The update notes at copperhead.co/android/docs/u falsely claim that the new incarnation of CopperheadOS has been updated to the latest security patch levels. However, that isn't the case. In reality, it hasn't received the full August, September, October or November security patches.
Conversation
Only half of the monthly security updates are covered by applying the fixes from monthly tagged releases of the Android Open Source Project. There are separate releases for device kernels, important updates to firmware and large amounts of hardware-dependent code outside AOSP.
1
4
Keeping up with the monthly security updates for Pixels requires following the official kernel and factory image releases. The releases for Pixels are based on Android 9. Only devices still on Android 8.1 are receiving full security updates compatible with the AOSP 8.1 releases.
1
4
Since Copperhead hasn't moved to Android 9, they're unable to provide full security updates for Pixel phones. It's also missing the substantial privacy and security improvements in Android 9. It's fraudulently portrayed as hardened when really their new product is the opposite.
1
4
They aren't developing privacy and security hardening. They lack an understanding of the subset of my hardening work they are still trying to use. They've failed to do porting / maintenance along with adding counterproductive changes incompatible with the rotting hardening work.
1
4
It should also be noted that they're using my past hardening work against the terms of the license. They falsely claim ownership over it. Not only was copyright never assigned to them, but they were not employing me to do the work for them. They explicitly agreed that I owned it.
1
7
They wanted to take things in a different direction focused on earning money at all costs without investing in making a great product or caring about user privacy and security as more than the market niche. They're quite happy to sell an insecure product and sell out their users.