Monday, September 30, 2013

Are rooted and customized roms (android) secure?

I have rooted and installed custom roms on just about every android device I could get my hands on when I started to realize - how do I know if these custom roms are not installing a key logger in there or some type of malware or spyware? What about the rooting part?

Quick answer to my own question is I don't think so- I really don't think the developers would be interested in my FB, gmail, etc and what would be the incentive? It doesn't make a lot of sense. Plus the code is open source so if the code does contain something nefarious, other developers would have already pointed this out. Still, I wasn't sure so I figured I'd do some research just to be safe.

As for the rooting part, some would say that rooting and installing custom roms are completely different - I think while technically true, they are more like two sides of the same coin. You have to root to install a custom rom but you can root without installing a custom rom - but what would be the point.

So what's the verdict??

From my own experience - all my rooted devices are working and are working much better than the stock roms that came with it. stock roms come with a multitude of apps (bloatware) I don't need nor use but I cannot uninstall. Every time those bloatware apps asks for an update and I update, I swear my phone gets worse. If I don't update, it gets worse still. I couldn't even answer the phone because the screen would freeze!  I have not ran into those issues ever since I rooted and installed a custom rom. I also ran some AV scans on my phone and found no malware - no weird emails, no weird banking stuff - so far so good.

From what I have researched so far??

Yes and No. Confused?? let me qualify --

Well first, let's look at the rooting part. From what I have learned, data is simply not safe on rooted phones. Let's say you lost your phone and some asshole decides to power it off and take out the sim so you cannot locate it. Boots your phone into recovery, connects to it via adb, and dumps all your data to an .IMG file. He can repack it, flash his phone and now he has all your information. Sounds easy?? well its not. Well first, they have to have your phone - second the technical skills required to pull this off is staggering - you need a guy who is a resident XDA/rootzwiki developer and even then, its highly doubtful someone can pull it off. Technically it's possible but what's the point? You can encrypt your phone (android has this feature built-in) but it can still be cracked using freezer attack - freezer attack actually freezes your device to extract the encryption key from your RAM. Simply put, rooted phones are not safe but is it something you should worry about? Unless you have some wikileaks worthy stuff on your phone - No and if you do have that, don't put it on your phone.

What about apps? Apps that require root access cannot simply gain root access. You have to allow it. Apps in the google play store are scanned by google anyway

As for custom rom part - It depends on the ROM. Cyanagenmod, Paranoid Android, Slim Bean have widespread use and reviewed by many so I would consider it safe. These ROMs are based on Android Open Source Project (AOSP) and since it's open source, hundreds of developers see it and if there are any viruses or malware cooked in, it would have been found by now.  If anything, custom roms are safer than stock roms - what do I mean? Because of built-in apps like CarrierIQ. Security Researcher Trevor Eckhart explains


Here's the article from engadget http://goo.gl/dCkHv 

Evil stuff ain't it?? The only way to protect yourself is to install a custom rom!

What about google apps (gapps) and the play store? Are they safe? First, let's understand what gapps is. Due to licensing restrictions, custom roms do not come with Google's proprietary apps (youtube, play, talk, etc). These apps are closed source and comes directly from google. If it has any sort of malware in it, it would be Google not developers doing it. Developers are simply taking google's apk and packaging it to "Google-ify" your device. 

So there you have it - is it safe to root and install a custom rom? Yes and No - but I think the benefit outweighs the risk. So bottom line, do your own research and decide for yourself if it safe to root and use custom roms. Happy rooting!

1 comment:

  1. Did you know you can shorten your long urls with Shortest and get cash from every click on your shortened urls.

    ReplyDelete