coldcarbon
31st October 2009, 11:01 PM
This might sound paranoid to some, but I have just a couple general questions about ROMs and security.
I recently purchased an HTC Pure from AT&T, and have tried several ROMs to get rid of the AT&T bloatware. I've been really impressed by this community and the enormous amount of work that the chefs put into each build to tune them. I can say that I'm a much happier owner of an HTC Pure now.
So, onto my questions. Obviously this community self-polices to some extent, which is why I felt comfortable installing ROMs created by people I don't know. But given that smartphones are just as capable a platform for mayhem and trickery as PCs are, is there really any way to determine that a cooked ROM is free of rootkits or other low-level hooks?
Obviously there are virus scanners for smartphone splatforms, and I've installed and used them to check for obvious viruses following a ROM install, but there are only a few popular scanners for mobile (Bullguard, F-Secure, Symantec, Trend Micro, and a few others), which means it wouldn't be too hard to write malware specifically designed to operate beneath detection of these scanners.
I know I definitely wouldn't be comfortable installing tuned Windows image on my home hardware, even from a trusted community like xda-developers, so I'm wondering how you all deal with the question of security when installing ROMs. Do you install mobile firewalls to try and determine whether there are any rogue packets? Do you compare the included system files to known good files?
As far as I know, there haven't been any DDoS attacks or self-replicating viruses based purely on smartphone platforms, but that may soon change with the increasing popularity of flashing ROMs.
What are your thoughts about this and how do you put your mind at ease when you flash a ROM downloaded here or elsewhere?
Also, as a completely off-topic question, anybody have an HTC Pure boot image that says HTC Pure on it? The ROMs I've been installing all have HTC Touch Diamond 2 showing on the boot image, and I actually like the name HTC Pure better, but I didn't save it before flashing. :-)
I recently purchased an HTC Pure from AT&T, and have tried several ROMs to get rid of the AT&T bloatware. I've been really impressed by this community and the enormous amount of work that the chefs put into each build to tune them. I can say that I'm a much happier owner of an HTC Pure now.
So, onto my questions. Obviously this community self-polices to some extent, which is why I felt comfortable installing ROMs created by people I don't know. But given that smartphones are just as capable a platform for mayhem and trickery as PCs are, is there really any way to determine that a cooked ROM is free of rootkits or other low-level hooks?
Obviously there are virus scanners for smartphone splatforms, and I've installed and used them to check for obvious viruses following a ROM install, but there are only a few popular scanners for mobile (Bullguard, F-Secure, Symantec, Trend Micro, and a few others), which means it wouldn't be too hard to write malware specifically designed to operate beneath detection of these scanners.
I know I definitely wouldn't be comfortable installing tuned Windows image on my home hardware, even from a trusted community like xda-developers, so I'm wondering how you all deal with the question of security when installing ROMs. Do you install mobile firewalls to try and determine whether there are any rogue packets? Do you compare the included system files to known good files?
As far as I know, there haven't been any DDoS attacks or self-replicating viruses based purely on smartphone platforms, but that may soon change with the increasing popularity of flashing ROMs.
What are your thoughts about this and how do you put your mind at ease when you flash a ROM downloaded here or elsewhere?
Also, as a completely off-topic question, anybody have an HTC Pure boot image that says HTC Pure on it? The ROMs I've been installing all have HTC Touch Diamond 2 showing on the boot image, and I actually like the name HTC Pure better, but I didn't save it before flashing. :-)