Post Reply

[Q] Security of CM7 or other ROMs

26th April 2012, 12:00 AM   |  #11  
strapped365's Avatar
Senior Member
Flag Columbus
Thanks Meter: 2,807
 
5,132 posts
Join Date:Joined: Mar 2011
Donate to Me
More
Quote:
Originally Posted by drob311

I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...

Sent from my PG06100 using Xparent Blue Tapatalk 2

I would pay a good 10 bucks for that app!

Sent from my myTouch_4G_Slide using Tapatalk 2
26th April 2012, 03:02 AM   |  #12  
OP Junior Member
Flag F'Burg
Thanks Meter: 4
 
24 posts
Join Date:Joined: Jan 2011
More
I realized something unfortunately - the recovery and bootloader can't be locked down, which means that any apps loaded onto the phone can be easily deleted. So, that kinda makes locking the phone down to prevent data theft on a stolen device pointless.

Thoughts on locking the recovery and/or bootloader down in case of a stolen device?
26th April 2012, 03:32 AM   |  #13  
Senior Member
Flag Canton, MI
Thanks Meter: 67
 
196 posts
Join Date:Joined: Oct 2011
More
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
26th April 2012, 03:33 AM   |  #14  
Senior Member
Flag Canton, MI
Thanks Meter: 67
 
196 posts
Join Date:Joined: Oct 2011
More
Quote:
Originally Posted by drob311

I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...

Sent from my PG06100 using Xparent Blue Tapatalk 2

Knowing me I'd brick the phone and then find it two days later in my car
The Following User Says Thank You to fayrarri For This Useful Post: [ View ]
26th April 2012, 04:46 AM   |  #15  
sparksco's Avatar
Recognized Developer
Thanks Meter: 7,837
 
8,270 posts
Join Date:Joined: Feb 2010
Donate to Me
More
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
26th April 2012, 02:06 PM   |  #16  
OP Junior Member
Flag F'Burg
Thanks Meter: 4
 
24 posts
Join Date:Joined: Jan 2011
More
Quote:
Originally Posted by fayrarri

Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.

Quote:
Originally Posted by sparksco

In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open

Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.

However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.

I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
26th April 2012, 02:25 PM   |  #17  
drob311's Avatar
Senior Member
Flag Fond du Lac, WI
Thanks Meter: 960
 
1,651 posts
Join Date:Joined: Mar 2011
More
Quote:
Originally Posted by fayrarri

Knowing me I'd brick the phone and then find it two days later in my car

But if you activated the brick app, your phone would have already been reported stolen to assurion and put on the bad esn list, even if you find it, it can't be re-activated...

Sent from my PG06100
26th April 2012, 05:01 PM   |  #18  
Senior Member
Flag Canton, MI
Thanks Meter: 67
 
196 posts
Join Date:Joined: Oct 2011
More
Lol yes I realize that, just making a joke
26th April 2012, 09:20 PM   |  #19  
sparksco's Avatar
Recognized Developer
Thanks Meter: 7,837
 
8,270 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by smmiller506

Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.

However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.

I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.

What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
The Following User Says Thank You to sparksco For This Useful Post: [ View ]
26th April 2012, 11:54 PM   |  #20  
OP Junior Member
Flag F'Burg
Thanks Meter: 4
 
24 posts
Join Date:Joined: Jan 2011
More
Quote:
Originally Posted by sparksco

What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.

I completely agree with you on this one - data security is more important than anything else. Which is why I'm curious about the security of rooted phones - I enjoy the features of a rooted phone and hate the bloatware/jail-cell environment of a stock phone to give up root.

I will assume that the chances of a thief knowing how to use a rooted phone are pretty good. So, if I can lock down Android and root permissions in the OS, how can I do the same to the bootloader and/or recovery to achieve ultimate security?

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes