CopperheadOS Profile picture
Secure Android. CopperheadOS by @Copperheadsec. Release, product and community information.
May 16, 2018 7 tweets 2 min read
By cloud-based assistance they mean their OS code downloads GPS almanacs. GNSS information is indeed available to carriers to improve location accuracy but they have a coarse location without that. It's part of 911 support and is likely required by law in many regions. en.wikipedia.org/wiki/Enhanced_… and probably other things require this. Qualcomm doesn't appear to harvest any information like this themselves, but don't know about Huawei, MediaTek, Samsung, etc.

Need Airplane mode to stop broadcasting location anyway so E911 etc. isn't that scary.
Apr 24, 2018 5 tweets 2 min read
Stable kernel changes applied:

linux-hardened (4.14-lts) 4.14.35 -> 4.14.36 (git.kernel.org/stable/linux-s…)

github.com/copperhead/lin… 4.15 is end-of-life so there's no 4.15.19 release and it's time to move on to 4.16.

However, we failed at community collaboration with this project so we're going to be approaching it differently. We'll be switching to maintaining only what we need and funding development work.
Mar 25, 2018 7 tweets 2 min read
These are completely conflicting opinions:

1) Closed source software with no obfuscation and all compiled code accessible in a controlled environment is substantially harder to audit
2) Publishing sources doesn't make it substantially easier for attackers to find vulnerabilities It's extremely hard to make the case that publishing sources makes it easier to find vulnerabilities when you're talking about simply stripping out comments and internal naming from Java / JavaScript code...

Take a look at underhanded-c.org/_page_id_25.ht… if you think sources are magic.
Mar 25, 2018 4 tweets 1 min read
They generally just use the OS location and compass APIs but some apps definitely do go above and beyond by using the movement sensors. Pretty sure that Google Maps uses it. OS APIs for location on Android and iOS both have support for supplementing GPS usage with their network-based location services. They send data like nearby cell towers to Apple / Google services and get back coarse location information.
Mar 19, 2018 7 tweets 11 min read
@DusanDuda @gsora_ @Puri_sm @kdecommunity @QubesOS @rootkovska Free software, not free hardware. It has the usual black box hardware and there's no indication of them publish schematics for the boards like @96Boards. They don't appear to do that for their laptops. @DusanDuda @gsora_ @Puri_sm @kdecommunity @QubesOS @rootkovska @96Boards They make proprietary hardware aimed at running free software. They could publish schematics for the boards, etc. like @96Boards but ultimately using x86 or ARM means that the vast majority of the hardware / firmware is inherently proprietary and not just that but black boxes.
Nov 23, 2017 5 tweets 2 min read
Post to LKML from a Google engineer about Clang-compiled kernels as shipped in production on the Pixel 2 and soon on Chromebooks: lkml.org/lkml/2017/11/2…. Android Open Source Project / Android moved to Clang for userspace and the NDK (third party apps). Clang-compiled kernels are the end of the road for GCC in the Android ecosystem.