I think there are some misconceptions in this thread (due to the title).
Personally I use CopperheadOS as my daily driver because it stays continually ahead of Google (and groups like AOKP, LineageOS etc) in terms of Android hardening. It goes well beyond just not having Google Play services.
They make continued patches to Android as part of a security and privacy first approach. Many of their patches get upstreamed by google months later (if at all) but CopperheadOS users get them right away.
Google has their engineering efforts focused mostly on new features and compatibility. They are happy to let firms like CopperheadOS be further ahead in security research and take their patches where it does not break compatibility.
It really depends on what you want to optimize for. Security/privacy or being able to run all the latest games and social media apps and the consequences that come with them.
Copperhead uses Grsecurity, and I used to use Grsecurity, when it was widely available, now that it's not and the developer has decided to act in hostile ways to the Linux community(1), it's made me rethink using his work and/or supporting him. Plenty of consultants make do fine without resorting to closing off their source code, and decide to act better with the community and/or companies.
Actually, copperhead itself is sort of loosely following grsec's model, which is rather unfortunate. Their licences, where required will be GPL or compatible with upstream, but otherwise copperheadOS itself is not FOSS. I kind of get that it's hard to make money in such projects, but I really don't see how this strategy works for them, unless the goal is just to be bought out by someone.
Copperhead maintains the -hardened patchset, which is essentially a fork of Grsecurity, largely because of those concerns. (I don't use CopperheadOS on my phone, but I do use their work in the form of linux-hardened on my desktop!)
We've reverted the title above to the article title, since that's what the guidelines call for anyhow, unless it's misleading or linkbait. The submitted title was "Copperhead OS – De-Google Your Phone".
A brief summary of what something is can be helpful. I probably wouldn't have noticed this story if it wasn't explicitly mentioned as being about phones; I like hearing about a new OS but since I don't have the time/urge for kernel hacking I've generally stopped reading such stories.
Your otherwise good comment probably should include two things that are critical to Google's stance on Android security:
1. They're a surveillance company that has more actual and potential earnings the more they know about their customers. They get good margins when their customers lack privacy with devices locked into Google by default.
2. They don't care about users' safety since make billions off Android platform but wont even patch vulnerabilities quickly. They have enough money to design a server UNIX from scratch plus a full-custom CPU plus mitigations from code injection at CPU level with all that leaving them with a few billion in revenue left out of Android alone. They just don't care since they're a public company about squeezing out every ounce of profit.
So, their incentives ensure they will leave the devices insecure. Someone will have to make their own versions that are secure like Copperhead and separation kernels before them (eg OK Labs) did. Alternatively, convince Google to offer a paid, secure option for their own internal use if nothing else with them recovering costs by eating up the cryptophone market's revenues.
I'm not sure i follow, you can upstream any security feature to AOSP, CopperheadOS dev has upstreamed lots of stuff to improve security overall which is good.
Google can do whatever they want but most of it is happening in house sadly, they could probably pay grsecurity devs to implement security features for Android & ChromeOS if they wanted to.
That last part is exactly my point. They're making billions on Android but will barely patch it. They just dont care at all since the money will go into their pockets anyway. Instead, all these small players have to show up working nearly for free swimming upstream with their enhancements making almost nothing.
Well it's already pretty hard to exploit Android, the kernel is the weak point at the moment.
I've studied the grsecurity code a lot and if you can exploit that stuff you can get high paying jobs for either red team or blue ;)
Making it harder and driving up the cost to use/write exploits and ofcourse making everyone more secure is the end goal for the sec team :D
Can you explain how 2.) follows from 1.) ? Or at least how exactly has Google incentive to keep Android insecure (especially in terms of all the security research/hardening being done by internal teams, both for Android and iOS)?
They're seperate. Bad security follows from both. For one, too little privacy is profitable for a company selling or matching against profiles obtained from surveilling their users' activities. On 2, redoing Android security or just handling it better would cost more for Google even though the problems are externalities: they cost the users, not Google. For-profit, public comoanies ignore externalities as much as possible to maximize profit.
So, Google securing Android would cost them a lot of money for fixing the customers' problems that dont affect Google. Then, it might cost them piles of money later in lost ad revenue when now-private services make customers black boxes of sorts.
