»Features of Copperhead and CopperheadOS

Corporation

• Experienced in managing service-based and product-based offerings
• 5+ years of experience working with high-threat model clients in the field
• Hires the best talent from Open-Source projects and industry leading companies
• Fully remote since 2015
• Transitioned from donation-based to fully sales-based model in 2018
• Fully founder-owned and operated -- No external investors, no state-owned assets
• Security-clearance and NATO approved
• Based in Canada and follows all global privacy policies
• Successfully recovered from persistent adversaries and misinformation warfare
• Has never received any warrant, backdoor request, supeona or gag order regarding product activities

Client Projects

• Deployed and developed a closed-loop, fully Open-Source PKI system for a major NGO
• Trained local journalists on best data-hygiene practices and current mobile threats
• Created custom JTAG interfaces to connect to Pixel kernel debugger
• Integrated automatic malware scanning inside of F-Droids build system
• Developed a Proof-Of-Concept CopperheadOS Android device for collection and protection of biometric data at high-traffic areas
• Researched and developed a FUSE physical tampering defense mechanism for a custom device
• Built a fully-automated software versioning system without Google Play for technology partners
• Setup multiple CopperheadOS deployments using on-premise infrastructure in conjunction with ATAK
• Ported and maintains CopperheadOS for various custom MediaTek and Qualcomm phones/tablets
• Developed a Proof-Of-Concept custom CopperheadOS device for high net-worth individuals
• Provides and maintains various organizations with rebranded and forked CopperheadOS deployments

Privacy-enabled Device Licensing

Copperhead partners license their customer device through a privacy-enabled mechanism that provides zero-knowledge between Copperhead and the customer. LicenceChecker randomizes each license from various dynamic properties, not hard coded items (such as IMEI or Serial Number), ensuring the anonymity of each licensed device. Licensing enables multiple benefits for not only Copperhead but also Copperhead's Partners.

Copperhead cannot track CopperheadOS users and cannot be coerced to serve a malicious update.

Lockout

CopperheadOS devices without active licenses can be restricted from use until an active license is either applied to the device or renewed. This protects uncompliant CopperheadOS devices from reaching local or remote assets and helps Copperhead Partners in keeping their fleet compliant.

Business Model Advantages

Running a business on donations and crowdfunding is not always, but often, impossible. Copperhead has experience with this method of revenue generation. It is common for most Open-Source based projects to require a corporate sponsorship to succeed or rely on sporadic donations to keep the lights on. Most projects have volunteers that end up working in the corporate space which splits their devotion between making money during the day and helping Open-Source projects during their downtime. Some projects have the benefit of being run by resource-rich personnel which inherently benefits the privacy space. For the rest of us who have to make a living to pay bills, we have to generate revenue.

Copperhead started as and continues to be a sales-funded, bootstrapped, founder owned and operated company.

We answer only to our customers and have been in operation since 2014. We have no external investors and rely solely on our sales to keep our lights on. We feel this is the best method to have a legitimate, privacy-based corporation that can compete against the multi-billion dollar global surveillance apparatus.

Partner Benefits

• Recurring revenue to sustain and expand operations
• Customers return to Partners for license renewals and OS feedback
• Partners can shut off active licenses if criminal activity is detected
• Provide revenue to technology partners who don't have a recurring revenue model
• Ensure sustainability to enable long-term operations
• MSRP prevents low-ball pricing between partners
• Support requests and customer feedback closely integrated for rapid response

Copperhead Benefits

• Copperhead can scale operations based on growth for
  • Hiring and paying employees
  • Developing innovative privacy and security technology
  • Operating as a legitimate corporation, serving corporate and enterprise customers alongside retail
  • Compete against multi-billion dollar surveillance and exploit companies
• Legitimate users provide scalability for additional finance-based funding
  • Copperhead does not have to sell out equity or shares to raise capital
• Legal resources can be focused on protecting our customers privacy
• Engineering resources can be focused on top-priority projects based on customer interaction, rather than guessing

Secure Rebrands

Read the marketing release here

Secure Rebrands enable Copperhead Partners to rebrand the OS on the device while retaining all of the security properties from CopperheadOS. Copperhead handles the security updating, patching and can be fully licensed via our Privacy-enabled licensing system. This mechanism provides Copperhead Partners with all the benefits of a rebrand with none of the drawbacks from managing Android.

• Completely rebrand the OS to match your brand
  • Boot animation/logo
  • Wallpaper
  • Pre-installed Appstore with automatic application updates
  • Accent colours
• All security updates, patching, licensing etc is handled by Copperhead.

Security Policy

Policy enables Partners to restrict CopperheadOS devices in various manners to protect their users. Various components can be hidden, removed or enforced.

• App Store
  • Enforce only whitelisted apps from being installed
  • Restrict 3rd party installs (Google Play, F-Droid, Aurora Store)
• Remove or restrict
  • Bluetooth, NFC, WiFi
  • Any Settings option (ie: Developer options)
  • Printers, local network connection
  • Browser, dialer, contacts, any pre-installed app or component
  • and more!
• Enforce
  • Media-only Bluetooth (ie: no file transfer)
  • Charge-only USB access (ie: no ADB access)
  • Strong passwords - no PIN, only 8 character and above passwords

Any CopperheadOS component can be modified so as to protect the user from clicking on links, installing malicious apps or using uncompliant applications.

