Is it safe to install an banking app like ING Internet banking on a custom ROM?
Internet banking on custom ROM
- Thread starter swa100
- Start date
Oh my god. Just delete your post.
Sent from my GT-I9505 using XDA Free mobile app
Sent from my GT-I9505 using XDA Free mobile app
His question is less dumb then it looks. It's not that hard to build an keylogger or something into a custom rom. Most people here will install just about anything if it looks shiny.
Not to long ago we had a rooting method that was sending data to a server. People would still use it tough.
Always use your brain when you flash something.
In short: Yes it's safe to flash a custom rom.
I agree. This isn't a dumb question at all.
And here at XDA we don't jump on new members who ask questions. It's rude and makes this site an unwelcoming place. That's not what XDA wants to portray to new members.
This is a sensible question from a user who is properly investigating his risk for identity theft. That's a good question, not a bad one.
As for the answer, well like anything it all depends.
99% of all developers are good people doing good honest work. (And its' probably even higher than that) But there's always that one jerk who tries to take advantage of good trusting people. So you do have to watch out for that.
The main ROMs that are popular and have a long history are completely safe. Cyanogen, Carbon, etc etc etc. These are developed by teams of people who work together and are screened by the ROM dev team before they are allowed to become official maintainers of a ROM. Those are all almost completely safe.
The only place I'd be concerned is when you have a one off developer building his own ROM from source who's working alone. That's where the risk is. And again, 99.99% of those developers are honest. The risk is very minimal. But it exists.
But bigger than that risk is your keyboard. Are you running a third party keyboard? Developed god knows where by god knows who? Just something you downloaded off Google Play? That's probably a bigger risk. I'd never use a 3rd party keyboard to enter banking information. It's WAY too easy to build a keylogging system into a keyboard. That's where the keyboard selector switch comes in handy. You can switch to a stock keyboard quickly to enter banking info then go back to the one you like.
Again, the risk of a Keyboard downloaded from Google Play being a keylogger is low. Very low. But it could happen. And even though it's a minimal risk, it's a risk you should be aware of.
The biggest risk to running a banking app on your phone is losing the phone itself. If you lose it and someone gets past your lock screen (not the most difficult thing in the world) they have access to your banking app. So NEVER save passwords on your banking app. Enter it each time.
Oh my god, if youre a rich twat that doesnt mean people dont care about their hard earned money. Money is just not swag my friend.
His concern is genuine and please be nice to people out here. You dont own opinions and thoughts that people have. Everybody is as free here as you are. So kindly let people clear their doubts.
●Well devs are pretty nice here thus only download firmwares from their threads and no other site. The links mirrored by them or in their official threads are to be used and thus they also mention that do not create any other mirror link. Never doubt a developer here. People here are a family.
●Never root (as it was widely publicised here) via kingo and vroot or root genius, they take anonymous data and idk what all they do. They were banned by xda too. Vroot is still banned.
●Plus keyboards are only to be downloaded via playstore as google has a software called bouncer which regularly checks for malicious content and coding in apps. Though bouncer has been fooled, but google devs and execs are cool too
Plus a swiftkey team or the go team wont want a bad reputation. Because so many people trust them.
The only way to inject a keylogger in your phone is via other sources apps. Any app can have it. IMHO it is always better to pay for the apps than downloading the cracked versions from shady websites.
●Always have way of cleaning your phone online or oia sms or anything. Google administrator (app) provides such service and so does samsung.
Thus if it gets lost or something, you can always wipe it or lock it online or just by sending a sms.
The only way to keep you safe
Sent from my Ozcan GT-i9500 using XDA mobile app
Last edited:
Hey all, thanks for your reactions. I'm using the custom ROM from broodplank, a xda-recognized dev and I'm using SwiftKey.
I asked this question because I was indeed not sure if I should be afraid for keyloggers and stuff like that.
So, in conclusion, I should not be afraid and I could safely use Internet banking on this ROM, with this keyboard?