I think there's a lot of middle ground to explore but surveillance or public companies don't usually go for it. Offering a paid, surveillance-off version of each ad service is one of those. You will rarely see that as simple as it is to do.
Sometimes I am wondering what Google employees think when they read headlines like this one. I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
A few days ago I was thinking about a new smartphone and because my main problem with my current android is the outdated kernel and driver setup, I was searching for smartphone with open source drivers. Wikipedia tells us since the start of the Smartphone era about 22 phones had open source drivers (with the exception of the proprietary baseband firmware):
Doesn't look like something where you can select the hardware specifications you prefer. So I feel a little lost.
In general, I like Android but for my taste the Google services are too intrusive. Uploading my data before I had a chance to deactivate it is just unacceptable. Asking me every day to add photos to Maps sucks too. I can accept giving some of my information to Google to improve the product, but lately Google feels like the data mooch on my smartphone...
> Sometimes I am wondering what Google employees think when they read headlines like this one.
Hello Google employee here! I suspect we don't all have the same opinion but I can share my own since you asked. Note that I work in Cloud so I work in an area far far away from this stuff and opinions are obviously my own.
Frankly the headline makes me a little bit sad because of course I would like to make things which people are happy about. On the other hand, I also realize that it's not easy to make a product which fits every single person's use case, and in this case I suspect most this level of privacy is overkill for most people, and it's wonderful that there is something for those who want that extra privacy and security.
I also think it's awesome these people contribute security patches to AOSP!
> I mean they probably have no problem giving the personal data to Google, but at the same time many of them are probably open source proponents and would support a world where the Google services would be entirely optional to Android.
I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
Is there a reason that removing Google services would be better for the users? I can understand from a philosophical or ideological standpoint why it would be better but not really from a product point of view since I think I can confidently say 99% of Android users do not care or even know that it is open source..
>I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
People like Google services, but they're less enthusiastic about Google's data collection practices. My father, who is now retired from a career in semiconductor manufacturing and programming, was unaware of Google's practice of monitor users' credit cards [0] and was visibly uncomfortable when he was made aware of it. Google's terms of service were effectively changed in a manner that harmed him, but he has no recourse.
Google services are frequently useful, but let's not pretend that there are other good choices. Google offers their apps for free, and has immediate access to approximately one billion Android devices by mandating an app's inclusion. That's an impossibly high barrier for all but the largest companies.
> I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
That's exactly why it should be independent of Google services–it makes it too easy to make changes to benefit those who use Google services and harm those who don't in the name of "but it's great for most people…"
Actually, I think removing Google services by default is not what we have in mind here. So we are okay that most users like Android as it is. Well, I think many of them just don't know which information Google collects and if they would learn about, some would not want to share that information either, but that is something everyone has to care for themselfs.
We just want the options to opt-out of every Google service easily and use alternatives (without having to flash custom roms) and to have up-to-date kernels and drivers. So having closed source drivers actually reduces the security (missing updates after a few month) and life time aspects of the product (the device). With the Android market domination Google has, it could easily force the hardware manufacturers to produce devices with open source drivers.
You might be a Google employee, but you do not seem to be an Open source proponent. That's you prerogative, but you completely miss the point of the discussion if you ask why should users want to be independent from proprietary services. Sure, 99% don't want that and would click any colored and shiny button if it promises them a free Justin Bieber ringtone, but this is not the topic of the thread.
Cloud services are probably the thing that is the farthest away from being open-source non-proprietary software... and he is working on cloud services, so I can understand where he comes from...
While I understand what you were getting at, we actually do open source some of our software as well as contribute to an early open source project so I wouldn't say it's the FARTHEST away..
The software that you are open sourcing, is it software that allows you to access the back-end or are you actually releasing software that could allow someone else to start his own cloud service?
We have an incubator project for Kubernetes as well as software to access the backend.
I don't think our team is releasing software to let others start their own cloud service if I understand you correctly. Are you thinking of something like what GitLab does? If so our team isn't doing that sorry!
I prefer software that is open source. I like to contribute my time, effort, and money to open source software as well, at least that which I find useful and interesting.
