Title: Migrating to CopperheadOS Date: February 21, 2018 Tags: security ======================================== I have been interested in the efforts of CopperheadOS, a hardened, de-Googled Android since it's early days. My usual smartphone situation was to get something cheap, which likely means it's already behind the current Android version, and suffer through it's slow demise over the next few years. I will have received maybe one OS update in the first few months of ownership and never again. By the end of it's life constant crashes, missed calls and messages and no free space despite never installing anything new forces me to get the next cheapo phone because phones are awful. This cycle of misery included a distrust of Google applications, cell networks and the hardware itself. I know too much about computer security to just be amazed by the wonder of modern technology in the palm of my hand. This has pushed me in two, sort of parallel directions. Self-hosting the services I rely on to regain control over them (how many services has Google canceled out from under you?) and try to add some security to the spy hardware tracking me from in my pocket. I'll quickly sum up the self-hosting status so far, and get focused on Copperhead. I started hosting my own email and web sites first. I'm a system admin/dev ops/computer babysitter by trade so deploying and administering services was nothing new to me. Being a lover of OpenBSD, it also gave me more things to learn about my favorite OS. It's a joy for me to simply "do stuff" with OpenBSD. My plunge into Copperhead has also pushed me further down the self-hosting path. Not having any Google Android apps means I have to find alternatives and why not take the opportunity to replace it with self-hosted options on OpenBSD? The jump to CopperheadOS is a big one just in terms of the hardware. Copperhead only supports Google's phones due to their modern hardware and security features. Copperhead also only supports a phone for as long as Google does so I didn't want to try to find an older, cheaper phone. This meant the Pixel 2 which hadn't been released by Copperhead yet. Since Copperhead hadn't released the Pixel 2 for sale, the only option is to build the OS myself. All the source is freely available and Copperhead publishes their build instructions. There is also a small but eager user community. Before taking the plunge on an expensive phone I wanted to see if I could build CopperheadOS and feel like I could manage the maintenance going forward. Once you install your own build, there is no going to an official release without wiping the phone. It gets signed with your own keys for the verified boot process. The biggest hurdle I had with building was system resources. I don't have powerful desktop systems anymore. I've long since migrated to laptops. Using a 2 core, 8G VM, with an attached external USB drive to house the necessary 200G+ of source and build artifacts, I was able to check out the source in about 30 hours (luckily I don't have to to a full checkout again) and I can do a build in about 20. There were a number of little issues to work out on the build but users who came before me (actually, just days before me) had worked through the issues and I was able to have a ready and waiting build for when I ordered my phone. So, in I plunged. Bought the phone direct from Google, when it arrived, I had to go out to buy a USB-C to USB-A cable because apparently everyone is supposed to have USB-C everything already and they don't supply that cable anymore (my laptops are old like my previous phones, I am lucky I have one system with USB 3.0). Within minutes, following the Copperhead install instructions, I am booting my own signed CopperheadOS on my fancy new Pixel 2. Maybe Android Oreo is awesome on it's own, my latest experience was with Kitkat, but I was instantly captivated by CopperheadOS. Really, it probably is the combination of a new look, a really nice phone, new apps, and being successful after spending a week working out the build processes that made it all feel special. A lot of Copperhead's improvements are under the hood. Two big differences are the lack of Google apps and lots of switches to manage permissions. Both of which fulfilled exactly what I was looking for. More on the trials and successes of Google-free applications to come.