Custom Rom Security - Android Q&A, Help & Troubleshooting

I asked so many times and got no response... could someone explain me IF custom roms are secure or not? Im mainly talking about google account security.
Sent from Nexus HD

Up

Yes! You are even more secure with a custom room than with stock. You are perfectly fine. (Unless you download a rom on Windows from an untrusted dev and it contains a virus.) But that is highly unlikely. And only download Roms that people say "work"
~~~~~~~~~~~~~~~~~~~~~
Samsung galaxy s2
Rom: Jedi knight 6
kernel: Jedi kernel 2
~~~~~~~~~~~~~~~~~~~~~
And you thought celebrities weren't smart! =P

But thing i was thinking is :
Ok lets say... htc, could potentialy put an keylogger to soft BUT if ppl see it, well, they sell no more phones.
But a dev could put an keyloger and even if some one eventualy will find it, nothink happens, he dont get money from what he is doing and he also could be anonymous...

Possible, yes, but most devs here don't have any such nasty intentions. They're much more scrupulous than companies, mainly because they're doing it for the fun of it or as a hobby, out of their interest, and are not looking for profit. Donations are just a way for people to show their support and encourage development. You don't usually see a dev going around asking people for donations.
Sent from my Desire HD using xda premium

Yea... i understand however i just dont want to wake up one day and see that some one have access to my google account and i basicly lost all my apps, mail, G+... im sure you understand, it's pretty scary. Other than Custom Roms, i fear that some think like aahk (which i used to root my Desire HD) maybe source of future account security problems (also because they moved from xda).

Well if you're that paranoid then you shouldn't use custom ROMs or anything here on xda.
But that's not really a problem, because hardly any devs will do those kind of things. Also many devs completely open source their projects, and many of the big projects like CM and AOKP are open source too, with their source code fully viewable by anyone. So if anything funny was there in the code, people will find it. Custom ROMs are actually safer than stock in my opinion because they're very clean (google 'Carrier IQ'). Also, it is your responsibility as a user to be sure of what you're flashing/installing on your device. If you install some shady looking thing, then yes you might end up with problems, but if you read properly through the thread of what you're installing, read other people's posts and experiences and then go ahead, you'll have no problem. :thumbup:
AAHK is an excellent tool for unlocking the DHD. The developer attn1 was at one time a CM maintainer for this phone too. The reason he went away from xda was because of some argument with moderators. Most of the people here are anything but stupid. We wouldn't go around recommending AAHK to unlock the phone if it was insecure. Some amount of common sense and trust is required if you want to be part of this community and try out all the great ROMs and stuff. If you're that untrustworthy of even reputed developers, then you're better off with stock (though like I said, not safer. Read about Carrier IQ).
Also, regarding your concerns about Google accounts and services, some of the ROMs here like the Sense ROMs come with all the Google apps included, while most of the AOSP ROMs like CM, AOKP, codefireX need the Google apps (gapps) package to be flashed separately after flashing the ROM. The Google apps zip contains all the stuff from the initial Google setup of the phone to the parts required to sync Google account data and other stuff like Google Talk and Gmail. These are all closed source apps made by Google, so it's not possible to modify them and insert any code for nefarious purposes. They come as-is from Google. So regardless of which ROM they're being used with, they cannot be tampered with and your Google account data will always be safe unless you are victim to an email phishing scam or something like that.
Sent from my Desire HD using xda premium

Related

Malware in Custom Roms?