I guess I'm not an open source proponent but just whatever you would call the above?
What would you consider to be an open source proponent? Someone who believes all source code should be open source?
> That's you prerogative, but you completely miss the point of the discussion if you ask why should users want to be independent from proprietary services
Well don't just leave me hanging.. what is the point of the discussion? Please do enlighten me.
> Sure, 99% don't want that and would click any colored and shiny button if it promises them a free Justin Bieber ringtone, but this is not the topic of the thread.
Isn't it? I mean the comment was literally asking for an opinion which I gave. I'm not sure I understand why this is off topic? Most businesses would be unbelievably successful if their product appealed to 99% of people.
From a cursory scan of the comments, it looks like people are frustrated about not having control over their devices. Right now, iOS and Android control the user, restricting freedom and choices. For example iOS won't let me record my screen while the Netflix application is running. Clearly this is to protect DRM interests, but the principle is that Apple has ultimate control over how my iPhone behaves. I cannot provide a false GPS location to apps. I can't lie about battery level. I can't lie about notification permissions or fool applications. We need to be able to lie to our devices to have freedom and control them.
So back to how this relates to an Android being tied to Google Play: you as the user don't have ultimate control over your device. And that means you don't fully own your device.
That's my perception of the main issues with control from Apple and Google. Lots of great software and hardware being produced, but we need to have more power over the operation of our gadgets.
There doesn't seem to be any point to this discussion for GP to miss because the premise was plainly incorrect. As multiple people have pointed out, Android itself is completely independent from proprietary services. If you buy a Google-flavored Android device (which is a spectrum itself), your device will come with proprietary services on it. That doesn't mean you have to use them, nor does it mean you have to have a Google-flavored Android build. You're free to use apps that use Pushy or some other third party push messaging service, OpenStreetMap or some other map provider, Bing or some other search provider, Fastmail or some other mail provider, etc.
> I like to think I'm a proponent of open source as I try to contribute but to be honest I don't actually think it really matters for Android to be independent of Google services because as far as I can tell, most people like Android with Google services?
Yeah but what about people who aren't most people? Are you saying they don't matter? That doesn't sound very open source.
Those people by definition aren't Googles customers. And Google is the one developing the OS. Maybe Apple will be more open to developing an OS for people that hate them? :)
Is Halium an old project? If it is, I imagine everything just got a whole lot easier with Project Treble and with the new six-year LTS Android kernels.
Google services are entirely optional to Android. See AOSP. This criticism appears often on HN, despite how little sense it makes. If you don't like the data that Google Maps collects, simply use another map application. I delete all the useless Google apps off my phone as soon as I get it and keep only the ones that are actually useful.
They mostly have their own version of it, just developed by Chinese companies and controlled by the government. From what I have seen, it's quite on par with Google Play Services.
And those APIs actually rely on things hosted on Google servers (Push notification system, fused location system, Google login and other come to mind) which can't exist without Googles involvement.
Making people implement their own services proved to be problematic, because most developers didn't care enough to optimize their services for low memory and battery usage, resulting in terrible battery life on Android devices. Since Android must compete against iOS, a central system had to be established to reach similar battery life.
>fused location system ... which can't exist without Googles involvement
That's kind of a cop-out though. It certainly could exist without Google's involvement if the location provider were a pluggable module within AOSP. microG does this - my phone supports the fused location API using Mozilla's location database instead of Google's. (There are other modules too, like a local database of cell towers if you're willing to dedicate some storage to it.)
Push notifications and Google login sure, but some of what's in the Play Services APIs should really be in AOSP, IMO.
EDIT: For that matter, you could even have the push provider available as a module too, even though Google's push service is the only one currently available.
Sure and you can use microG and other services on your Google free phone. I do agree that flashing firmware without Google services should be easier on devices, but the actors preventing that aren't Google (locked bootloaders are demanded by your American telcos like Verizon, DRM lockdown is demanded by the copyright lobby and SoC vendors refuse to release the kernel sources).
But in general, I don't get what your expectation is, that Google will spend millions developing an OS and then give it to competition or deliberately provide worse user experience than their main competitor?
In what way does that mean that Google services are required for Android? Lots of Linux games rely on Steam being present.
