Is there any secure custom roms or os?

[zgodig]

I wish to know if there are any custom roms or os'es that wouldn't touch my data using background processes that doesn't ask for permission to do so. Because these apps are either pre-installed or installed by me (which ask for permissions up front)? Or at least that I would be able grant app permissions when it needs them? It's like a real time permission request service.
Thanks.

 

[Eurofighter_ty]

I don't understand your question very well but I think you'll need an AOSP 6.0 ROM like the one made by Flashhhh beacuse AOSP is the most secure beacuse just Google modifies it and the developer (Flashhhh in our case). You can't make it 100 % secure beacuse you need to encrypt the partition and lock the bootloader. Encryption slows the device like hell and locking the bootloader with costum software cannot by made except if some of the great develoeprs of the falcon can reprogram the bootloader and the other low level bootloaders. Hardware encryption isn't supported on falcon I don't know why beacuse my Lumia 435 has encryption enabled via settings as you can see here:

And yes the device is as fast as with the option disabled ! So hardware encryption is supported on Snapdragon 200 and our device has Snapdragon 400. I don't know why but that's the life...I am also interested in a secure OS with encryption that can run on our Moto G without performance loss.

 

[zgodig]

I was really looking forward to cyanogen-mod, because it was looked as safe. But after I've read their DISCLAIMER stating "Modifying or replacing your device's software may void your device's warranty, lead to data loss, hair loss, financial loss, privacy loss, security breaches, or other damage, and therefore must be done entirely at your own risk. No one affiliated with the CyanogenMod project is responsible for your actions. Good luck." I changed my mind. I am paranoid about my privacy and security therefore this disclaimer put all my excitement and hopes to find privacy and security in their custom rom down. On the other had they're stating the things that could happen to my phone through the use of their custom rom, which I am thankful for their honesty and precautions. I was looking for official carbon rom, because of it's flexibility in customization and some other useful features, but sadly they don't support our device so yet again I was let down. Even if there is ports of it. Yet again my paranoia for privacy and security appears to be in action and I just can't help it when It come to it. It's my need and I believe it is everyone's need that sadly seems to be not met... even my keyboard sends data through background services... The more I see what android does the more I want to switch back to windows phone... it was easy to use, simple, and at least secure. I loved the thing that you could use one app for text messaging and social network messaging and I found it really handy feature. Android is highly customizable, but not as secure as WP. Also did everyone else noticed that Android version names are alphabetically ordered which could mean that they have plans up front for Z? Ohhh and google is in alphabet now...

 

[Hwyl.Fawr]

Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big

 

[zgodig]

Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big

Well yes WP doesn't have such feature as seeing what backgroung processes are active, what they're doing which should be a concern, but I think there are some devices that doesn't support multi-tasking which probably deals with the issue. Well the cyanogen mod does offer that security and frees you from app permission chains, but I don't want to rush on flashing it.
What about ubuntu os? They provide tutorial to port it for your own device which I am really interested in. But is there any advantages over cyanogen mod in terms of user privacy and security? Should I consider porting it myself or flashing a port made by community?

 

[lost101]

This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)

http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​

It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:

http://forum.xda-developers.com/showthread.php?t=2649763​

 

[zgodig]

This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)

http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​

It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:

http://forum.xda-developers.com/showthread.php?t=2649763​

Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.

 

[lost101]

Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.

As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.

 

[zgodig]

As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.

This is madness.

 

[zgodig]

Also

 

[zgodig]

This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)

http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861​

It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:

http://forum.xda-developers.com/showthread.php?t=2649763​

Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.

 

[minimale_ldz]

Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.

There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.

All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.

 

[zgodig]

There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.

All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.

I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!

 

[minimale_ldz]

I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!

Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.

The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.

 

[zgodig]

There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.

All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.

Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.

The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.

If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.

Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?

 

[minimale_ldz]

If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.

Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?

As far as I know relocking bootloader will fail if installed system is not original, but I'd ask @lost101 as he's got much more expertise in Motorola issues.

 

[_that]

You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone.

Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.

 

[lost101]

Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?

Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.

So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.

Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.

I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.

 

[zgodig]

Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.

So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.

Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.

I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.

Is it possible to make or do something that no one would be able to enter recovery mode without password or at least pin code?

 

[zgodig]

Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.

So encrypting the phone would help to protect data. In case of loost or stolen phone, the person would only be able to delete my data through recovery mode?
And what do you mean that after I'd get my phone back I shouldn't trust it?