Are Custom Roms secure?

Search This thread
By:
Advanced…
S

Supermannypr

Guest
I have been wondering, how secure are android roms? What I mean is, if I should be worried about getting personal data stolen or any such thing concerning web surfing, online purchases, etc? Which is more secure? Stock Roms or cusom Roms? Any help would be greatly appreciated! Thanks!
 
erpurohit

erpurohit

Senior Member
Feb 21, 2010
1,987
1,436
Supermannypr said:
I have been wondering, how secure are android roms? What I mean is, if I should be worried about getting personal data stolen or any such thing concerning web surfing, online purchases, etc? Which is more secure? Stock Roms or cusom Roms? Any help would be greatly appreciated! Thanks!
Click to expand...
Click to collapse

Grow up mate... :laugh:

There are thousands of user who are enjoying custom roms and still you think it insecure...
 
  • Like
Reactions: tempura
T

Trinnity66

Senior Member
May 25, 2011
56
17
Albion Park
erpurohit said:
Grow up mate... :laugh:

There are thousands of user who are enjoying custom roms and still you think it insecure...
Click to expand...
Click to collapse

This is a harsh response to what I believe is a very valid question by the original poster. People ask questions because they have concerns or simply do not know the answer. They do not need people like you having a shot at them simply because they asked a question.


To the OP: The people who put together the custom ROMs you find on XDA are mostly genuine people looking to share their knowledge and experience by building ROMs that make our devices operate faster, smoother, and feature enhanced. They are not out to load them with malware to scam you and suck your credit and identity dry.

Having said that however, it could be done if the wrong person or group of people starting building ROMs with that purpose.

I personally will only ever download a ROM from a builder or group of builders who have a credible reputation here in the Forums to be sure.

I hope that eases you mind a little.

Take care.
 
  • Like
Reactions: DroidForPresident, tempura, heretix and 2 others
S

Supermannypr

Guest
Thankyou.

Trinnity66 said:
This is a harsh response to what I believe is a very valid question by the original poster. People ask questions because they have concerns or simply do not know the answer. They do not need people like you having a shot at them simply because they asked a question.


To the OP: The people who put together the custom ROMs you find on XDA are mostly genuine people looking to share their knowledge and experience by building ROMs that make our devices operate faster, smoother, and feature enhanced. They are not out to load them with malware to scam you and suck your credit and identity dry.

Having said that however, it could be done if the wrong person or group of people starting building ROMs with that purpose.

I personally will only ever download a ROM from a builder or group of builders who have a credible reputation here in the Forums to be sure.

I hope that eases you mind a little.

Take care.
Click to expand...
Click to collapse

I have always had that question. I have to agree on only installing roms from devs with a credible reputation, at the end of the day this is what I would use for everything and I need to feel ane be sure I am secure. Thanks for your answere, I can keep my peace in that aspect.

Thanks to all the devs that dedicate there time with their amazing Rom projects!! Keep up the great work!!!
 
O

O-T

Senior Member
Sep 28, 2010
934
389
Allmost every "custom" roms include a rooted kernel and CWM recovery. That will give anyone who can do "adb" operations the option to reboot your phone to recovery. Sim,pattern or pin lock doesn't matter as long as phone is in their hand.
Battery off - reboot to CWM, connect usb, and everything on your phone is available to copy to computer using adb commands.

The only way to secure custom ROM run by a rooted kernel with CWM is to ENCRYPT all files on your phone.
 
Last edited:
burakgon

burakgon

Senior Member
Oct 26, 2010
3,054
3,799
www.burakgon.com
As a ROM Maker, I always care about every permissions for every single file. I everytime match everything true permissions but not 777 even if I fail 999 times.

Sent from my GT-I9000 using xda app-developers app
 
  • Like
Reactions: Angristan
A

AlwaysDroid

Senior Member
Mar 17, 2012
967
251
Edmonton
Think about this. Someone finds your phone, you had lost it. Turns off pulls out sim so you can't find its location, reboots into recovery, connects to computer, then adb shell and do the command dd /data. Dumps all the data into a .IMG file. Repacks it into an Odin flash able tar. Flashes to his phone. Has all your info.