If you don't want Steam, don't use games that require it. If you don't want Google services like Google's Maps widget or its push messaging service or its game leaderboard, use apps that use another data source for maps and another persistent connection for push messages and another leaderboard service.
F-Droid and Amazon's App Store are filled entirely with apps that don't (can't) use Google's services, yet many on HN blindly continue to claim that this is not possible.
Except AOSP doesn't even pass the Android certification [edit: should be compatibility, not certification] test suite, so stage one of building non-Google Android is making AOSP actually work as it should. :(
It's mostly not functionality missing to pass the CTS, but just broken untested AOSP-only code (that is replaced by Google closed source code in Google builds).
These only fail because there is extra unused noop functionality in AOSP that CTS complains about (a bug in AOSP), not because Google services are required to pass CTS.
The point was that AOSP isn't a perfect base, because the Android team obviously don't care enough to actually test it, not that Google services are required.
That makes your first comment completely irrelevant with respect to its parent. It's also a stretch to say that you need to do anything to make AOSP work as it should simply because it contains extra noop APIs.
You might want to check out Eraser, made by Mapzen. Eraser is a Google Maps like app that uses OpenStreetMap data and is backed solely open source software and open data. It's a little rough around the edges (especially when it comes to transit routing).
Created an account to share this, as it seems not many people know...
You can use an AOSP such as lineage, or carbon. There are quite a few options.
Then, use fdroid and a play store alternative. You DO NOT need the google play services, such as microgapps, or opengapps. Even to use Google Maps! I use google maps by downloading maps anonymously with the Yalp store, and then I don't sign in. I don't have the so called high accuracy location, but I still have GPS, which, obviously, is sufficient. I can navigate easily in a large city, for example.
As far as I know google can't link me to any data that maps sends.
Spotify works fine, along with a half dozen other apps.
Signal can a bit of a pain, as it complains about not having a google api backend, which I think is for contacts. Again, the pain is worth it. And there are open source contact alternatives.
I can't get apps that I paid for, for that I would have to sign in with Yalp, which I haven't bothered with. The freedom is so much better.
Everything else works, banking apps, Firefox, Dropbox, etc.
I'm using a Sony Xperia Z2. The battery is AMAZING! I really wish a largish company would pick this idea up, and start selling phones without google. Sony? The freedom and privacy is worth a lot in my opinion.
Well, Fdroid is great and with the automatic upgrade extension (totally optional) really easy to use. But using an Android without access to the Play Store is just kinda weird.
So yes, you can remove Google completely from your smartphone, but then many things are getting much more complicated. So I don't want to remove Google completely from my phone. I just want to have easy options to turn things off I do not like.
I just wish Google would respect their users wishes a little more and would keep developing their services in a direction which would embrace community contributions to the eco system.
> So yes, you can remove Google completely from your smartphone, but then many things are getting much more complicated.
> I just wish Google would respect their users wishes a little more [...] I just want to have easy options to turn things off I do not like.
This is not how things work in reality. People/corporations don't do what you want just because you're wishing it. If you are unwilling to tolerate a little bit of discomfort why should they tolerate the risk of changing their practices which have been proven to work? By continuing to buy Android devices, despite your complaints, you are, in fact, providing them with the opposite incentive.
I love Copperhead OS on my Nexus 5X. Amazing battery life, great trustworthy apps and strong security.
Frankly I think the project would be a lot more successful with lower prices. I'm willing to pay $50 per year for the OS, right now the price to get Copperhead OS installed on a Pixel phone is $400. That's just out of whack when taking into consideration the phone price (I paid around $180 for a used Nexus 5X a year ago) and the usual software prices. I guess I'm not the only one not buying a Pixel with Copperhead OS for that reason.
This is true, but building from source isn't very hard. (I also don't care for the Pixel -- I have no desire to upgrade from my Nexus 6 and recommend it to others seeking a de-Googled phone.)
I had a nexus 6 for 2 years. Just replaced it last month with an iPhone 8+. My experience with the nexus was horrible and I will never buy another android phone. The quality of the hardware is just abysmal. I hope the iPhone proves itself better.
