[Q] Security Concerns - Official CM/AOKP vs. Unofficial CM/AOKP
Some of my friends in the phone/wireless communications business (including a PhD) tell me that custom ROMs are unsafe and there could be written in the code spyware such as keyloggers that can steal your data and do other things of the sort in the background. Cyanogenmod (and AOKP maybe) seem to be pretty safe, and I am running it on my i897, but the Legend is not supported anymore and the latest official ROM I can get is Gingerbread on CM7, which is very slow and seems to have issues. However, I have found these UNOFFICIAL Cyanogenmod/AOKP ROMS made by others:
Note: Don't know if this matters, but all the ROMs save the last were not made by Recognised Developers.
These ROMs (I haven't tried some of them yet) run very smoothly on the Legend and are almost as good as a daily driver.
So can I trust these ROMs because they are based on CM/AOKP but are unofficial, or is the security compromised as it was unofficially done by a member? I would like answers from a technical point of view, not speculation such as 'devs usually have no intent', etc. Don't get me wrong, I may be paranoid, but I truly appreciate the amazing work that devs here are doing, but the possibility of security issues, especially with Linux and open source, is of my concern.
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?