I wouldn't worry though, most people know nothing of this. I don't worry :)

Sent from my GT-I9000 using xda premium
 
groksteady

groksteady

Senior Member
Feb 6, 2012
395
107
Shanghai
O-T and AlwaysDroid, you guys are absolutely right, but the OP still raises a legitimate concern. There's lots of other threat assessments that will rule out physical access. It's a matter of practicality. In some places, traditional martial arts self-defense training can help or save you, in others most clashes do not involve hand-to-hand fighting.

I'm typing on xda app, do forgive Mr for forgetting names, but others here are right, too. A developer's reputation goes a long way, and these teams also put their code out for others to see. I can't tell what's inside, but rely on the fact that others look at it to learn, compile themselves, cherry pick, etc. Also, I do prefer when devs post MD5s.

Back to OP, which primarily asked about data leakage, is there an android equivalent of Little Snitch on Macs?

sent from a telephonic device
 
iamXD

iamXD

Member
Aug 6, 2012
44
17
Yes they are

use basic custom roms if u wish. . which r stable..

dont prefer nightlies/ alpha if u r a starter

---------- Post added at 12:19 PM ---------- Previous post was at 12:13 PM ----------
burakgon said:
As a ROM Maker, I always care about every permissions for every single file. I everytime match everything true permissions but not 777 even if I fail 999 times.

Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse

Nobody like frequent force closes.. do they ?
 
S

Supermannypr

Guest
AlwaysDroid said:
Think about this. Someone finds your phone, you had lost it. Turns off pulls out sim so you can't find its location, reboots into recovery, connects to computer, then adb shell and do the command dd /data. Dumps all the data into a .IMG file. Repacks it into an Odin flash able tar. Flashes to his phone. Has all your info.

I wouldn't worry though, most people know nothing of this. I don't worry :)

Sent from my GT-I9000 using xda premium
Click to expand...
Click to collapse

Wow! I had no idea that someone could do that... I know that this has a very slim chance of happening, but is there anyway to avoid it?
 
A

AJ

Senior Member
Aug 8, 2012
344
67
since the source is open to all

and anyone could examine it

i would say they are somewhat secure
 
A

AlwaysDroid

Senior Member
Mar 17, 2012
967
251
Edmonton
Supermannypr said:
Wow! I had no idea that someone could do that... I know that this has a very slim chance of happening, but is there anyway to avoid it?
Click to expand...
Click to collapse

Not really :/ almost no one can do this, I mean unless the guy that finds your phone is a resident here or at roots wiki and even then, I doubt it. The thing is, as long as your rooted, your data just isn't as safe. You couldn't do that on stock, cause its not rooted. The only thing I could imagine for the future would be a recovery that asks for a pin code before allowing you to enter. Its unavoidable, and really nothing to worry about. Just turn off USB debugging when not in use, use dev options to only give apps root access and not adb (not sure if it stops it in recovery as well) and don't lose your phone.

Sent from my GT-I9000 using xda premium
 
  • Like
Reactions: DroidForPresident and groksteady
D

de333

Member
Dec 17, 2012
12
1
Apropos encryption

O-T said:
Allmost every "custom" roms include a rooted kernel and CWM recovery. That will give anyone who can do "adb" operations the option to reboot your phone to recovery. Sim,pattern or pin lock doesn't matter as long as phone is in their hand.
Battery off - reboot to CWM, connect usb, and everything on your phone is available to copy to computer using adb commands.

The only way to secure custom ROM run by a rooted kernel with CWM is to ENCRYPT all files on your phone.
Click to expand...
Click to collapse

Is there a way to enable file system encryption in Cyanogenmod 7?
 
S

scarookie

Senior Member
Jan 19, 2013
66
24
Well, Samsung stopped updating this capable phone which is similar to the nexus s(they claimed it can't handle ICS or jb while nexus s gets the latest firmware) Custom ROMs especially jb ROMs make your phone feel new unlike stock which are outdated. Just flash one from a credible developer & u won't regret
 
Eirwn

Eirwn

Senior Member
Jun 1, 2011
50
12
There is no motive from the developers. What should they get? Your FB passwords? And sell them to your girlfriend?
 
  • Like
Reactions: Limitscrw
V

vasuy19

Member
Jan 16, 2014
22
4
Bangalore
Agree

Supermannypr said:
I have always had that question. I have to agree on only installing roms from devs with a credible reputation, at the end of the day this is what I would use for everything and I need to feel ane be sure I am secure. Thanks for your answere, I can keep my peace in that aspect.