I have had only a single problem with my Nexus 6, as far as hardware goes: the USB port on the bottom sucks. On the other hand, there is an obviously superior way to charge the phone, since it supports Qi charging, which I have stations for at my office and home. I only need to use the port when flashing a new ROM (it works, but only in precise alignment).
You should provide some actual claims about the problems you had with the hardware rather than just complaining.
I'm overall quite pleased with my Copperhead phone, and very much appreciate getting actual OS updates.
I have one issue however that I thought I'd put out there from a customer service standpoint. If you buy a phone from them, you pay what seems to me like a nice premium (Pixel XL $1,269.00; though it's hard to find a good comparison point), and it comes with a service plan. Copperhead (as I understand) takes stock AOSP and (among other things) swaps out some of the default applications. Notably, the SMS application is something called Silence (silence.im).
Here's the issue. I've had a problem or two with Silence, and I contacted their customer support. They suggested trying other SMS apps to see if that solved my problem, which is in itself fine. However, at that point they closed the issue, because they claim that they're not responsible for 3rd party apps, even ones that they bundle and (I presume) update with system upgrades. The reason given is that they don't control the source for those, unlike the OS. I don't accept this at all. I paid a good premium (unless I'm mistaken) for the phone, I expect a _working phone_. This, these days, includes a functioning SMS client. How they go about making that happen is _their_ responsibility. They can work with me to find a suitable replacement, they can submit a pull request or a bug report, etc. But I argue they should consider the issue open until it's fixed or I decide it doesn't matter.
Anyway, not a big deal, I worked around it. Perhaps if I pressed enough they would have been okay with me returning the thing on these grounds, but it's nowhere near worth it. I just disagree with their philosophy on this issue. I understand it must be _really_ hard to deal with all this as such a small operation. But then they should put this point in big bold letters when you buy it, or something. ¯\_(ツ)_/¯
OP here. I actually liked the pointers to F-Droid apps, too. I'm on LineageOS. I've used F-Droid for years but mainly for things like Adaway. Timber and notes apps look interesting, also K-9 of course.
is it completely de-googled though (even when play services are not installed)? Honest question. To me it seems as if that's not one of the main interests of the lineage community.
I do use lineageOS myself and am generally very content with it but I am always a bit concerned when I see that the data usage of OS components (which are thrown together as one "app" in the settings) is more than a few MB. The system must do more than just checking for updates. Unfortunately, you can't prevent system components from accessing the internet if you don't intend rooting your phone.
LineageOS runs fine without Play Services. It's actually the default mode. It just limits your app choices. My needs are simple so I don't really mind, and I appreciate the improved battery life and speed.
It turns out many apps from the Play Store don't actually have a hard dependency on Play Services. Example: Slack works, except for notifications and (IIRC) receiving calls, which is good enough if you don't need to be reachable all the time.
I run LineageOS v13 now (Galaxy Nexus), and before that Cyanogenmod back to v7 (maybe v6 not sure) and have never had Gapps installed, its been F-Droid all the way. I guess that means I can't appreciate the improved battery life or speed..
I use Yalp Store to use apps from the Play Store and even though almost all of them "require" Play Services, most work just fine and worst case scenario they have a nagging screen about requiring Play Services but work just fine.
Same with Discord. I don't get any notifications from Discord on my de-Googled LineageOS devices, but the application works just fine (although I had to silence its constant notifications about Play Services).
By default, LineageOS does NOT include google play services. And it works just fine if you don't expect to use apps which "require" google play services.
Does this still require you to essentially nerf application signing in order to spoof some google play crap? If so, that's really not a viable solution.
The newer version of signature spoofing patch (included in microG's LineageOS fork) allows you to control the spoofing and make sure that it's only used when necessary and permitted, so I'd say the answer is "no".
Interesting. I know the microG folks tried to upstream a patch to Cyanogenmod, which the devs shot down almost immediately.. So you're saying that the microG folks are now maintaining a fork of LineageOS? If it's not tracking VERY closely to upstream LineageOS, then it's probably not worth it.
> do think it will happen, however. The use case involves corporations, especially those involved in privacy sensitive fields such as health care. Wouldn’t it be cool to have a locked down “business” VM that is separate from a “personal” VM with your Facebook, games and private stuff on it.
