[Q] Could someone make a custom ROM that steals personal information from users?

[johnny1178]

Recently I received a notice from Google saying that my account was accessed from Russia. I also recently installed a custom Android ROM onto my T-Mobile HTC HD2. I was thinking, pretty much anyone can take the Android OS, make a custom version, and release it for download, right?

If so, is it possible that the person who created the custom Android ROM also modified it so they could steal my personal information? I really do like the ROM I am currently using and would not like to switch if I don't have to, but this whole Google thing has me paranoid now.

 

[imheroldman]

I have had my facebook lock down a few times from that kind of thing. But never out of the country. Did you check if mock locations is enabled? Settings - Applications -Development. Not sure id that could be the issue, but it is possible it was your phone reporting as another location.

Sent by Supersonic!

 

[johnny1178]

Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me. I tried changing that Mock Locations setting, but it was already disabled. Just to be sure I haven't entered any of my new passwords into my phone yet since this last incident and I'm going to see if I still have problems.

 

[sublimaze]

Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me.

That's not good. Stay away from those warez & p0rn sites that end in ".ru"

Sent from my ADR6400L using XDA App

 

[sleeperzzz]

Watch out.
Are you sure google is sending these messages?

And does the mail contain a link for you to click on sayiong to change your password?

Alot of times the mail themselves are the scams. And are in most cases sent using the google account but from another server.
Could you copy paste the headers...leaving out your personal mail. In Outlook you can view this by opening the mail File->Info -> properties.
You should see internetheaders there.

Copy paste them. Dunno how to find them in Gmail havn't checked yet gonna see later how to view them in Gmail

 

[sharper00]

Anything is possible, someone making a ROM could put whatever they wanted in there.

It's probably not the most likely way your account would end up compromised though, it could be anything from random hacking to malware on your PC.

 

[arilsongomes]

Well, that's a good question. It's something that I wonder myself and that sometimes concerns me.

 

[johnny1178]

I have ESET antivirus installed and regularly do quick scans on my PC, but I suppose that wouldn't catch everything.

As far as the Google notice, it is not an email message. The notice appears in a red box with bold text at the top of my inbox when I sign into gmail, and I also checked the URL to make sure I was actually on Google.com.

I remember when I looking for ROMS to download, this particular build (can't remember the name) had the most thread views out of all of them at the time, so hopefully someone else would have noticed this issue by now if it was part of the build...

Anyways, thanks for your help. I'll try running an in-depth ESET scan to see if anything comes up.

 

[lude219]

I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.

 

[KennyCap]

I always thought about that. Just me being cynical I suppose. Some of these deevs just do it for the love

 

[feletoch]

I never thought of that before, maybe I should be more careful in the future..

 

[jozef710i]

Thank you gr8 idea...

 

[k_nivesout]

I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.

What are you doing where you'd really need to worry about that? Just seems like using an android phone without a google account would be a pain.