Android developer professionals will be glad to know that a start-up on a tight budget is working to clean the Android security mess up, and even has shown results where additional “secure” Android devices failed, raising concerns regarding Google’s willingness to take on the broad vulnerabilities which exist in the globe’s most popular mobile OS.
A team of two men based in Toronto, Copperhead OS, ships a hardened edition of Android which has the goal of integrating PaX and Gr-security into their distribution. Also, their OS includes a number of security enhancements, which involves a port of compiler hardening, Open BSD’smalloc implementation, enhanced SE-Linux policies, as well as function pointer protection in libc. For security nuts, unfortunately, Copperhead presently solely supports Nexus devices.
The Android security team at Google accepted most of Copperhead’s patches into the upstream AOSP (Android Open Source Project) code base. However, most of Copperhead’s security enhancements aren’t likely to ever reach beyond its small, yet increasing user base, due to performance trade-offs or issues with compatibility.
CEO of Trail of Bits, Dan Guido, also has been confused concerning the vulnerability gap between Copperhead and the stock Android OS, as well as points out that the exact same couldn’t be stated for Apple’s iOS.
One billion individuals worldwide rely upon Android in order to secure their digital lives. The figure is only going to increase. How on earth did we get here, and is Copperhead—or even Google—able to put the garbage fire out?