This already exists for businesses with Samsung Knox / Android for Business. No it's not a full OS but it fits all of their needs and separates data. Having one OS in a "vm" on a phone sounds horrible UX wise.
I'm a big fan of the "Island" app [0], which lets you set up a locally-administered Android for Work profile. It's great for, say, cloning a second copy of a messaging app for an alternate account.
It's too bad Google itself only allows you to do that with a Gmail for Business account.
I had to use a profile for my banking app to isolate it from all my personal apps, instead. But it seems that Google doesn't' even care that much about the multi-profile functionality, as it seems to crash quite often and has other issues. I imagine they don't put it through a lot of Q&A with each new Android release.
Even so, having to change between profiles often just to get that kind of isolation is quite frustrating.
Sometimes I don't understand all the hatred toward Google having our data on their servers. Most alternative solutions offer fragmented services (as opposed to the all-in-one experience I get with Google) and are too cumbersome to setup. Yes, I know data is sort of power these days. But before bashing at Google/Apple/Microsoft... and banning their services, people should ask themselves: "What sacrifices are they making and for what?" I mean, I would totally feel convenient when my contacts are synced on my devices and I get a unified experience. Google knowing about my contacts is just the price I pay to get that service and honestly, from my experience, it's better for Google to have my data because they keep adjusting the service I get in return.
It's the competing incentives of a company that provides data services to end-user customers and a company that mines as much information about people to sell advertising to companies.
Without strong controls about what they can do, we are always at the whim of what they might do. Google feels like a fairly bipolar company from the outside, because they present two faces depending on who they are dealing with, end-users or companies looking to advertise.
As an end-user, Google knowing all the little details about everything I do and many places I go (because analytics JS, G+ button inclusion, etc) is disconcerting. For a company looking to advertise, them not doing this all of a sudden would be disconcerting, and they would probably look to some other company that is doing so. It isn't just Google. Facebook knows a startlingly large amount about you too.
I'm increasingly convinced this is one of those places where the market is failing us because the negative externalities are mostly hidden. Those are good places for targeted regulation. I wouldn't be entirely appeased, but a law about the ability to review all information collected about you from a company and strong controls about the access, sale and use of this information would go a long way towards making me less worried about Google (or whoever) changing quite a bit in the next decade and selling off the information.[1]
Because think about it, how far away are Google, Facebook and the umpteen other ad agencies with complex profiles of you from usurping the credit bureaus?
1: Maybe what we need is an interesting billionaire to buy a lot of personal information on all the U.S. politicians from one of the less public agencies and publish it. I'm sure we would get a law passed in record time.
But do you honestly see an outcome where information is not collected at all? Because I don't, so as I see it we need to put the correct incentives in place to not only make it less likely but to handle when it inevitably does.
Maybe a fine up to $X per account leaked with a soft cap (but absolutely no less than $1 or $2 per account) is levied. Losing 1 million accounts would hurt, so companies would make real decisions about what and when to collect data for liability reasons, and protect it better in many cases when they did.
I mean, I would totally feel convenient when my contacts are synced on my devices and I get a unified experience. Google knowing about my contacts is just the price I pay to get that service
Well, it's a question of what one is willing to pay. Me, I'm willing to pay actual U. S. dollars to Apple to get that same functionality without giving up (and perhaps I'm naive here) privacy. Personally, I like that well-defined transaction. The transaction that has taken place between yourself (and to some degree, me) and Google is much more fuzzy. Today Google does this with your data, but tomorrow? You call it "adjusting the service", I call it "getting more creepy". No right or wrong, you're happy, I'm happy, but from my POV there is a vast gulf in the price paid for the two competing services.
The instant Apple starts doing Googly stuff, I'll dump them for the real thing. But I'll betcha Apple is quite aware of this.
You're making the mistake of confusing collecting data with doing useful things with that data (whether it is useful to the company pr the customer). Apple collects the data. It is simply incapable (for now) of doing anything useful with the data. To the end user, the privacy implications are the same, perhaps worse because a company that isn't able to make use of data is probably less able to secure the data as well.
Great point. Would it be beneficial to create "open databases"?