I asked this question because I was indeed not sure if I should be afraid for keyloggers and stuff like that.
So, in conclusion, I should not be afraid and I could safely use Internet banking on this ROM, with this keyboard?
Yes you can. Without a doubt.
But keyboard only from playstore. And rom only from XDA threads.
Sent from my Ozcan GT-i9500 using XDA mobile app
Thing is
Coming onto a developers forum and asking if we include keyloggers in our work is kind of offensive or if its safe to use our work with banking apps (which gives the impression he thinks people like myself are trying to steal his info)
The fact that a user thinks we would do that in an open source environment means the op has not bothered to educate themselves before doing anything
Coming onto a developers forum and asking if we include keyloggers in our work is kind of offensive or if its safe to use our work with banking apps (which gives the impression he thinks people like myself are trying to steal his info)
The fact that a user thinks we would do that in an open source environment means the op has not bothered to educate themselves before doing anything
I don't think you should see it like that. By flashing custom ROMs I think I show my trust in devs. I just have no clue how vulnerable these ROMs actually are.
After all, it's the safety of all my money I'm talking about.
After all, it's the safety of all my money I'm talking about.
He wasn't in a development thread. He properly posted in the correct general forum.
He didn't accuse anyone of anything, especially not you specifically.
He very well may not even know what a keylogger is and is just being reasonably precautionary to learn what the risks are before proceeding. And he may not believe that a rom developer would include malicious code but perhaps just wondered if a custom rooted rom was more vulnerable to attack by a third party after install than a stock closed source rom. (A legitimate concern because a rooted phone IS more vulnerable to attack if the user just grants superuser permissions to any and all apps that ask for it)
No specific accusations were made or devious behavior insinuated. So don't take his legitimate question so personally.
If it bothers you so much that anyone would worry about their bank account in a time when accounts get hacked regularly....try explaining why its not a major concern to install a custom rom.
Give a developer's viewpoint on what the risks could be and how you mitigate those risks by specifically not including malicious code. That would go along way to help nervous rookie modders feel comfortable about using work found on XDA. And it would go alot further than "my rom is safe because I said so".
Err..I never said anything about posting in a development thread...no idea where the first part of your post is in response to
I never stated he accused me of anything either
In your eagerness to correct me (and failing) you have gotten ahead of yourself
Its not down to me to give any viewpoints or any info about malicious code. This is a developers forum. Its down to the user to educate themselves
I never stated he accused me of anything either
In your eagerness to correct me (and failing) you have gotten ahead of yourself
Its not down to me to give any viewpoints or any info about malicious code. This is a developers forum. Its down to the user to educate themselves
you dont see the problem with that sentence?
Last edited:
Well there have been incidents when things like data leak have happened in XDA. Not because of you, the awesome developers, but because of the rooting methods and other methods and apps that were shared.
Keylogging is pretty easy, well atleast not that a task.
Thus talking about keylogging and other vilnerabilities is banned here too.
Plus when youre rooted, the vulnerability increases a bit.
That is why developers, mods and admins repeatedly explain and tell why warez and other sources apps should not be shared here. First, because you dont know what has been shared, with what coding and another point of condemning warez here is that you cannot just share someones hardwork for free here.
Example : KingoRoot, Vroot that were popular on XDA were banned by XDA Devs because of data leak that were reported and discovered by them. Mods and Admins are pretty cool you see.
If the OP wants to get educated and feel safe for a future relationship with XDA, I fail to understand why can't we just take this as a normal question and be done with clearing his doubts.
Everybody has doubts and they ought to be cleared.
Plus this is XDA, there are n number of sites replicating our devs work and you dont know what is coming for you next.
Thus, we were educating the OP how custom roms made uploaded on XDA are 100% safe and not how custom roms are safe. You as a developer are not being framed here.
Sent from my Ozcan GT-i9500 using XDA mobile app
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone