Post Reply

Security Concerns with Rooting/Custom ROM's

OP mjs2011

7th February 2014, 08:53 PM   |  #1  
mjs2011's Avatar
OP Senior Member
Thanks Meter: 1,682
 
4,307 posts
Join Date:Joined: May 2011
Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.

I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running custom ROM's, but it's not worth losing my job.

Thanks and sorry if this is the dumbest question you've ever read.
Last edited by mjs2011; 7th February 2014 at 11:45 PM.
7th February 2014, 08:57 PM   |  #2  
Senior Member
Flag NJ
Thanks Meter: 420
 
883 posts
Join Date:Joined: Mar 2009
More
Quote:
Originally Posted by mjs2011

Hi everyone, I hate to ask this question since I've been rooting and flashing ROM's for a good 3 years now.

I recently accepted a promotion at my work and I am now being given access to my work's email (through the app called "Good"). My fear is that my security is extremely important where I work because my employer is a financial institution. My question is if running anything other than stock presents any kind security risk whatsoever. I love running customer ROM's, but it's not worth losing my job.

Thanks and sorry if this is the dumbest question you've ever read.

"Good for Enterprise" won't run on a rooted phone..

there are ways to bypass the root detection (google xda+good+hide+root, but if the app updates, you might have to re-hide it

with a rooted nexus 5... you could buy a really cheap used phone (with wifi), don't root it, install good and tether via your nexus 5... but you'll have to carry around two phones
Last edited by paperWastage; 7th February 2014 at 09:06 PM.
The Following 2 Users Say Thank You to paperWastage For This Useful Post: [ View ]
7th February 2014, 09:07 PM   |  #3  
Senior Member
Thanks Meter: 1,083
 
2,866 posts
Join Date:Joined: Mar 2011
More
if you're worried about security, stock rom, no root, stock everything, locked bootloader.
The Following User Says Thank You to Zepius For This Useful Post: [ View ]
7th February 2014, 09:09 PM   |  #4  
Member
Thanks Meter: 17
 
37 posts
Join Date:Joined: Mar 2013
By rooting your phone as you may or may not already know, you are bypassing certain security measures in order to make manufacturer level changes such as installing roms. I personally believe because of that, your rooted phone will never be as secure as a non-rooted one. If i were you i would go back to stock and use androids built in security features (data encryption, password/pin) because no matter what app you use to protect yourself, because you are rooted there will always be a risk

Hope this helps
The Following User Says Thank You to coolboy6332 For This Useful Post: [ View ]
7th February 2014, 09:55 PM   |  #5  
mjs2011's Avatar
OP Senior Member
Thanks Meter: 1,682
 
4,307 posts
Join Date:Joined: May 2011
Great thanks for the responses. Yeah, I was a little worried about that. As much as I love rooting/custom ROM's, my job means 10x more. I'll go back to stock unrooted and locked bootloader.

Thanks again!
7th February 2014, 10:12 PM   |  #6  
rootSU's Avatar
Senior Member
Flag Oxenhope, West Yorkshire, UK
Thanks Meter: 12,150
 
23,139 posts
Join Date:Joined: Aug 2010
More
My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)

Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.

So long as you follow simple rules, you should be fine

1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense

Although that said:

1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages

2) if the app doesn't work with root anyway..

Personally, if you really want corporate email on your phone AND freedom, get a second phone


Sent from my Nexus 5 using Tapatalk
Last edited by rootSU; 7th February 2014 at 10:24 PM.
The Following 2 Users Say Thank You to rootSU For This Useful Post: [ View ]
7th February 2014, 10:36 PM   |  #7  
mjs2011's Avatar
OP Senior Member
Thanks Meter: 1,682
 
4,307 posts
Join Date:Joined: May 2011
Quote:
Originally Posted by rootSU

My opinion as a corporate email administrator and IT security and compliance policy writer.... (edit - and experienced android rooter)

Although I would always ensure my policy dictates rooted phones are not used, the risk doesn't lay within root itself. Nothing can get root without your say so and applications are sandboxed meaning they cannot Install themselves without user intervention.

So long as you follow simple rules, you should be fine

1) Use reputable custom roms. Stay away from betas, tests and leaks
2) only install reputable applications from reputable sources. Stick to play and xda. Don't be an early adopter.
3) use a secure kernel. Do not opt for insecure ones (Insecure adb)
4) keep the device password protected at all times.
5) ensure the strictest settings in the supersu app. Monitor it regularly
6) use flashify to flash stock recovery and bootunlocker to lock your bootloader - your everyday state MUST be stock recovery and locked bootloader. Unlock bootloader and flash recovery to flash roms and kernels but ensure you flash stock recovery and re lock
7) exercise common sense

Although that said:

1) if your company IT /AUP policy dictates no root, you'd better comply. I've worked in similar places where they have blanked out camera plates on blackberrys and check your messages

2) if the app doesn't work with root anyway..

Personally, if you really want corporate email on your phone AND freedom, get a second phone


Sent from my Nexus 5 using Tapatalk

Thanks! Yeah, I think the key here is that our policy does state that the phone being used can't be modified, so it's better that I just follow the rules.

Plus, stock Android has improved so much over the years that this is a much easier decision than it would have been back in the day when I had my LG Optimus running Froyo.
7th February 2014, 10:38 PM   |  #8  
rootSU's Avatar
Senior Member
Flag Oxenhope, West Yorkshire, UK
Thanks Meter: 12,150
 
23,139 posts
Join Date:Joined: Aug 2010
More
Quote:
Originally Posted by mjs2011

our policy does state that the phone being used can't be modified,

Then its best not to. Financial companies take this sort of thing very seriously and can often see breach as gross misconduct


Sent from my Nexus 5 using Tapatalk
The Following User Says Thank You to rootSU For This Useful Post: [ View ]
7th February 2014, 10:52 PM   |  #9  
MrObvious's Avatar
Senior Member
Flag Wichita KS
Thanks Meter: 263
 
1,913 posts
Join Date:Joined: Mar 2008
More
Thankfully a lot of the stock ROM is pretty good out of the box and just needs a few minor tweaks.

The Following User Says Thank You to MrObvious For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Nexus 5 Q&A, Help & Troubleshooting by ThreadRank