The Partnership Collapse Behind GrapheneOS

A Wired investigation traces the origins of GrapheneOS, the privacy-focused mobile operating system, to a bitter partnership collapse between developer Daniel Micay and former business partner James Donaldson over their earlier project, CopperheadOS. Donaldson and Micay incorporated Copperhead in 2015 with equal shares, Donaldson as CEO and Micay as chief technology officer. Their product, CopperheadOS, was an open source operating system focused on Android hardening. It drew praise from the ACLU's Chris Soghoian, who called it "the most exciting thing happening in the world of Android security." Tensions escalated when Donaldson moved CopperheadOS from open source to a noncommercial license in 2016 and began pursuing defense contracts. Micay, an open source purist, viewed these changes as eroding the integrity of his code. When Donaldson's lawyers sent a letter in May 2018 attempting to revise Micay's role and gather information about the keys, Micay refused. A month later, Donaldson's lawyers sent a termination letter. Rather than surrender the keys, Micay destroyed them. In a since-deleted Reddit post, he wrote: "I consider the company and the infrastructure to be compromised." The destruction of the signing keys rendered CopperheadOS unupdateable, leaving devices vulnerable. Partners dropped out, and Donaldson filed a claim in March 2020 requesting nearly half a million Canadian dollars in damages. The two now communicate through lawyers. Before the dust settled, Micay had begun rebuilding his code under a new name: GrapheneOS. Launched in April 2019 as a nonprofit funded GrapheneOS has grown to about 400,000 users. According to leaked Cellebrite documents reported