Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,777,785 Members 46,652 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Security of CM7 or other ROMs

Tip us?
 
strapped365
Old
#11  
strapped365's Avatar
Senior Member
Thanks Meter 2807
Posts: 5,132
Join Date: Mar 2011
Location: Columbus

 
DONATE TO ME
Quote:
Originally Posted by drob311 View Post
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...

Sent from my PG06100 using Xparent Blue Tapatalk 2
I would pay a good 10 bucks for that app!

Sent from my myTouch_4G_Slide using Tapatalk 2
 
smmiller506
Old
#12  
Junior Member - OP
Thanks Meter 4
Posts: 24
Join Date: Jan 2011
Location: F'Burg
I realized something unfortunately - the recovery and bootloader can't be locked down, which means that any apps loaded onto the phone can be easily deleted. So, that kinda makes locking the phone down to prevent data theft on a stolen device pointless.

Thoughts on locking the recovery and/or bootloader down in case of a stolen device?
 
fayrarri
Old
#13  
Senior Member
Thanks Meter 67
Posts: 196
Join Date: Oct 2011
Location: Canton, MI
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
--
Twitter: FayFay33
Evo Shift 4G: Twisted ICS

Kindle Fire: Jellybean

Evo 4G: CM10 Unofficial
 
fayrarri
Old
#14  
Senior Member
Thanks Meter 67
Posts: 196
Join Date: Oct 2011
Location: Canton, MI
Quote:
Originally Posted by drob311 View Post
I wish I knew java, I would make an app that would brick the phone if the owner activated said app from a pc... The only way to prevent a thief from stealing your info is to make the the phone completely disabled... Since you call insurance right away to report the phone stolen, they (assurion) deactivate the device and put it on the bad esn list, essentially rendering the phone useless but an app accessible from a pc to completely brick the phone, would be the ultimate "**** you" to the prick that stole your device...

Sent from my PG06100 using Xparent Blue Tapatalk 2
Knowing me I'd brick the phone and then find it two days later in my car
--
Twitter: FayFay33
Evo Shift 4G: Twisted ICS

Kindle Fire: Jellybean

Evo 4G: CM10 Unofficial
The Following User Says Thank You to fayrarri For This Useful Post: [ Click to Expand ]
 
sparksco
Old
#15  
sparksco's Avatar
Recognized Developer
Thanks Meter 7831
Posts: 8,269
Join Date: Feb 2010

 
DONATE TO ME
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
HTC G1: Bricked
HTC G1 #2: Broke
HTC Evo Shift 4G: Active
ASUS Nexus 7: Active
LGE Nexus 4: Active


2-step unroot back to stock 2.3.4 from s-off-Evo Shift 4G
My Work-Evo Shift 4G

Lead Developer of SaberMod
Team member of AOSPAL[PSD]

If I've helped you in any way shape or form please hit the thanks button
 
smmiller506
Old
#16  
Junior Member - OP
Thanks Meter 4
Posts: 24
Join Date: Jan 2011
Location: F'Burg
Quote:
Originally Posted by fayrarri View Post
Well Avast does root installation so that stays on the device even if its factory reset. And I believe there is a command that you can send the phone that makes accessing the applications menu impossible.
Quote:
Originally Posted by sparksco View Post
In regards to security you can also set a pattern for your lockscreen and it won't unlock even when you slide the keyboard open
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.

However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.

I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
 
drob311
Old
#17  
drob311's Avatar
Senior Member
Thanks Meter 960
Posts: 1,651
Join Date: Mar 2011
Location: Fond du Lac, WI
Quote:
Originally Posted by fayrarri View Post
Knowing me I'd brick the phone and then find it two days later in my car
But if you activated the brick app, your phone would have already been reported stolen to assurion and put on the bad esn list, even if you find it, it can't be re-activated...

Sent from my PG06100
 
fayrarri
Old
#18  
Senior Member
Thanks Meter 67
Posts: 196
Join Date: Oct 2011
Location: Canton, MI
Lol yes I realize that, just making a joke
--
Twitter: FayFay33
Evo Shift 4G: Twisted ICS

Kindle Fire: Jellybean

Evo 4G: CM10 Unofficial
 
sparksco
Old
#19  
sparksco's Avatar
Recognized Developer
Thanks Meter 7831
Posts: 8,269
Join Date: Feb 2010

 
DONATE TO ME
Quote:
Originally Posted by smmiller506 View Post
Again, both of these apply to when Android and the original ROM are still installed. So, if your phone gets stolen by someone who knows how to root a phone and use the recovery, he could backup all of your data, flash a new ROM through recovery and now he has a new phone with no apps, lockscreen, or Superuser app to deny permissions to root. With the backed-up data, he could sift through that and possibly find personal data.

However, the lockscreen will be successful against entry if the person doesn't know how to use the recovery. Superuser rights can't be granted if it can't pass the lockscreen. And right now, I have no permissions granted to ADB shell or Terminal Emulator.

I know some people may think, "what is this guy thinking, he's an idiot, etc..." but I am thinking of worst case scenarios in a security perspective in regard to data protection.
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
HTC G1: Bricked
HTC G1 #2: Broke
HTC Evo Shift 4G: Active
ASUS Nexus 7: Active
LGE Nexus 4: Active


2-step unroot back to stock 2.3.4 from s-off-Evo Shift 4G
My Work-Evo Shift 4G

Lead Developer of SaberMod
Team member of AOSPAL[PSD]

If I've helped you in any way shape or form please hit the thanks button
The Following User Says Thank You to sparksco For This Useful Post: [ Click to Expand ]
 
smmiller506
Old
#20  
Junior Member - OP
Thanks Meter 4
Posts: 24
Join Date: Jan 2011
Location: F'Burg
Quote:
Originally Posted by sparksco View Post
What are the chances that the person knows how to use a rooted phone? And by the time they figure out how to use it, what rom they want to install ect, you could wipe all data on the phone using something like avast. You could even wipe the sdcard. Remember protecting your data and personal info is what's important here, not if they can use the phone because it's rooted.
I completely agree with you on this one - data security is more important than anything else. Which is why I'm curious about the security of rooted phones - I enjoy the features of a rooted phone and hate the bloatware/jail-cell environment of a stock phone to give up root.

I will assume that the chances of a thief knowing how to use a rooted phone are pretty good. So, if I can lock down Android and root permissions in the OS, how can I do the same to the bootloader and/or recovery to achieve ultimate security?

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes