Title: Migrating to CopperheadOS
Date: February 21, 2018
Tags: security
========================================

I have been interested in the efforts of CopperheadOS, a hardened, de-Googled
Android since it's early days.

My usual smartphone situation was to get something cheap, which likely means
it's already behind the current Android version, and suffer through it's slow
demise over the next few years.  I will have received maybe one OS update in the
first few months of ownership and never again.  By the end of it's life constant
crashes, missed calls and messages and no free space despite never installing
anything new forces me to get the next cheapo phone because phones are awful.

This cycle of misery included a distrust of Google applications, cell networks
and the hardware itself.  I know too much about computer security to just be
amazed by the wonder of modern technology in the palm of my hand.

This has pushed me in two, sort of parallel directions.  Self-hosting the
services I rely on to regain control over them (how many services has Google
canceled out from under you?) and try to add some security to the spy hardware
tracking me from in my pocket.

I'll quickly sum up the self-hosting status so far, and get focused on
Copperhead. I started hosting my own email and web sites first.  I'm a system
admin/dev ops/computer babysitter by trade so deploying and administering
services was nothing new to me.  Being a lover of OpenBSD, it also gave me more
things to learn about my favorite OS.  It's a joy for me to simply "do stuff"
with OpenBSD.

My plunge into Copperhead has also pushed me further down the self-hosting path.
Not having any Google Android apps means I have to find alternatives and why not
take the opportunity to replace it with self-hosted options on OpenBSD?

The jump to CopperheadOS is a big one just in terms of the hardware. Copperhead
only supports Google's phones due to their modern hardware and security
features.  Copperhead also only supports a phone for as long as Google does so I
didn't want to try to find an older, cheaper phone.  This meant the Pixel 2
which hadn't been released by Copperhead yet.

Since Copperhead hadn't released the Pixel 2 for sale, the only option is to
build the OS myself.  All the source is freely available and Copperhead
publishes their build instructions.  There is also a small but eager user
community.  Before taking the plunge on an expensive phone I wanted to see if I
could build CopperheadOS and feel like I could manage the maintenance going
forward.  Once you install your own build, there is no going to an official
release without wiping the phone.  It gets signed with your own keys for the
verified boot process.
The biggest hurdle I had with building was system resources.  I don't have
powerful desktop systems anymore.  I've long since migrated to laptops.  Using a
2 core, 8G VM, with an attached external USB drive to house the necessary 200G+
of source and build artifacts, I was able to check out the source in about 30
hours (luckily I don't have to to a full checkout again) and I can do a build in
about 20.  There were a number of little issues to work out on the build but
users who came before me (actually, just days before me) had worked through the
issues and I was able to have a ready and waiting build for when I ordered my
phone.

So, in I plunged.  Bought the phone direct from Google, when it arrived, I had
to go out to buy a USB-C to USB-A cable because apparently everyone is supposed
to have USB-C everything already and they don't supply that cable anymore (my
laptops are old like my previous phones, I am lucky I have one system with USB
3.0).  Within minutes, following the Copperhead install instructions, I am
booting my own signed CopperheadOS on my fancy new Pixel 2.

Maybe Android Oreo is awesome on it's own, my latest experience was with Kitkat,
but I was instantly captivated by CopperheadOS.  Really, it probably is the
combination of a new look, a really nice phone, new apps, and being successful
after spending a week working out the build processes that made it all feel
special.  A lot of Copperhead's improvements are under the hood.  Two big
differences are the lack of Google apps and lots of switches to manage
permissions.  Both of which fulfilled exactly what I was looking for.


More on the trials and successes of Google-free applications to come.

You are viewing proxied material from kagu-tsuchi.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.