5,606,409 Members 33,397 Now Online
XDA Developers Android and Mobile Development Forum

Security Concerns with Rooting/Custom ROM's

Tip us?
 
mjs2011
Old
(Last edited by mjs2011; 7th February 2014 at 11:45 PM.)
#1  
mjs2011's Avatar
Senior Member - OP
Thanks Meter 1628
Posts: 4,184
Join Date: May 2011
Default Security Concerns with Rooting/Custom ROM's

Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.

I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running custom ROM's, but it's not worth losing my job.

Thanks and sorry if this is the dumbest question you've ever read.
 
paperWastage
Old
(Last edited by paperWastage; 7th February 2014 at 09:06 PM.)
#2  
Senior Member
Thanks Meter 269
Posts: 647
Join Date: Mar 2009
Location: NJ
Quote:
Originally Posted by mjs2011 View Post
Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.

I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running customer ROM's, but it's not worth losing my job.

Thanks and sorry if this is the dumbest question you've ever read.
"Good for Enterprise" won't run on a rooted phone..

there are ways to bypass the root detection (google xda+good+hide+root, but if the app updates, you might have to re-hide it

with a rooted nexus 5... you could buy a really cheap used phone (with wifi), don't root it, install good and tether via your nexus 5... but you'll have to carry around two phones
Current Device:
Oppo Find 5 - experimental kernel
The Following 2 Users Say Thank You to paperWastage For This Useful Post: [ Click to Expand ]
 
Zepius
Old
#3  
Senior Member
Thanks Meter 1033
Posts: 2,728
Join Date: Mar 2011
if you're worried about security, stock rom, no root, stock everything, locked bootloader.
Go back to stock on your nexus 5 using this guide: here

Tired of paying too much money for your phone plan? go prepaid!

Save money on refills for your prepaid plans: Use Callingmart

-Zep
The Following User Says Thank You to Zepius For This Useful Post: [ Click to Expand ]
 
coolboy6332
Old
#4  
Member
Thanks Meter 17
Posts: 37
Join Date: Mar 2013
By rooting your phone as you may or may not already know, you are bypassing certain security measures in order to make manufacturer level changes such as installing roms. I personally believe because of that, your rooted phone will never be as secure as a non-rooted one. If i were you i would go back to stock and use androids built in security features (data encryption, password/pin) because no matter what app you use to protect yourself, because you are rooted there will always be a risk

Hope this helps
The Following User Says Thank You to coolboy6332 For This Useful Post: [ Click to Expand ]
 
mjs2011
Old
#5  
mjs2011's Avatar
Senior Member - OP
Thanks Meter 1628
Posts: 4,184
Join Date: May 2011
Great thanks for the responses. Yeah, I was a little worried about that. As much as I love rooting/custom ROM's, my job means 10x more. I'll go back to stock unrooted and locked bootloader.

Thanks again!
 
rootSU
Old
(Last edited by rootSU; 7th February 2014 at 10:24 PM.)
#6  
rootSU's Avatar
Senior Member
Thanks Meter 7520
Posts: 18,136
Join Date: Aug 2010
Location: Oxenhope, West Yorkshire, UK
My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)

Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.

So long as you follow simple rules, you should be fine

1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense

Although that said:

1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages

2) if the app doesn't work with root anyway..

Personally, if you really want corporate email on your phone AND freedom, get a second phone


Sent from my Nexus 5 using Tapatalk
Always read the OP's of a thread and the last 2 pages before asking questions, unless there has been an update - in which case, read the last 5 pages!

nexus 5 | SlimKat | ElementalX kernel | Philz Touch Recovery

I do NOT reply to support queries over PM.
The Following User Says Thank You to rootSU For This Useful Post: [ Click to Expand ]
 
mjs2011
Old
#7  
mjs2011's Avatar
Senior Member - OP
Thanks Meter 1628
Posts: 4,184
Join Date: May 2011
Quote:
Originally Posted by rootSU View Post
My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)

Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.

So long as you follow simple rules, you should be fine

1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense

Although that said:

1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages

2) if the app doesn't work with root anyway..

Personally, if you really want corporate email on your phone AND freedom, get a second phone


Sent from my Nexus 5 using Tapatalk
Thanks! Yeah, I think the key here is that our policy does state that the phone being used can't be modified, so it's better that I just follow the rules.

Plus, stock Android has improved so much over the years that this is a much easier decision than it would have been back in the day when I had my LG Optimus running Froyo.
 
rootSU
Old
#8  
rootSU's Avatar
Senior Member
Thanks Meter 7520
Posts: 18,136
Join Date: Aug 2010
Location: Oxenhope, West Yorkshire, UK
Quote:
Originally Posted by mjs2011 View Post
our policy does state that the phone being used can't be modified,
Then its best not to. Financial companies take this sort of thing very seriously and can often see breach as gross misconduct


Sent from my Nexus 5 using Tapatalk
Always read the OP's of a thread and the last 2 pages before asking questions, unless there has been an update - in which case, read the last 5 pages!

nexus 5 | SlimKat | ElementalX kernel | Philz Touch Recovery

I do NOT reply to support queries over PM.
The Following User Says Thank You to rootSU For This Useful Post: [ Click to Expand ]
 
MrObvious
Old
#9  
MrObvious's Avatar
Senior Member
Thanks Meter 251
Posts: 1,812
Join Date: Mar 2008
Location: Wichita KS
Thankfully a lot of the stock ROM is pretty good out of the box and just needs a few minor tweaks.

The Following User Says Thank You to MrObvious For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes