was initially released in August 2018. I developed it to replace the port of OpenBSD malloc to Linux and Android that I made in 2014.

Copperhead was founded in late 2015 and split from my open source Android hardening project in June 2018.github.com/GrapheneOS/har…

My open source Android hardening project had already been renamed to the Android Hardening project when hardened_malloc was developed and released.

The hardened_malloc license requires attribution. License and copyright header needs to be included by anything using the code.

Copperhead is misrepresenting my allocator hardening work throughout the years as their own. They're fraudulently misrepresenting my open source work throughout the years as their own and by not complying with the licensing. This is a particularly egregious case of it though.

I have never been an employee of Copperhead. There was never any employment agreement or salary. They made retroactive changes claiming I was an employee in 2017 and early 2018 before pushing me out. Even if that was true (it's not), this work was not done in that time period...

Copperhead also fraudulently claims to have upstreamed code in AOSP, which is not the case. I landed changes in AOSP as an individual. I explicitly signed the CLA with Google as an individual. They also falsely claim credit for work done entirely by Google with no coordination.

Similarly, they've tried to imply that they have involvement in the Seedvault project which is not the case. They've made no contributions to Seedvault. It was created by Steve Soltys and @calyxinstitute has done the bulk of recent development. Copperhead has no involvement.

My involvement in Seedvault was coming up with the concept and inspiring the author to create it. Calyx stepped up to help get it past the finish line to a stable release and is continuing to make substantial improvements. This is a team effort, not involving Copperhead at all.

Copperhead continues to claim credit for work done by others. They also falsely claimed that Calyx and many other organizations were their partners when it wasn't the case. They've removed those claims, but they continue to make these kinds of false claims. The fraud never ends.

Copperhead has never included a one-time permission grant feature. That was developed by Google for Android 11.

This was the downstream background access feature:

github.com/GrapheneOS/pla…
github.com/GrapheneOS/pla…

This became obsolete with Android 9. It was not landed upstream.

It was Android 9 that removed access to the camera, microphone and sensors in the background:



Android 11 just changes the permission request interface to inform users of the restrictions. The changes were all done by Google. It was never "upstreamed".developer.android.com/about/versions…

It has always been the case that developers working on the project own their own code. There has never been any kind of copyright assignment, and it has been explicitly communicated throughout the years that this is the case. It was no different when Copperhead was sponsoring it.

It's quite sad that a company can get away with fraudulently taking credit for the work of others and earn substantial revenue from selling it as a branded closed source product. They don't have an understanding of what they've taken and are shipping a broken, insecure product.

CopperheadOS is a closed source with tracking for license enforcement. It masquerades as hardened and they take credit for the work of the developers they're trying to wipe out. They take our work while trying to destroy our project with baseless lawsuits and misinformation.

Copperhead filed a baseless lawsuit against us based on their false claims. We've filed counterclaims against them and we're filing our own lawsuit against them based on their fraud. You can read our initial legal response here:



There will be a lot more.grapheneos.org/legal/Micay_%2…

CopperheadOS at the time that Copperhead split from the project was almost entirely created by me and all my work was attributed to me as the author and owner. This was always agreed upon. Nothing was assigned to Copperhead. Nothing in the code was ever attributed to the company.

They even try to claim ownership over my open source work done before the company existed and after they stopped sponsoring the project. It's simply ridiculous. They sell an very expensive product that's just a poor imitation ripping off the real thing. It's incredibly pathetic.

Meanwhile, while they're spreading misinformation, threatening open source developers and filing a baseless lawsuit they claim that we're "bullies" for defending ourselves and talking about what really happened and is happening. That's some seriously screwed up projection...

The CEO of Copperhead, James Donaldson, is a narcissistic psychopath. He pretended to be my friend while manipulating and gaslighting me for years. He completely betrayed me and went back on all our agreements. He has tried to retroactively rewrite history, but it won't work.

We have records proving these falsehoods along with witnesses who experienced these things publicly and internally. If you want to help us, get in touch with me or help cover the expensive legal fees (). Legal fees for September alone were just under $5000.grapheneos.org/donate

I'm still co-owner of the company with 50% of the voting shares. It doesn't belong to James Donaldson. The lawsuit we're filing ourselves is focused on fraudulent claims by the company about the authorship and ownership of the code. We may need to file other lawsuits beyond that.

Stealing over $100k of donations from the project in violation of our agreements and what was promised to donors is one of the particularly egregious actions.

He has abused his the position as director and has a total disregard for his obligations to me as a 50% shareholder too.