DISCLAIMER:
This is totally academic, and I only pose the question as that of mere curiosity.
In no way do I mean to accuse any developer here or elsewhere of intentionally or otherwise installing malicious software in our ROMs. Not trying to start a flame war or anything.
What is the possibility that a rogue ROM creator would or could install malicious content on one of our devices? What kind of things would we look for to indicate that our device may be compromised? Perhaps packet sniffing for the extra paranoid.
I am the type that, when I see something that doesn't look normal, I question it. That said, I am a very experience Linux, *BSD, and Solaris administrator; but my experience with Android is just blooming. So I might not know where to look in the Android filesystem, or know which processes may be irregular.
I did some Googling but haven't found anything to indicate this has happened before (thank God). Are there self-checks in Android to prevent this from happening? Call me paranoid, but I just like to know what's going on.
Do the "anti-virus" softwares in the App market actually help with this?
Again just curious. I heard about some apps on the Market that Google had to remotely erase. And I believe I am correct in understanding that Google isn't as restrictive with its applications as Apple.
Any takes on this?
Antivirus and Task killers all that are garbage and slow your phone down. You won't have to worry about that happening on this site.
It depends if he/she is an asshole...
The first "viruses" for android were because people were downloading paid apps on the internet, from some site in china, that had viri put into those apps that people were downloading.
Just dont get on the bad side of a dev.
adrynalyne said:
Just dont get on the bad side of a dev.
Click to expand...
Click to collapse
LOL! I'll make sure not to do that!
I know that task-killers are BS. I figured the anti-virus was a gimmick, too. As far as for self-replicating viruses on the phones I doubt that will occur.
I'm more worried about malware in the form of a sleeper-trojan that calls home with my personal phone information, or gets added to some jack-asses botnet for DDoSing.
That was a worry of mine when I first came to this site, but the dev's I download from I find quit professional. I have since just started to dig into roms trying to port them to the tb, and compare the contents and begin to see what is normally packed in the zip. I have never found a dev on this site attempt to introduce malware. I have seen some intro warz but the site immediately banned them. The site has banned devs for not giving credit were credit is due, and opening multiple accounts in a way to circumvent the system.
This site is great for all, and they do their best to keep everyone honest.
I've been here and ppcgeeks for nearly 3 and 1/2 years, both with winmo and android, and I have never had an issue. It seems that these sites really do the best they can to catch things before they happen. Personally, I can't say enough about our devs. They're great, and they do a good bit of work for people who are honestly not thankful enough to them. I personally don't think you will ever have an issue, as I haven't. And I download tons of stuff from here and other places.
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
I've always been curious of this myself. I am no advanced Linux administrator (yet), just an aspiring IT student. I would think the best people to ask would be the developers themselves, though.
funkybside said:
I think everyone is missing the OP's point. OP isn't asking if it's happning now or whether it's happening here.
Instead, the question concerns whether or not it's physicsally possible for malicious code to get executed after installing a custom ROM and/or kernel, assuming the developer of that ROM or Kernel was inclined to put some in there. Assuming it *is* possible, which I certainly believe it is, what if anything can be done by an experienced *NIX adminsitrator to be aware of it?
Is your only option to 'trust' the developer of the ROM or Kernel, or are there things we can do with a runnning android system to know how well the live code is behaving?
Click to expand...
Click to collapse
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Actually I believe it has happened at least twice. Once by accident, and once there may have been malicious code put into a rom that was set as bate for code thieves.
The first one was stupid, an update agent was left in the rom, and an update got pushed that loaded the phone browser to a certain site (it was not a bad site either). This effected a VERY minor few, as you had to have a certain version of a rom, and have rebooted over a very specific point in time.
The latter I will not go into as I do not know the specifics, or the validity of any of what happened.
g00s3y said:
No one is missing the point, the op asked if it can happen in roms/kernels/etc. Roms/kernels/etc for the phone are distributed here, therefore he is asking if it can happen here or anywhere that devs create these things for our phones.
BTW an experienced Linux admin should already know how to check for these things
Click to expand...
Click to collapse