Thanks to all the devs that dedicate there time with their amazing Rom projects!! Keep up the great work!!!
Click to expand...
Click to collapse

I am 100% agree, with the your comment bro. We should install the ROM from recognized and good reputed developers. :)

:good::good::good::good:
 
1

16kzx81

Member
Nov 3, 2012
13
2
Eirwn said:
There is no motive from the developers. What should they get? Your FB passwords? And sell them to your girlfriend?
Click to expand...
Click to collapse


Really? So if there was - just for the sake of argument - a backdoor or a keylogger on your phone that was placed there by a dev, you're saying they would get nothing out of that? Is a bit naive dont you think?
 
  • Like
Reactions: salexbe
You must log in or register to reply here.

Similar threads

K4P1
  • Poll
[KERNEL LIST] Galaxy S I9000 Custom KERNEL List [08.05.2011]
Replies
50
Views
299K
A
a fluffy fellow
tetakpatak
  • Sticky
[FULL GUIDE][UNBRICK][Root] Flash custom or stock ROMs or kernels [i9000][VIDEO]
Replies
221
Views
177K
tetakpatak
tetakpatak
EwOkie
[HOW TO GUIDE i9000] ★ Flashing Rom with JVU before Custom ROM + EXTRAS ★
Replies
79
Views
77K
S
sunny54_8
AllGamer
[Solved] Can't establish a reliable data connection to the server
Replies
105
Views
381K
Exnor
Exnor
malikusmanrasheed
What Jelly Bean Rom are you guys using
Replies
354
Views
56K
S
scarookie

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 5
    T
    Trinnity66
    erpurohit said:
    Grow up mate... :laugh:

    There are thousands of user who are enjoying custom roms and still you think it insecure...
    Click to expand...
    Click to collapse

    This is a harsh response to what I believe is a very valid question by the original poster. People ask questions because they have concerns or simply do not know the answer. They do not need people like you having a shot at them simply because they asked a question.


    To the OP: The people who put together the custom ROMs you find on XDA are mostly genuine people looking to share their knowledge and experience by building ROMs that make our devices operate faster, smoother, and feature enhanced. They are not out to load them with malware to scam you and suck your credit and identity dry.

    Having said that however, it could be done if the wrong person or group of people starting building ROMs with that purpose.

    I personally will only ever download a ROM from a builder or group of builders who have a credible reputation here in the Forums to be sure.

    I hope that eases you mind a little.

    Take care.
    View
    2
    A
    AlwaysDroid
    Supermannypr said:
    Wow! I had no idea that someone could do that... I know that this has a very slim chance of happening, but is there anyway to avoid it?
    Click to expand...
    Click to collapse

    Not really :/ almost no one can do this, I mean unless the guy that finds your phone is a resident here or at roots wiki and even then, I doubt it. The thing is, as long as your rooted, your data just isn't as safe. You couldn't do that on stock, cause its not rooted. The only thing I could imagine for the future would be a recovery that asks for a pin code before allowing you to enter. Its unavoidable, and really nothing to worry about. Just turn off USB debugging when not in use, use dev options to only give apps root access and not adb (not sure if it stops it in recovery as well) and don't lose your phone.

    Sent from my GT-I9000 using xda premium
    View
    1
    erpurohit
    erpurohit
    Supermannypr said:
    I have been wondering, how secure are android roms? What I mean is, if I should be worried about getting personal data stolen or any such thing concerning web surfing, online purchases, etc? Which is more secure? Stock Roms or cusom Roms? Any help would be greatly appreciated! Thanks!
    Click to expand...
    Click to collapse

    Grow up mate... :laugh:

    There are thousands of user who are enjoying custom roms and still you think it insecure...
    View
    1
    burakgon
    burakgon
    As a ROM Maker, I always care about every permissions for every single file. I everytime match everything true permissions but not 777 even if I fail 999 times.

    Sent from my GT-I9000 using xda app-developers app
    View
    1
    Eirwn
    Eirwn
    There is no motive from the developers. What should they get? Your FB passwords? And sell them to your girlfriend?
    View

New posts