Hello everybody!
I have this doubt: Years ago I was a regular user of many ROMs on my different Android devices including an old Asus tablet and it was something that I enjoyed and that entertained me a lot.
A couple of weeks ago after several years without using custom ROMs, I installed this ROM but after a few hours, I returned to the original version of MIUI. The reason, a friend told me about the possibility of theft of bank information and passwords. That worried me a bit so I preferred to return to MIUI.
It's not a malfunctioning system but I love stock Android and how clean the system is.
I am not questioning here the reliability of the Rom developer, I just want your opinion as users regarding whether data leakage is possible, the use of back doors, or the inclusion of malware in the system. I know the source code is available but it is a huge amount of code to review.
Again, I just want to know how safe an official custom ROM is. I understand that the original systems send usage data but my main concern is this type of information (Banks and passwords).
Thanks for your help!
I would rather trust an open-source project like PixelExperience than closed-source MIUI that has built-in apps that cannot be uninstalled, you can't restrict their internet access, and they require you to agree to some shady terms of use, data collection etc.
I did some testing with firewall app Blokada; MIUI, even after debloating (removing) most of their preinstalled apps, constantly sends some data to domains like xiaomi.net and AWS.
On AOSP ROMs, with flashed Gapps, I've noticed that my phone was connecting to google servers once in a while; probably because it was syncing something in the background or something else related to google services.
On AOSP ROMs without Gapps installed nothing is being sent. That's what I personally like to use because I don't want my phone to send any data when I don't use it and the phone is sitting in my pocket. I don't have banking apps installed because it is easy to have your phone lost or stolen. For banking you can just use you bank's website. It should automatically log you off.
That is the safest route, but for some people it may be too much, especially when they're so dependent on Google.
tl;dr ---> Using
MIUI doesn't make your phone particularly safer. You just have to believe that their proprietary system and preinstalled apps aren't malicious, and they can't remotely connect to your phone and withdraw all of your money.
Custom ROMs are safe as long as they're well-known in the Android community and downloaded from official sources, or even better, built by yourself.