Can Copperhead OS fix Android's security problems?

Also in today's open source roundup: Adblock Plus responds to Facebook's efforts to stop ad blocking, and Netflix releases an Android app for Internet speed tests

copperhead snake
Michael McCarthy (Creative Commons BY or BY-SA)

Copperhead OS and Android security

Android has had its share of security problems over the years, but now a startup is working hard to fix them. Copperhead OS might be just what the doctor ordered when it comes to Android security.

JM Porup reports for Ars Technica:

Copperhead OS, a two-man team based in Toronto, ships a hardened version of Android that aims to integrate Grsecurity and PaX into their distribution. Their OS also includes numerous security enhancements, including a port of OpenBSD’s malloc implementation, compiler hardening, enhanced SELinux policies, and function pointer protection in libc. Unfortunately for security nuts, Copperhead currently only supports Nexus devices.

Google’s Android security team have accepted many of Copperhead’s patches into their upstream Android Open Source Project (AOSP) code base. But a majority of Copperhead’s security enhancements are not likely ever to reach beyond the its small but growing user base, because of performance trade-offs or compatibility issues.

The startup currently sells Nexus devices with Copperhead OS preinstalled, and Micay says they are in talks with a number of potential enterprise clients and resellers who would benefit from hardened Android devices customised to suit their users.

Nexus owners comfortable with re-flashing their own devices can, of course, download Copperhead OS and install it themselves. The company also accepts donations and offers a Patreon subscription.

More at Ars Technica

The news about Copperhead OS caught the attention of some folks in the Linux subreddit, and they shared their opinions:

Wang_li: “It won’t improve anything because none of the carriers will back port it into their builds.”

Strncat: “The aim isn’t to improve all Android devices or to upstream everything. It’s also mostly focused on other things than PaX and grsecurity ever since the stable patches became private but also because new features are a lot more useful over the long term than simply making short term device-specific ports of an existing project.

A full grsecurity kernel along with other kernel hardening features is part of the long-term roadmap. See for an overview of what it covers today (or the issue tracker for what’s planned).”

Strncat: “CopperheadOS will only support one or two more devices in total. It’s just going to cycle through Nexus devices, dropping older ones and picking up newer ones. We lack the resources to do any more than that.

Note that Sony doesn’t really support mainline kernels. Booting a serial console is a long way from being able to run Android with a mainline kernel on those devices. Tegra (NVIDIA) is the furthest among the common Android SoCs in terms of mainlining, and the Pixel C is an example of a device that’s quite far along. It still can’t do much more than booting a serial console with mainline though.

Sony is indeed closest to being supported after Nexus/Pixel devices, since they are the closest to having their devices supported with vanilla AOSP. It’s not quite there though and we wouldn’t have the resources to deal with it if it was already good enough.”

SecWorker: “Since the hardening patches will be open source (?), the community could potentially back port them to older device kernels. That is IF there is enough interest and resources out there.”

Kyrios123: “At least they try they made partnerships with F-Droid and Guardian Project. Nobody can compete Android and iOS now, even Microsoft failed… but some initiative like CyanogenMod got some success… so why not this one? After all it addresses a real problem and some people are concerned about privacy.”

More at Reddit

Adblock Plus and Facebook

Facebook recently announced that it would try to get around ad blockers, and that has some users up in arms. The folks at Adblock Plus responded to the Facebook news with a blog post that considered Facebook’s actions to be against the choice of some users.

Ben Williams writes for Adblock Plus:

Earlier today Facebook announced that it would start trying to circumvent users with ad-blocking software and show them ads. This is an unfortunate move, because it takes a dark path against user choice. But it’s also no reason to overreact: cat-and-mouse games in tech have been around as long as spammers have tried to circumvent spam filters.

But you kind of have to wonder about the thinking that went into this decision. I mean, let’s also not forget something their blog post said: “When we asked people about why they used ad blocking software, the primary reason we heard was to stop annoying, disruptive ads.” So if that’s true, Facebook apparently agrees that users have a good reason for using ad-blocking software … but yet those users shouldn’t be given the power to decide what they want to block themselves?

In any case, it’s hard to imagine Facebook or the brands that are being advertised on its site getting any sort of value for their ad dollar here: publishers (like Facebook) alienate their audience and advertisers (the brands) allow their che

So why keep wasting our time on cat-and-mouse games that are a decade old? Wouldn’t it be better to address users (like all of you!) who have chosen to block traditional ads on their own terms? That is to say, don’t you want to be consulted here?

More at Adblock Plus

The readers of the Adblock Plus blog had their own thoughts to share about Facebook:

E: “They are such idiots at farcebook. This will be a fun challenge. I am sure we’ll continue to be able to block all their ad drivel, no problem.”

