Return to Level1Techs.com

GrapheneOS (CopperheadOS successor)


GrapheneOS (previously named the Android Hardening Project) is an Android fork made by the lead developer of CopperheadOS, after he left/was-removed-from the company backing it; as such, I think it is fair/reasonable to call GrapheneOS the successor of CopperheadOS.

Project explained

GrapheneOS claims to be heavily security focused, with patches to its libc, and work on what appears to be remotely verifiable boot. The long term plan sounds very much like a Qubes-style security model, based on Xen, though with the eventual goal of replacing Linux years later with a compatibility layer (the dev here mentions gVisor) running on top of a microkernel.

Regardless of those future aspirations, the main dev’s focus on security has me quite interested. There are currently only builds for the Google Pixel 2, 3, and 3a phones, which while disappointing from the perspective of wanting to re-purpose existing hardware, is somewhat reassuring. “Do it right, or not at all” is the correct approach for a security-focused project, especially one with limited manpower at this time.

Disclaimer and Enthusiasm Reasoning

I should be absolutely clear that I have not looked through the source/patches myself at this time, as I would not know even where to begin; so my enthusiasm here is mainly informed by reading about the project and the main developer’s comments and decisions. I find myself continually thinking, “that makes sense” or at least, “I can understand that decision”.

In the GrapheneOS subreddit, I found a rather fair assessment from the main dev about how he sees a comparison between GrapheneOS, iOS, and the Android ecosystem as a whole:

Lack of Videos/Reviews

You may notice that there is very little in the way of anecdotes/reviews/videos about GrapheneOS, and this appears to be intentional. The main developer has asked the contributors/users/community to avoid making videos of it until (as I understand) the project catches back up to where CopperheadOS was before the quasi-fork.

In fact, the dev became a bit snarky after someone made a video review recently. I can understand the irritation with a new user using the username “GrapheneCommunity” as it can be seen as one person trying to speak on behalf of the entire group without their consultation, but he appears to threaten to not provide builds because of the existence of the video itself, which seems more than a little petulant:

The releases are made available with the understanding that they are a preview of an OS hardening project in an early state. They’ll stop being available for the time being if people treat it as something finished and miss the point behind it. If I need to hold off on public releases until it’s further along, I can do that.

Not providing builds is perfectly understandable, but presenting it as a tool to prevent other people from making videos/reviews seems wrong. Though maybe he was just having a bad day.

Discussion Topic

Does anyone have an experience with Graphene OS, or thoughts about it?

3 Likes

No thoughts on this particular fork, but Android possibly running on a generic Linux kernel might make things easier for projects like this.

2 Likes

The devs risks losing adoption of their software (the whole point of developing a free and open source OS in the first place) if he remains a bit immature about it. Also I don’t think the dev has a firm grasp of how the internet works if the dev is somewhat against internet “reviews”.

Adoption is not much of a concern right now though, and the community has consciously decided to try to fly under the public radar for the time being. Right now it sounds like they are mainly looking for developers; developers interested in, and willing to help with the project, are probably not dissuaded by the mere absence of a video.

I can completely understand that intent, to avoid bad “first impressions” or comments of “this is just AOSP; lame!”, but I think it is somewhat unreasonable to expect everyone on the internet to follow your no-video policy.

This is a good way to languish and not get any awareness. There is a reason why people spend insane amounts on money on marketing. It gets finances flowing and it gets developers to come over your platform.

How will people perceive your project as interesting or worthwhile if they even lack basic awareness.

Awareness and financing are not really relevant here. As I understand, the main dev is primarily working alone, and has recently been burned by the “finances” route when he worked on CopperheadOS.

However, driving developers to the project, while important later, is probably a hindrance right now as Daniel Micay is effectively trying to play catch-up with his work at Copperhead Limited; see Brook’s Law.

There is now a thread here about @PhaseLockedLoop experimenting with GrapheneOS:

Anyone interested in this thread might want to take a look over there.

1 Like