based startup with the aim of giving users confidence that their data is safe. They have largely completed this mission successfully by implementing these key features in CopperheadOS:
- Zero knowledge cryptology: does not reveal data remotely while it is verified locally
- Data obfuscation: masks data so that it is unreadable to unauthorized access
- Data protection by default: Data will not be passed on to Google or Copperhead
- Hardened core: a higher level of security against hacks and code exploits
- Reinforced sandboxing: The apps’ processes are run separately, reducing the risk to the system
With these features, it’s easy to see why more privacy-conscious users – business people, journalists, politicians, crypto owners, etc. – would choose Copperhead as their Android operating system of choice.
Which phones can run CopperheadOS?
Although Copperhead used to support older Nexus devices like the Nexus 5, Nexus 9, and Galaxy S4, this is no longer the case. Support is now limited to Google’s Pixel devices only: Pixel 3XL, Pixel 3, Pixel 3aXL, Pixel 3a, Pixel 4XL, Pixel 4, and Pixel 4a.
If you own one of these models, you will be pleased to know that most of the apps within Copperhead OS are battery-optimized by default, which supports the daily driver use case.
Note, however, that CopperheadOS is not free. Because of this, you should contact either the Copperhead team themselves or a reseller for ongoing service for a recurring fee.
After all, it’s not the first time that developers have opted for such a robust funding model for advancement and support. Threema, for example, although it is an open source and privacy-oriented messenger, also charges a small fee for additional security.
How private is CopperheadOS?
Google’s search engine is notorious for aggressive manipulation and blotting out results that contradict the prevailing narrative. For this reason, DuckDuckGo is enabled by default in CopperheadOS, while the Search Suggestion API is still supported via Chromium.
More importantly, CopperheadOS, by default, disables the browser’s location permission group and grants geolocation permission to the browser’s search engine. Other notable privacy features for CopperheadOS are the following:
Disabled analytics, sensors, and permissions as part of the hardened Chromium package
Encrypted PIN layout
The lock screen hides sensitive notifications
Removed device information from settings menus – serial number, IMEI, etc.
Improved VPN support
Bluetooth scanning is disabled by default
Privacy-based DNS via Cloudflare is set by default
These are just a few of the features that make CopperheadOS a solid candidate for those looking for added protection from tampering, malware, data tracking, data theft, and email interception. Finally, CopperheadOS comes in the Signal package as the standard messaging app.
How secure is CopperheadOS?
In addition to the security features mentioned above, Verified Boot is a staple of any custom ROM designed for the Pixel devices. The function not only makes it more difficult for an attacker to compromise the operating system, but also offers layers of resistance after physical access has already taken place.
More precisely, the attack vector would have to originate from the user data partition, which is why the CopperheadOS reduces its trust level. However, sensitive data remains in this partition in a permanent state, from installing non-system apps to developer options and device manager.
The hardening of CopperheadOS goes beyond the Verified Boot by implementing these important security features:
- Hardened Allocator: Replacing the system allocator prevents the traditional exploitation of the allocator as no inline metadata is used
- Hardened memory management: CopperheadOS creates and isolates dedicated memory areas for mapping libraries
- SELinux guidelines: a series of hardened security improvements that prevent attackers from writing exploits that are present in the upstream AOSP system
As for the core of Copperhead – its kernel – it was developed as a public version of a hardened Linux kernel.
Another notable security feature is WebView, which comes with the standalone Chromium app, which, unlike Google’s Chrome, is 64-bit by default. Whenever the user uses either Chromium- or WebView-based internet browsers, it reduces the likelihood of attacks compared to most other browsers because the apps are separated from each other in a sandbox.
Which apps work on CopperheadOS?
Apps that require Google services – Google Search, Google Chrome, YouTube, Google Play Store – are not supported for obvious privacy and security reasons.
Outside of these Google-dependent apps, most apps are supported on CopperheadOS. You can check the recommended apps in this comprehensive list for each activity / task category. If you tailor your use to it alone, the privacy and security level of your smartphone will be drastically increased.
If you need to install apps from the Play Store, you can always do so by navigating through the Aurora Store app – a privacy-friendly version of the Google Play Store – provided as an optional feature during the setup process.
Together with the Aurora Store, Samourai Wallet – a highly rated crypto wallet without custody – and Nextcloud are delivered as an optional bundle during installation.
Data protection or ease of use?
Customs ROMs can be a little inaccessible, but the rewards are worth it. At a time when privacy has become a primary concern for users, the potential of a custom ROM is becoming even more apparent. Striking a good balance between accessibility and privacy, CopperheadOS is an excellent introduction to the world of privacy-conscious custom ROMs.
Are you ready to revive your Android smartphone or tablet? Installing a custom ROM is the best way to do it – give it even better performance and features.
About the author