Sorry if my post offended you and no disrespect intended, but I think you are mistaken. The question of whether or not something "can happen" is fundamentally different from the question of whether or not anyone is actually doing it. Also, saying that any "experienced Linux admin should already know how to check for these things" is in poor taste; it's a personal attack that adds no value to the discussion. The idea here is to address the OPs question as a purely acedemic thought experiment; there is no implict reference to the morality of the developers here...
Perhaps we should ask the same question in a differnet way:
If net-sec researcher working at SANS wanted to test expolitation vectors against their own personal HTC Thunderbolt. Is it physically possible for them to build a custom ROM and/or Kernel such that this custom module includes malicious code that executes automatically after installed on the device?
I'd be highly surprised if anyone claims the answer is no. If the kernel itself is custom, anything the hardware can do is fair game...
Concerning the question of how to know if anything is happening, since we're talking about the firmware itself, it would be difficult to do anything in userspace with confidence. To be really sure, you'd likely need to sniff traffic (both mobile and wifi) as well as physically monitor the hardware's debug output (and perhaps even the circuit traces themselves). With a comprimized kernel, you can't trust anything running throuh the operating system's APIs.
It's very doubtful that any reputable developer on XDA would do this. Impossible? No. But XDA is the kind of place where something like this would be discovered very quickly and spread like wildfire.
Now, some unknown developer, on a random website? While I havent come across this yet, I'd say: More likely.
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
funkybside said:
The question isn't concerning the likelihood of it occuring on XDA or elsewhere, it's specifcally about whether or not it is technically possible to do it.
I think we can infrer from everyone who is answering the unrelated question, i.e. Is it happening on XDA or anywhere else?, that yes, it is possible to insert malicious code into a ROM or kernel.
Click to expand...
Click to collapse
I think you are right. As long as there is superuser access, then basically anyone with su can pretty much to anything to your phone.
At least that's my take on it.
I'm new to android in general and XDA in particular, so please forgive my ignroance (and yes I will try searching), but this makes me wonder: Do the established developers of custom ROMs and Kernels release their source code? I'd imagine the same terms of the GPL that require HTC to release their source would also require anyone building custom Kernels to do the same. Is this also true for ROMs?
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
nerozehl said:
I am an experienced *NIX administrator, and that's what makes me so paranoid. This kernel source isn't coming from a CVS tree that is being scrutinized by hundreds of developers, at least not to my knowledge.
I know how code can be injected into a kernel, into a module, pretty much anywhere. Should I run a diff on the kernel source tree to see what was changed? Could do that, but that may be time consuming. I've seen innocuous kernel modules altered to allow a gateway for elevating to UID 0 (and in fact, more often in Linux than in others.)
I'm pretty confident that the folks here on XDA aren't doing anything malicious: the following of these ROMs are too popular and very fluid, and I would expect something malicious to be found quickly.
Again this is just purely academic.
Click to expand...
Click to collapse
Agreed that the liklihood of stuff here being questionable is low, but the simple fact that there is a non-zero risk certainly makes me think a little bit. You summed it up well and the examples are spot on - this is why I immediately wonderd if developers here are publishing the source code on their customized versions. Ignoring the GPL angle, its just good to know it's out there if it is, and by the same token, also good to know if it's not out there.
I have another question to add. I love miui, and to my understanding miui is made by Chinese developers and it is not open source, it is just translated and ported to our devices. If it is not open source, is there anyway to know for sure?
I am a little bit wary of the security, although I love the rom. I trust all of the credible devs on xda, however I don't know anything about the Chinese devs developing miui. Would the devs porting miui be able to see the malware if it isn't open source
Sent from my ADR6400L using XDA App
It is definitely possible. I read a paper a while back that I've been referencing in my own research where some researchers compiled some kernel modules to do malicious tasks in the background without knowledge of the user, mind you this was on an open source linux based phone system similar to android. Basically compiled in root kits, which replacing your kernel/rom w/ a community developed system would result in possibilities of this occurring. The primary solution to preventing these things from ending up on your phone as well as keeping the Trojans and other malware on the android market come down to the same thing knowing your publisher and being careful what permissions you allow. Like stick to kernels/roms from reputable developers on XDA, and make sure your "movie player" doesn't have access to your SMS system and you'll be fine
Mind you my own research currently is in detection of malware/malicous code & anomalous behavior. As well as hopefully prevention techniques eventually.

