Copperhead, The Guardian Project, and F-Droid have announced a new partnership and proposed a crowdfunding campaign, hoping to raise money to create an "open, verifiably secure mobile ecosystem of software, services and hardware" - or in English, a secure phone anyone can buy and use straight out of the box.
“Through a future planned crowdfunded and commercial offering, the partnership will provide affordable off-the-shelf solutions, including device hardware and self-hosted app and update distribution servers, for any individual and organizations looking for complete mobile stacks they can trust.” reads the announcement.
Each partner plans to input into the project based on their specialities. The Toronto based Copperhead currently make a hardened open-source Android based on AOSP, called CopperheadOS. It is currently available for a selection of newer Nexus devices and offers the following features:
- Protection from zero-days: Prevents many vulnerabilities and makes exploits harder.
- Hardened C standard library and compiler toolchain: Catches memory corruption and integer overflows.
- Hardened kernel with an unofficial port of PaX: Kernel self-protection and high quality ASLR.
- Stronger sandboxing and isolation for apps & services: Stricter SELinux policies, seccomp-bpf and more.
- Backported security features and quicker patching: Benefiting from upstream changes long before stock.
- Firewall & network hardening: Along with improvements like MAC randomisation.
- Open-source and free of proprietary services: Google integration is entirely optional.
- Security-centric user experience changes: Better defaults, separate lockscreen/encryption passwords.
Atop CopperheadOS, the open source F-Droid app catalogue allows users to search through hundreds of apps whilst alerting users to tracking performed by apps and giving quick links to each app's source code. The last group of the partnership, Guardian Project, has been hard at work over the last few years building apps for enhancing privacy, including:
- Orbot, Tor for Android.
- ChatSecure, supports off-the-record messaging.
- ObscuraCam, a secure camera app that can obscure, encrypt and destroy pixels within an image.
Going forward the groups hope to expand the effort to include other mobile OS teams, app developers and perhaps even hardware developers, that too, want to develop the state of the privacy and security of mobile computing.