Updated 1 December 2018
Copperhead OS is a fork of Cyanogenmod which goal states “to reduce the dependency on Google services and reduce the attack surface by removing software and hardening the low-level system.” As a result they stripped out a lot of Cyanogen rom features which “phone home” or talk to Google servers. Currently Copperhead OS is only available for the Google Nexus 9 tablet, Nexus 5x, Nexus 6p and the Google Pixel. Copperhead sells these phones with Copperhead presintalled. Or you can download it now if you have one of the listed devices and follow their instructions to install Copperhead or use our easy Copperhead installation instructions (You must buy a license for the Pixel).
Copperhead OS attempts to mitigate vulnerabilities and make exploits unreliable by integrating the PaX kernel and open OpenBSD. Also each individual service and app is given a unique randomized memory process rather than using a global template layout and canary values reused for all applications until a reboot. They also state that the system code is augmented with memory protection, data sanitization, overflow checks and randomization.
Further, Copperhead OS replaces the system allocator with a port of OpenBSD’s malloc implementation. The networking interfaces are given a random MAC address whenever they are brought up. This can be disabled via a toggle in the network settings. Wireless MAC addresses are also unconditionally randomized during scanning (pre-associated). The hostname is randomized at boot by default, and it can also be disabled in order to use the persistent hostname based on the
ANDROID_ID instead. Copperhead’s technical overview can be found here.
For those that want complete access to the GooglePlay store on their Copperhead OS phone, we suggest using the Yalp app.
Copperhead by default has installed F-Droid as the app store. The operating system does support other third-party app repositories so it is possible for users to sideload others such as the Amazon app store and Aptoide. Flashing the Google Play Store would break secure boot on the Copperhead OS, defeating this security feature. For those that want complete access to the GooglePlay store on their Copperhead OS phone, we suggest using the Yalp app. Yalp allows users to download apps directly from the Play Store without using your Google credentials giving the user a more secure option than possible scrupulous thrid party app sites.
Copperhead accepts donations to help further development and keeping their OS free, or purchase a phone preloaded with the Copperhead OS.