Many smartphone shoppers are left surprised when they get a phone loaded with unremovable apps and features. They detract from the user experience and needlessly take valuable storage space. This is why custom ROMs are so popular. They give users granular level control over security and privacy of their smartphones.
Not to be confused with the process of rooting, custom ROMs replace your device’s entire operating system. With over a dozen of them available for Android devices, they each cater to different needs. CopperheadOS is one of the most popular privacy-centric custom ROMs. Let's take a closer look.
What Is CopperheadOS?
CopperheadOS was designed to fortify your phone’s privacy and security features, as a hardened version of the Android Open Source Project (AOSP). This is the foundation upon which all Android variants are built upon, including CopperheadOS. Although AOSP is maintained by Google, its open-source nature allows anyone to audit or contribute to its code.
However, CopperheadOS itself is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 license (for the userspace) and GPL2 license (for the kernel).
This link between CopperheadOS and AOSP is important to understand because Copperhead’s hardened security features are updated from AOSP’s later version. This is not the case with some other custom ROMs that branch out into different versions when AOSP’s update occurs.
Key Features
The operating system was first launched in 2015 by a startup based in Toronto, with the goal of instilling confidence in users that their data is safe. They have been largely successful in completing this mission by implementing these key features into the CopperheadOS:
- Zero-knowledge cryptology: does not remotely disclose data while verifying locally
- Data obfuscation: masks data so that it is unreadable to unauthorized access
- Privacy by default: data is not shared to either Google or Copperhead
- Hardened kernel: a higher level of security against hacks and code exploits
- Fortified sandboxing: apps' processes perform separately, so the risk to the system is lessened
From these features, it is easy to see why more privacy-oriented users—business people, journalists, politicians, crypto holders, etc.—would pick Copperhead as their go-to Android OS.
What Phones Can Run CopperheadOS?
Although Copperhead previously supported older Nexus devices, such as Nexus 5, Nexus 9, and Galaxy S4, this is no longer the case. Its support now is limited to Google’s Pixel devices only: Pixel 3XL, Pixel 3, Pixel 3aXL, Pixel 3a, Pixel 4XL, Pixel 4, and Pixel 4a.
If you have one of those models, you will be pleased to know that most apps within Copperhead OS are battery-optimized by default, which bolsters its usage case as a daily driver.
However, keep in mind that CopperheadOS is not free. For this reason, you should contact either the Copperhead team itself or a reseller to receive an ongoing service for a recurring charge.
After all, it is not the first time that developers opted for such a robust funding model for continued development and support. For example, Threema, although open-source and privacy-focused messenger, also charges a small fee for extra peace of mind.
How Private Is CopperheadOS?
Google's search engine has become notorious for aggressive manipulation and wiping out results that go against the prevailing narrative. This is why CopperheadOS has DuckDuckGo enabled by default, while still supporting search suggestion API via Chromium.
More importantly, CopperheadOS disables the browser's location permission group by default, as well as granting the browser's search engine the geolocation permission. Other notable privacy features for CopperheadOS include the following:
- Disabled analytics, sensors, and permissions as part of the hardened Chromium package
- Scrambled PIN layout
- The lock screen hides sensitive notifications
- Removed device information from Settings menus—serial number, IMEI, etc.
- Enhanced VPN support
- Bluetooth scanning is disabled by default
- Privacy-based DNS via Cloudflare is set by default
These are just some features that make CopperheadOS a solid candidate for people interested in extra protections from tampering, malware, data tracking, data theft, and email interception. Lastly, CopperheadOS comes packaged Signal as the default messaging app.
How Secure Is CopperheadOS?
In addition to the aforementioned security features, Verified Boot is a staple for any custom ROM built for the Pixel devices. Not only does the feature make it harder for an attacker to compromise the OS, but it also provides layers of resistance after a physical entry has already occurred.
More precisely, the attack vector would have to come from the userdata partition, which is why the CopperheadOS reduces its trust level. However, sensitive data still remains in this partition in a persistent state, from installing non-system apps to developers options and device manager.
CopperheadOS’ hardening goes further than the Verified Boot by implementing these key security features:
- Hardened allocator: by replacing the system allocator it prevents traditional allocator exploitation because it doesn’t use any inline metadata
- Hardened memory management: CopperheadOS creates and isolates dedicated memory regions for mapping libraries
- SELinux policies: a number of hardened security enhancements that prevent attackers from writing exploits that are present in the upstream AOSP system
Regarding the core of Copperhead—its kernel—it has been developed as a public version of a hardened Linux kernel.
Another notable security feature is WebView packaged with the standalone Chromium app that is by default 64-bit, unlike Google’s Chrome. Whenever the user takes advantage of either Chromium or WebView-based internet browsers, they reduce the chance of attacks compared to most other browsers because the apps are being sandboxed from each other.
What Apps Work on CopperheadOS?
Apps that require Google services—Google Search, Google Chrome, YouTube, Google Play Store—are not supported for obvious privacy and security reasons.
Outside of those Google-dependent apps, most apps are supported on CopperheadOS. You can check the recommended apps on this comprehensive list for every activity/task category. Aligning your usage with them alone will drastically increase the privacy and security level of your smartphone.
If you need to install apps from the Play Store, you can always do so by navigating through the Aurora Store App—a privacy-friendly version of Google Play Store—which comes as an optional feature during the setup process.
Along with the Aurora Store, Samourai Wallet—a highly rated non-custodial crypto wallet—and Nextcloud also come as an optional bundle during the installation.
Privacy or Ease of Use?
Customs ROMs can be slightly inaccessible, but the payoff is well worth it. In a time where privacy has become a paramount concern for users, the potential of a custom ROM is even more apparent. CopperheadOS strikes a good balance between accessibility and privacy, and is an excellent gateway into the world of privacy-focused custom ROMs.
