Security-focused Android fork born from a bitter co-founder dispute at CopperheadOS, where the lead developer was fired and deleted the signing keys.
GrapheneOS is an AOSP-based mobile OS with extensive hardening: hardened memory allocator (hardened_malloc), improved ASLR, sandboxed Google Play services, per-app network/sensor toggles, storage scopes, and the Vanadium hardened Chromium browser. It only supports Pixel devices to ensure timely firmware updates.
CopperheadOS was launched in 2014 by Daniel Micay and James Donaldson as a hardened Android distribution focused on privacy and security. Micay was the technical genius — the CTO and lead developer who implemented the deep kernel hardening, memory protections, and security features that made CopperheadOS stand out. Donaldson was the CEO handling business operations. For several years, the partnership worked.
In early 2018, disagreements over business policy escalated between the two founders. In June 2018, Donaldson fired Micay. Micay's response was dramatic: he posted his dismissal notice on Reddit and deleted the cryptographic signing keys necessary to push OTA updates to existing CopperheadOS users, declaring that he considered 'the company and infrastructure to be compromised.' This effectively bricked the update pipeline for all existing users.
Micay continued his security work under a new project name — initially 'Android Hardening,' then renamed to GrapheneOS in April 2019. He took with him the deep security expertise and community trust that had made CopperheadOS notable. GrapheneOS went on to implement innovative features like sandboxed Google Play (allowing Google services in an unprivileged sandbox rather than requiring microG's signature spoofing), hardened memory allocator, and per-app network toggles.
The story took another turn in May 2023, when Micay himself stepped down as GrapheneOS lead amid mounting tensions with community members and other projects. His interactions with the broader security community had become increasingly combative — at one point, he told the Bromite project they could no longer use GrapheneOS code because they planned to accept a contribution from a CalyxOS member.
GrapheneOS survived the transition and continues to thrive as arguably the most security-hardened mobile operating system available, recommended by security researchers and privacy advocates worldwide. CopperheadOS continues to exist as a commercial product but with a fraction of its former reputation.
CopperheadOS founded by Daniel Micay and James Donaldson
Donaldson fires Micay; Micay deletes signing keys and goes public on Reddit
Micay renames Android Hardening project to GrapheneOS
GrapheneOS introduces sandboxed Google Play, a breakthrough approach
Daniel Micay steps down as GrapheneOS lead amid community tensions
GrapheneOS set the standard for mobile security hardening and influenced AOSP itself — several of its security improvements were adopted upstream by Google. The sandboxed Google Play approach proved that security and usability don't have to be mutually exclusive, influencing how other privacy-focused ROMs handle Google services. The project demonstrated that technical excellence can survive even the most acrimonious fork.