Instead of having companies own data (Google/Facebook), all data resides in public databases. This would work for services that do not need sensitive data and can be anonymized, such as what videos do I watch, what words I type/search, etc.
This would help both privacy (I know what data is being recorded) and help small competitors thrive.
> Having one OS in a "vm" on a phone sounds horrible UX wise
I believe most android people are doing this with users.
Since Android is now up to the task of docker (kernel 3.10+), it would be very nice to see apps sandboxed with permissions exposed via networked APIs.
Then it is impossible for an app (sans exploit) to access private data, and simple for the OS to route certain apps to certain data sets (ie, fake contacts for apps that shouldn't need your damn contact to begin with).
CyanogenMod accomplished some of this through various methods, but they were detectable. If you build it this way, it should be entirely undetectable.
I had considered trying something like this with Hellaphone (Inferno as a replacement for Android's Java components). Because the Inferno VM is so lightweight (startup took less than a second once you were out of the bootloader), you could easily run one whole VM per application. Then just make some sort of multiplexer to swap between which VM has screen access at any one time. 9P would make a rather straightforward way to provide services for applications, too.
How would your solution improve on current one, where apps are sandboxed by the permissions system and communicate via Binder which is also RPC based? You just added bunch of layers to architecture for no reason - none of serious Android exploits in years would be mitigated by your approach.
> You just added bunch of layers to architecture for no reason
The sandbox doesn't do the isolation that docker can. It uses user isolation like I mentioned. The difference is that Binder is Java on top of the kernel, while docker is isolating from the kernel itself.
Without access to the service, it is impossible, sans-kernel-exploit, to escape the permissions jail, or even tell if you are in a permissions jail if someone gives your app fake contact information by routing it to a different service.
Docker isn't perfect. It had a serious CVE recently. I'm certainly not saying it is absolutely better. I'm just saying that I think they are fundamentally different and that process level isolation is superior to user level isolation.
Sure, but none of serious Android exploits had anything to do with escaping from the sandbox. They were mostly in driver and HW acceleration layers, which can't be sandboxed due to performance and DRM reasons.
YalpStore [1,2] makes getting Play Store apps a lot less painful than going through the process of extracting an APK from one phone and side loading it onto another. There are some that simply won't / don't work without Google Play Services, but most do. This made switching to Copperhead OS much easier for me.
Turn it back on, sure, until the next time you want an APK that's not listed in F-Droid. Seems like a bad idea. How about writing to your favorite app developers and asking them to list on F-Droid instead of sideloading?
FWIW, the "trusted sources" checkbox has been more of a way to scare away people from using Google's competitors (like the Amazon Appstore or F-Droid) than actually indicating any true trustworthiness, given that tons of malware comes from the Play Store, and Google Play Protect ranks dead last on AVTEST.org benchmarks for malware detection.
I believe Google finally introduced a way to deem other app stores as trusted on your phone, but given this is just a block on the manual installation feature, I would consider the trusted sources checkbox to be more "anticompetition focused" than "security focused".
Not only this, he won't receive security updates for his apps any more.
Thank you, I'm staying with default Android and continuing to read what I am prompted for. He could've just opted out of most data collection, no, he had to skip it without even reading it like a 60 year old office worker at a insurance company.
Some of us using Copperhead OS never enable unknown sources. Yes, the author is a doofus for the reasons you specified, but sticking with "default Android" (whatever that is.. you mean AOSP?) is arguably worse than running Copperhead OS.
The article mentions launchers; all the launchers in the app store seem sketchy. Does anyone know of a good Open Source launcher, maybe a version of the AOSP launcher compiled for current Android? I'd love to have something that reclaims the pile of space (thumb-reachable space even) devoted to the Google search bar that now stays on the bottom of the main screen all the time.
The stock launcher that ships with AOSP (and Copperhead OS) [1] is OK but leaves something to be desired. I used Nova Launcher [2] for years before switching to Copperhead and liked it quite a bit, but after forgetting to back up my settings and being to lazy to reconfigure it just the way I liked it, I switched to KISS Launcher [3]. It took a few days to adjust, but I prefer it now, and it has the added benefit of being open source and available through F-Droid.
