Many smartphone buyers are surprised when they receive a phone loaded with non-removable apps and features. They are detrimental to the user experience and take up valuable storage space unnecessarily. This is why custom ROMs are so popular. They give users granular level control over the security and privacy of their smartphones.
Not to be confused with the rooting process, Custom ROMs replace your entire operating system on your device. With over a dozen of them available for Android devices, they each serve different needs. CopperheadOS is one of the most popular privacy-focused custom ROMs. Let’s take a closer look.
What is CopperheadOS?
CopperheadOS was designed to enhance the privacy and security features of your phone, as an enhanced version of the Android Open Source Project (AOSP). This is the foundation upon which all variants of Android are built, including CopperheadOS. Although AOSP is maintained by Google, its open source nature allows anyone to audit or contribute their code.
However, CopperheadOS itself is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 license (for user space) and the GPL2 license (for the kernel).
This link between CopperheadOS and AOSP is important to understand because the enhanced security features of Copperhead are updated from the later version of AOSP. This is not the case with other custom ROMs which branch out into different versions when the AOSP update occurs.
The operating system was first released in 2015 by a Toronto-based startup, with the aim of inspiring users with the confidence that their data is safe. They have largely succeeded in completing this mission by implementing these key features in CopperheadOS:
- Zero-knowledge cryptology: does not disclose data remotely while checking locally
- Data obfuscation: hides data so that it is unreadable for unauthorized access
- Default privacy: data is not shared with Google or Copperhead
- Hardened core: a higher level of security against hacks and code exploits
- Fortified sandbox: application processes run separately, so the risk to the system is reduced
From these features, it’s easy to see why the more privacy-conscious users – businessmen, journalists, politicians, crypto holders, etc. – would choose Copperhead as their preferred Android operating system.
Which phones can run CopperheadOS?
Although Copperhead previously supported older Nexus devices, such as the Nexus 5, Nexus 9, and Galaxy S4, this is no longer the case. Support is now limited to Google Pixel devices: Pixel 3XL, Pixel 3, Pixel 3aXL, Pixel 3a, Pixel 4XL, Pixel 4, and Pixel 4a.
If you own any of these models, you’ll be happy to know that most Copperhead OS apps are battery-optimized by default, making it more useful as a daily driver.
However, keep in mind that CopperheadOS is not free. For this reason, you need to contact either the Copperhead team itself or a reseller for continued service for a recurring fee.
After all, this isn’t the first time developers have opted for such a robust funding model for ongoing development and support. For example, Threema, while an open-source, privacy-focused messenger, also charges a nominal fee for added peace of mind.
How private is CopperheadOS?
Google’s search engine has become notorious for its aggressive manipulations and results that go against the mainstream. This is why CopperheadOS has enabled DuckDuckGo by default, while also supporting the search suggestion API through Chromium.
More importantly, CopperheadOS by default disables the browser’s location permission group and grants the browser’s search engine the geolocation permission. Other notable privacy features for CopperheadOS are as follows:
Analyzes, sensors and authorizations disabled as part of the reinforced Chromium package
Scrambled PIN code layout
Lock screen hides sensitive notifications
Removed device information from Settings menus – serial number, IMEI, etc.
Improved VPN support
Bluetooth search is disabled by default
Privacy-based DNS via Cloudflare is set by default
These are just a few features that make CopperheadOS a strong candidate for those interested in additional protections against tampering, malware, data tracking, data theft, and email interception. Finally, CopperheadOS comes with Signal as the default messaging app.
How secure is CopperheadOS?
In addition to the aforementioned security features, Verified Boot is a staple for any custom ROM designed for Pixel devices. Not only does the feature make it harder for an attacker to compromise the operating system, it also provides layers of resistance after physical entry has already occurred.
Specifically, the attack vector should come from the userdata partition, which is why the CopperheadOS lowers its trust level. However, sensitive data always stays in this partition in a persistent state, from installing non-system apps to developer options and device manager.
CopperheadOS hardening goes beyond verified boot by implementing these key security features:
- Hardened allocator: by replacing the system allocator, it prevents the exploitation of the traditional allocator because it does not use any online metadata
- Enhanced memory management: CopperheadOS creates and isolates dedicated memory regions for mapping libraries
- SELinux policies: a number of enhanced security enhancements that prevent attackers from writing exploits that are present in the upstream AOSP system
Regarding Copperhead’s kernel, its kernel, it was developed as a public version of a hardened Linux kernel.
Another notable security feature is WebView that comes with the standalone Chromium app which is 64-bit by default, unlike Google’s Chrome. Whenever user takes advantage of Internet browsers based on Chromium or WebView, they reduce the risk of attacks compared to most other browsers because the applications are sandboxed to each other.
What applications run on CopperheadOS?
Applications that require Google services (Google Search, Google Chrome, YouTube, Google Play Store) are not supported for obvious privacy and security reasons.
Apart from these Google dependent apps, most apps are supported on CopperheadOS. You can check recommended apps on this complete list for each category of activity / task. Aligning your use with them alone will dramatically increase the level of privacy and security of your smartphone.
If you need to install apps from the Play Store, you can always do so by browsing the Aurora Store app, a privacy-friendly version of the Google Play Store, which is an optional feature during the installation process.
Along with Aurora Store, Samourai Wallet – a popular non-custodial crypto wallet – and Nextcloud are also optional during installation.
Confidentiality or ease of use?
Customs ROMs can be slightly inaccessible, but the payoff is well worth it. In an age where privacy has become a primary concern for users, the potential of a custom ROM is even more evident. CopperheadOS strikes a good balance between accessibility and privacy and is a great gateway to the world of privacy-focused custom ROMs.
Ready to revitalize your Android phone or tablet? Installing a custom ROM is the best way to do this – fueling it with even better performance and features.
About the Author