Conversation

I need a Pixel 3 for advancing my mobile security research. I don't have access to a current generation mobile device with a Snapdragon 845, the Linux 4.9 LTS with CFI and a StrongBox keymaster implementation. Bitcoin address for contributing: 34J5mcUveTUr99ZNB2SnFxCPFjXQCAxyuB.

5

19

18

@K1LL3R_1N5TINKT

Replying to

Hi ,do you know some unofficial rom that is secure?

1

Replying to

@K1LL3R_1N5TINKT

A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys. It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.

GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs...

Set of scripts to automate AOSP compatible vendor blobs generation from factory images - GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs generation...

1

2

Replying to

I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.

2

3

Leonardo Porpora

Replying to

What you think about

1

Replying to

and

I was the one that created and maintained it, almost entirely on my own. It offered substantially more privacy and security than the stock OS. It couldn't offer a longer support period since it relied on the same security updates. It's no longer the same thing that it was before.

2

2

Replying to

and

CopperheadOS is no longer properly maintained since Copperhead pushed me out of the company. They haven't updated to the current release of Android and no longer have full security updates partly due to that requiring keeping up with the release used by the device being targeted.

1

1

2

Replying to

and

The company is no longer doing useful privacy and security research. They've made completely counter-productive, ill-considered changes hurting security and lack an understanding of the work they're trying to maintain. It's missing much of what was written for it in the past too.

1

1

1

Replying to

and

Separately from the technical issues, the company is also run by someone completely untrustworthy and dishonest. They're completely willing to sell out the safety of users for money and care little for their privacy and security. They even stole donations sent to support my work.

6:56 PM · Nov 1, 2018Twitter Web Client

Leonardo Porpora

Replying to

and

cc

1

Replying to

and

He knows about what happened.

1

Replying to

and

People are far better off either using the stock OS on a Pixel or using production builds of AOSP without additional hardening if they don't want Google services. It makes no sense to have a hardened variant of AOSP with substantially worse security. It's a useless product now.

1

1