Anon: “Generally speaking, if a product is free, then YOU are the product. Think about what FBook is SELLING.”

Frodo: “I use AdBlock Plus in all my installations because, in very very large part, of all those malware filled adverts that exist on the net. As a technician, removing ads is one of the easiest ways to prevent infection, and if Facebook is serious about this, I may choose to limit my Facebook time to Opera Mini.”

Para: “Personally, I say Facebook has every right to block ad-blockers, just like how users have every right to use ad-blockers in the first place.

Everyone should stop lashing out on Facebook for being “anti-user,” because it is merely a matter of competition and revenue.”

C: “I have never donated money for free software like AdBlock before, I think I will start now though. Stop the tracking, stop invading privacy. Keep up the good fight!”

Jim Overturf: “If Facebook forces me to see ads, I will NOT do business with any company that places an ad on Facebook. And I will severely curtail my use of Facebook. Go get em, Adblockplus.”

Frank Starling: “I applaud this move by Facebook. It costs money to make content available. People who want the content for free – and the vast majority of AdBlock users fall in this category – just make it more expensive (more ads, pay walls) for those of us who are willing to see ads.

This has absolutely nothing to do with freedom. No one is forcing anyone to view anything. If Facebook doesn’t let you view their content without seeing ads, then you can feel free to avoid Facebook.

Hopefully Google will be forced to go full scale war against ad blockers in order to compete with Facebook.

People keep saying that publishers should find a new way to get revenue and that ads are going to go away, but the fact is, people are generally unwilling to donate, subscribe, etc. There are exceptions, but they are few and far between. People who block ads, by and large, are just riding the backs of the others who watch the ads.”

Kris Orsborn: “I understand that ads pay the bills on FB, just like TV and radio (my age is showing). But I finally installed adblocker because of really intrusive moving ads that flicker on the edge of the screen, actually making me seasick. Ditto on the NYT website (where I pay for a subscription!), TV commercial like ads with sound would pop up while I’m trying to read the paper.

So, if sites would just stick to non-moving, silent ads, I’d let them through. Heck, I might even click on one!”

Tom: “Facebook and other sites provide free services – paid for by advertising!

Blocking ads just takes away money the companies deserve for their work. If you don’t like the ads – don’t use the service. You don’t have any rights to use a free advertising supported service if you block the ads

You have NO about the ads on a site – get used to them – or don’t use the site showing them.

Why not setup an ad-free web hosting company – see how many people are willing to offer sites/services without the ability to earn an income. See how long staff and servers work with no income.

I hope google ads go with embedded ads next – adblocking hurts smaller websites too, not just big players like Facebook.

If adblocking was really about making ads safer and less spammy – the whitelist of advertisers would be FREE!! (What? You need money to maintain a list of advertisers, but site owners can’t show ads to pay for staff and hosting costs?)

This proves that it’s all about Adblock making money – and taking it publishers pockets!!

Well done Facebook – fight back for the money you deserve – and these adblocking companies have taken from you.

Better yet – add to your terms that ads have to be shown to use the service – then sue the adblocking companies for providing the tools to remove the ads (like movie companies do to the torrent sites)

Long live ads!! The more spammy, flashy and noisy the better!”

Shy: “I’m glad Facebook is putting ad blocking on the agenda.

And I’m glad they are going to lose so many users because of this bonehead move, including yours truly.

Every website I’ve had the displeasure of finding out makes use of anti-ABP solutions receives 0 traffic and the firmest negative reviews from me whenever it is mentioned.”

More at Adblock Plus

Netflix releases Android app for Internet speed tests

Netflix has released an Android app designed to let its users test their Internet connections. You can download the free FAST Speed Test app right now from the Google Play store.

Michael Crider reports for Android Police:

Fast, smooth data download speed is kind of important to mobile video, especially now that even mid-range Android phones are rocking 1080p screens. That’s part of the reason that Netflix created, its own branded alternative to web speed tests like Ookla’s, back in May. The idea is to make sure you’re getting an accurate test across multiple services (there’s even a link right on the page) and your internet service provider isn’t throttling your connection.

The web version of works just fine on Android, thanks in part to a super-minimal interface - there’s just a download bandwidth meter and nothing else. But if for some reason you’d like a dedicated Android app with the same interface, it’s up on the Play Store now. The app is free and works with Android 4.0 or higher, and you don’t need to be a Netflix subscriber to use the service.

More at Android Police

Did you miss a roundup? Check the Eye On Open home page to get caught up with the latest news about open source and Linux.

This article is published as part of the IDG Contributor Network. Want to Join?