In the wake of security issues related to Android and the scariest threat of ‘Stagefright’ that has taken over the entire Android ecosystem by storm, there comes a ray of hope for the proud users of Android phones. Copperhead OS, a Toronto based startup is working hard to patch the Android security issue and even demonstrated results where additional “secure” Android devices failed. This not only raised doubts about Google’s promptness to address this critical issue at the vital moment but also clear the air how Android’s security system is the most vulnerable to bugs and hacks.
According to Chris Soghoian, principal technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union, says “Copperhead is probably the most exciting thing happening in the world of Android security today”. He further asserts that a megacorp like Google with unlimited funds and respected security system would leave any room for Copperhead to go forward.
Whereas, Copperhead OS, the two-man team ships a hardened version of Android that would integrate PaX and Gr-security into their distribution, the two of which are the most advanced secure technology till date. Also, their OS includes a number of security enhancements, which involves a port of compiler hardening, Open BSD’s malloc implementation, enhanced SE-Linux policies, as well as function pointer protection in libc. For security nuts, unfortunately, Copperhead presently solely supports Nexus devices.
Thereupon, Google’s Android security team welcomed most of Copperhead’s patches into their upstream AOSP (Android Open Source Project) code base. However, most of Copperhead’s security enhancements still needs improvements as they display some performance trade-offs or compatibility issues in order to reach a large user base.
Copperhead, on the other hand, chooses to go ahead with Nexus first, for they are considered to be the most secure handsets, whose software is directly controlled by Google and release monthly security updates. Daniel Micay of Copperhead explains, “What we’re doing is starting with the Nexus; a pretty good starting point”, adding further, “And we’re significantly improving the security of the operating system. We’re making a lot of under-the-hood changes and exploit mitigation to make it harder to exploit the vulnerabilities that are there.”
Micay aims to port the Grsecurity and PaX patches to the Android Linux kernel that would help to enhance the security feature of all Android devices. Let’s hope for the best.
At Global Employees, we provide dedicated, skilled professionals at substantially low cost, who work virtually from our office in India but report directly to you. Some of the jobs that can be outsourced to us are: Android developer, Software Developer, SEO, Data Entry, Content Writing, Bookkeeping, Website Designing, Call Center, Payroll, Accounts, Law, and much more!