R.I.P. Penguinphone, Hello CopperheadOS!
Tuesday, 2017-01-03Long article incoming…
This is sort-of a sad update to my penguinphone post. As I wrote there, I had still refused to give in to Android… this is no longer true. I am using CopperheadOS as my day to day phone now, and bought a new phone for that. As you can see from the lack of both activity in the GitHub repo of penguinphone and from the lack of similar projects for the N900, not much happened either from my side or from the rest of the community (which means in other words, that there is not much left of that community). I guess, that they all have realized sooner or later, that we aren’t enough coders/hackers to create an alternative operating system for the N900. I mean even Mozilla with their huge resources and money have failed to create their FirefoxOS for mobile phones (not for the N900, but generally as Android alternative) - this must mean something. Let me elaborate from my point of view, why it is basically an impossible task.
Fixing Maemo
Maemo is the stock operating system for the N900. It has hopelessly outdated software (Firefox based browser “micro-g”, kernel, glibc, openssl, wpa_supplicant, just everything), and some core components are closed-source. The obvious action would be, to try to replace the whole operating system with free software, and also to update all applications. But try to port a newer Firefox version to Maemo, that is as resource efficient, as micro-b for example… that alone is an impossible task for one developer!
Replacing Maemo
So I went on to replace Maemo. I have created a very basic Maemo-like user interface and optimistically hoped to either find the energy to do the rest of the operating system (seems to be impossible now!), or to re-inspire the N900 community to join my effort. As I said in the introduction above, this did not go anywhere.
Missing (Cryptography) Applications
Even if someone did update Maemo / make a suitable replacement, that can do basic things such as calls over the cellular network: You can’t do any encrypted messaging and calls with your friends (not counting nerds who know about XMPP etc.)! Signal - to name the most prominent example - is an App rolled out fairly well on Android phones and easy enough to use, so you can even install it on your grandma’s phone. It replaces the default SMS application, and lets you do encrypted communication whenever two users, who have Signal installed, want to communicate. So this is exactly the kind of application you would want to use on your self-written operating system. But the bad news is, it really is only available on Android. Sure, there is Chromium plugin, so you could use it on the Desktop - but as I understand, it can only be used in combination with your phone (and on the browser, you can only type messages, but not do any calls). And even if the chromium version would be usable, it would probably eat up all RAM and CPU of the N900!
This is just one example, the same goes for basically all crypto messengers and for the Tor Browser (Orfox).
It is also not trivial to run Android applications anywhere but on the Android OS, because Android has its own graphics stack. You can’t even run the Android apps directly on your regular Linux distribution, although both operating systems build on the same kernel! Even app developers boot up a fully bloated Android VM to get anything done. What we would need, is something like WINE, but there is nothing that is even close (I can’t even find the homepage of the icedrobot project anymore!).
What do we do now?
I guess, we are stuck with Android for phones for quite a while. We should focus on having a truely open and more secure version of it at least. That is the goal of the Replicant project - but as they are also outdated and insecure as of now (January 2017: still based on Android 4!), CopperheadOS seems to be the only sane choice. They keep up with the Android release process, have instant security updates, use open components wherever possible, ship the F-Droid store with open source apps by default. Now even with an own Signal version (that of now can not do calls yet, but that might come at some point in the future).
Just to make this clear: If you install any Android ROM based on an outdated Android version (Replicant, Cyanogen, OmniROM, Paranoid Android, you name it), it just takes one MMS for an attacker to have root access to your phone and you won’t even notice. It can read all your passwords, messages, listen to your calls, track your location, record audio and video of you, encrypt your files and blackmail you to give them money in exchange for the password/the stolen data (or infect other people). Cryptography applications like Signal can not protect you from this. It is irresponsible to have an outdated Android version, if you know anything about security.
Note: It is also possible to create your own version of CopperheadOS, with a different mix of security. You can have the Google Play store installed (negative impact on security, because you must trust closed source software), but then you can use the stock Signal version (positive impact on security, because phone calls work there, and it is generally the only version, that is officially supported from OpenWhisperSystems, its authors) and possibly route everything through TOR (positive impact on privacy). Then again, you MUST create your own derivate version whenever there is an updated version of CopperheadOS available, especially when it is a security update. From my experience, these updates come every week or so! If you are interested in that trade-off, check out mission-improbable, which does just that.
You may have noted, that CopperheadOS is only available for a very limited selection of devices. If you are a hacker, and your phone fulfills the requirements, try to port it and collaborate with the project.
Let me end this post with a quote about CyanogenMod - which does not make the situation better. It is completly revolving now anyway, as the company behind it has ceased (they are rebranding it to LineageOS and right now have not made a single release yet). So CopperheadOS was once based on CyanogenMod and switched (source):
When we used to be based on CyanogenMod, we found several local privilege escalation vulnerabilities in su exposed to all apps even with it disabled, and it’s not entirely fixed. In general code written by the ROM community puts features first and isn’t mature or well-reviewed code. It’s not written with security in mind. It’s counter-productive to use it for security reasons.
I really wish we had more alternatives (even for “Android distributions”), but right now I can only recommend CopperheadOS. Rest in peace, N900.