KISS. I love it. It's a input bar. You get the history when you click on it. It's common to find whatever you want to do here. You also get favorite apps bar. You can search contacts, wikipedia, shortcuts (awesome with http post shortcuts or chrome webpages shortcuts). Contacts have a sms/call button on the side and they also appear on the history list. I use it on all my phones. It's lightweight, open source and half my friends don't know how to use my phone.
It's kind of hilarious that copperhead OS is considered de-googled when all the hw support and firmware updates still rely on google. After google drops hw support for a device copperhead discontinues support.
I've used copperhead OS for months.. and believe me when I went back to my 5x that had it and had to attempt to break into my own phone because I forgot the password.. that thing is secure! It does suck to side-load somethings, but the worst part is a lot of things use google play services more than you think.. which is always weird to me. If anyone has any questions let me know, but I enjoyed it. Without google battery life is pretty awesome.
Hardening the OS is not enough. As the infamous Intel ME taught us in a different context, unless one uses only 100% open hardware, security cannot be guaranteed by software.
We need open (documented, reproducible) hardware rather than alternative OSes; until that day security on current platforms is to be considered a myth.
I use CopperheadOS on my Nexus 5X and I am extremely happy with it. My job is android development and I have some personal paid apps on Google play and one Foss app on F-Droid.
Access clipboard in the background and record audio in the background have been lately added to the security features available on CopperheadOS, and I can't imagine now using my phone without COS hardened implementation. I use FDroid for all the apps I need and yalp for a couple of other apps not available on FDroid.
The majority of apps now depends on Google play services and that is flattering and disappointing: all those GPS APIs are very appealing to developers and teams because makes things easier and all but IMHO using all those services is contributing to data mining and I don't think it is fair.
I may have to go this or a similar route, to go back to using WiFi and Bluetooth on my ~5.5 month old Motorola G5+ [1].
I mean, come on! Ship a patch/update, already!
1) That replaced a bootlooped ~1.4 year old Nexus 5X. Wasn't going to spend big bucks after that burn and while waiting for the Pixel 2 or Samsung whatever, or Apple's new line, to drop in a month or two.
And now, with all the crap going on with all those various new models...
I've griped about this, before, but damn it, they deserve the criticism. And the only time they make positive changes seems to be when the public image and pressure get bad enough. (And things get worse again, as soon as that pressure relents -- or gets distracted.)
Copperhead OS is a great project and seems to be short on funding (based on threads on Twitter and Reddit). If you'd like to support it, donations can be made at https://copperhead.co/android/donate.
(I'm not affiliated with the project, I just use it as my primary phone OS.)
In the post the author complains about the lack of a VM inside current phones to run Google instances in it. I believe BB10 had that feat to overcome the limits of its native app ecosystem. My old Passport nowadays could almost reach the objectives of the author. Too bad due to licensing the Android kernel is stuck on 4.3
Unfortunately, it's currently only supported on a handful of devices [1], and that's not among them. Supposedly (based on some threads on /r/copperheados), Project Treble may improve this situation, but I haven't seen any new details on that front recently.
Being from the south I've occassionally heard and used the term "carpetbagger" which doesn't have slavery connotations that I know of but is from the same era. I've never heard the term copperhead used with that meaning, maybe only people from the north know it?
its very easy to just not install google play services on any non-stock rom. there doesn't seem to be much that is 'security-focused' about copperhead besides that decision.... i would definitely recommend lineage over this, as it has a much larger development community & works on a much wider range of devices
Personally I use CopperheadOS as my daily driver because it stays continually ahead of Google (and groups like AOKP, LineageOS etc) in terms of Android hardening. It goes well beyond just not having Google Play services.
See their details on their approach and design: https://copperhead.co/android/docs/technical_overview
They make continued patches to Android as part of a security and privacy first approach. Many of their patches get upstreamed by google months later (if at all) but CopperheadOS users get them right away.
Google has their engineering efforts focused mostly on new features and compatibility. They are happy to let firms like CopperheadOS be further ahead in security research and take their patches where it does not break compatibility.
It really depends on what you want to optimize for. Security/privacy or being able to run all the latest games and social media apps and the consequences that come with them.