CopperheadOS - Secure Android

• Established in 2014
• Considered to be the leader in Secure Android since public release in 2015
• Combines the best-in-class features from various Open-Source projects
• In use by Fortune 50 companies, military units, intelligence personnel and NGOs worldwide
• Has went through multiple code and organization transitions
• Secured against physical, remote and insider attack
• Redundancy procedures on signing-keys and other critical elements
• Can be fully detached from Copperhead with on-premise deployment

Security Features

Device Security

• Fully incorporates all modern and future security technology improvements from public projects
• Device protection
  • Distress Password: wipes the device when a specific password is entered
  • Auto-Fail Wipe: wipes device after a number of failed attempts
  • Auto-Reboot: reboots device to a fully at-rest state after number of minutes
  • Auto-Timeout Wipe: wipes your device if it hasn't been unlocked within selected number of hours
  • Control Camera usage on Lockscreen
  • Panic Trigger
  • USB accessories can be disabled completely or only allowed during unlock
• Firewall
  • Per-app configurations for background, VPN, mobile data and WiFi access
• Device kernels are upstream LTS, Hardened and built from source each release
• Hardened allocator to protect from unknown and known vulnerabilities
  • More memory is available to the allocator to prevent various overflows
• Hardened Browser
  • Device WebView (any component/application using a website) is fully hardened from attack
  • Uses 64-bit only for maximum security
  • Updated bi-weekly to patch known bugs
• Copperhead follows multiple bug trackers to port and/or backport fixes not found in AOSP
• Enhanced SELinux prevents privilege escalation
• Applications are sandboxed from each other and cannot steal data

UX enhancements

• Security Flags in Settings provide information regarding device security
• Lockout setting for number of maximum fingerprint attempts
• Users cannot enable or disable mobile data or WiFi on the lockscreen (Secure QS Tiles)

Additional Features

• Robust SetupWizard provides easy integrations and customization for user
• Bluetooth displays battery percentage
• Modification of the Device Theme is available -- change icons, accents, overlay corners etc
• CopperheadOS License Management screen provides easy-to-use license management tool
• Pure-black mode
• Active edge
• Uses maintained Open-Source apps instead of obsoleted AOSP apps
  • Calculator
  • Calendar
  • SMS
  • Gallery
• 2-button gesture
• Android live wallpapers
• Fully compatible with Data SIMs and worldwide carrier coverage

Privacy Features

UX enhancements

• Enhanced Dialer options
  • Offers to call contact with Signal or WhatsApp
  • Warns user of location/audio leaks on unencrypted calls
• Indicators for microphone and location when used by an application
• Sensitive notifications are hidden on the lock screen
• PIN number layout scrambled
• Device information is removed from Settings menus (IMEI, Serial Number and more)
• Permissions Hub
  • Visually represents how often applications request permissions
• Panic app available -- toggle panic button and change application (ie: Signal) behavior based on function

Browser

• Hardened Chromium has all analytics removed by default (ie: suggestions, 'safe' browsing)
• All sensors are off by default
• Permissions are opt-in by default

Network

• Privacy-based DNS (Cloudflare) used by default
• Enhanced VPN support
  • Device hotspot can route clients through VPN
  • Apps can use specific network types or only through VPN
• Optionally restrict cleartext network traffic across all connections
• Options to use Copperhead, Google or other open-source network connections for time and provision

Bluetooth

• Bluetooth turns off automatically in a set interval when disconnected
• Bluetooth scanning is off by default

WiFi

• Device randomizes Mac address (hardware information) upon scanning and connection
• Wi-Fi turns off automatically when disconnected from high-powered network (ie: home)
• Permissions Hub
• System-apps (keyboard, Updater) have proprietary libraries removed

Applications

These are Copperhead specific applications developed for the OS

Bug Reporter

PDFViewer

Updater

CopperheadOS News

Partner Integrations

• App stores:

  • Aurora Store
  • F-Droid

• Cloud and mobile services

  • Nextcloud
  • Samourai Wallet
  • Signal

Aurora Store

Aurora Store is a free and Open-Source frontend for the Google Play Store. Access Google's vast repository of free and paid Apps through your Google account, or go anonymous and get the apps you need discretely.

F-Droid

F-Droid is a free and Open-Source App repository and package manager. Enjoy the freedom to choose where you download your apps from. Get apps from repositories managed by the Guardian project, F-Droid.org, or host your own repository to track official releases at the source and know where your data is going.

Nextcloud

Nextcloud is the Open-Source solution to cloud providers like Google and Apple. Sync your files, contacts, calendars. Back-up your CopperheadOS device on your self-hosted Nextcloud server, and be certain that your back-ups are encrypted and safe in your control without the hassle of a USB flash drive.

Samourai Wallet

Samourai Wallet lets you manage your digital currencies securely, and privately.

Signal

Signal conversations are always end-to-end encrypted, which means that they can only be read or heard by your intended recipients. Privacy isn't an optional mode — it's just the way that Signal works.