Not going to get a secure or FOSS phone from a company that's based around poorly copying open source code, making it into a closed source product and then using the revenue from selling it to cause harm to the open source projects where it originates through any means possible.
Conversation
I don't have any knowledge of the twitter issues better Graphene and CH, and their respective supporters.
My understanding is the split happened years ago at this point. Are you saying any further development from CH is the result of repackaging Graphene's code?
2
It's the other way around. Graphene's hardening wouldn't exist without the years of research from CopperheadOS. They took CopperheadOS, repackaged it and distributed it in violation of our copyright and licensing.
1
1
My question is regarding content of updates since the split, not ownership. There's clearly been work done on the codebase by the Graphene devs, as the repos are public.
Is similar work done on Copperhead since the split? Is it based on Graphene's changes or independently made?
2
It's important to understand that the hardening foundation of CopperheadOS existed before Graphene. Benefits such as extended ASLR, lockscreen UX changes and exec spawning all started with CopperheadOS.
1
Our updates and changelogs can be seen here
copperhead.co/android/docs/u
We have taken our customers feedback into consideration with our changes.
1
1
So while yes, Graphene has ported our CopperheadOS changes over to Android 10 and 11, it doesn't mean they are entirely new research sets to be used in comparison against CopperheadOS.
1
That's not to say that there aren't entirely new research data points in Graphene that didn't exist in Copperhead and the other way around.
1
I think that's what I'm trying to understand. I know there's a common base of hardening, owing to the shared codebase history.
But obviously hardening an OS that is continually being developed, and keeping up with mitigations for new exploit techniques, requires regular updates.
3
I'm not sure what you mean specifically by "research sets", but can you speak more to particular hardening or mitigations implemented in Copperhead that may not be in Graphene (due to their being developed internally, after the split)?
3
Here's the take on what makes it better from their North American phone sales branch:
scholzmobility.com/copperhead/cop
Since they require paying for updates, one thing they had to develop was DRM to enforce paying for updates (user tracking) and they record hardware ids of customers.