[Q] Audit of Root Exploits and Unofficial Bootloaders

Greetings XDA Forum,
This is a general question that should be in everyone's mind who might want to root a phone or tablet or any Android or other mobile OS device:
Is this root exploit or bootloader going to be spyware and collect any and all data of mine (login credentials, keylog my every character, account/bank numbers, identity information, use your evil imagination)?
So, I searched this forum for key words like "trust root" "secure root" "security" and found nothing related to this topic.
So, how am I to trust ANY of the root exploits or bootloaders created and posted to this forum for ANY device?
Have any of the developers developed an audit process using firewall rules to ensure that a posted root exploit or bootloader does not attempt to keylog, report captured information to some obscure IP address (thief/hacker's machine of course)?
Do any of these root exploits or bootloaders or custom unofficial builds of entire android (like Cyanogenmod and the 3rd party variants) get Security Audited?
How am I to believe that the whole lot of you making the root exploits and bootloaders are not a big community of identity thieves and financial fraudsters?
Am I just supposed to trust you?
Answer me that, folks
Aknor
I've never seen any root exploit that did as you say, if your concerned pick apart the code and look for this, I've never seen anything of the like
As for bootloaders, there are very few devs that actually make or tweak bootloaders as a misstep will nearly for certain result in a brick. Almost every bootloader you will find is made by the OEM, if its not, again feel free to pull apart the code and look for an issue, but I doubt it as this is far more advanced than most will ever become
As for custom ROMs, well this is the most possible out of all your worries, but again most ROM chefs here are not capable of inserting malicious code, and if its an official build of a major team (cm, aokp, slim, etc) you are damn near 100% certain there is no issue, as for random ports made in the former USSR by KGB spies, well just don't flash their ROM and you'll be fine
But of course no one is forcing you to root your phone, flash their bootloader, or download their ROM, so if youre the paranoid type just get an iPhone, at least they're upfront about most of their evil ways
Sent from my Nexus 4 using xda premium
demkantor said:
I've never seen any root exploit that did as you say, if your concerned pick apart the code and look for this, I've never seen anything of the like
As for bootloaders, there are very few devs that actually make or tweak bootloaders as a misstep will nearly for certain result in a brick. Almost every bootloader you will find is made by the OEM, if its not, again feel free to pull apart the code and look for an issue, but I doubt it as this is far more advanced than most will ever become
As for custom ROMs, well this is the most possible out of all your worries, but again most ROM chefs here are not capable of inserting malicious code, and if its an official build of a major team (cm, aokp, slim, etc) you are damn near 100% certain there is no issue, as for random ports made in the former USSR by KGB spies, well just don't flash their ROM and you'll be fine
But of course no one is forcing you to root your phone, flash their bootloader, or download their ROM, so if youre the paranoid type just get an iPhone, at least they're upfront about most of their evil ways
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Okay, I can see that on the boot loaders, but more than just a few make the root exploits and custom builds of cyanogen or android for many, many devices. So, how am I to pick apart the code of these projects when they do not provide the source code for the builds? How would I even trust those builds after they are built? They could slip some malicious code in that they intentionally do not show in the public repository for the code and no one would ever know.
Sure this sounds very paranoid, but no one has really answered how or if at all any of these builds of unofficial android or cyanogenmod or the root exploits or the bootloaders can/would be tested for malicious code.
Think of it, something as small and innocuous as a keylogger with a simple, non threatening name, and all the while, it logs your every username and password, credit card number, 3-digit security code, bank account numbers, anything. How bad would that be, eh?
Any you're not concerned these builds/exploits are not somehow security audited and we're all just supposed to trust them like blind sheep?
As more and more of these get built, it's only a matter of time before someone slips something like this into their build to take advantage of all those people who want to root their phone/tablet, or put an unofficial build of android on their device. Shame on that person who does it, of course, but to think somehow we could have audited the software and found out as a matter of course?
-- Aknor
Well there aren't that many root exploits and depending on the device you will be changing most if not all firmware and software directly after exploiting, but again just look at the code before you use it
As for keyloging etc from flashing a ROM, you would be surprised how many OEMs actually have somethings that many would consider malicious and or a brief of privacy.
As for a worry about flashing a custom ROM with bad code just stick to official builds or mod your own ROMs, no one is forcing you to flash anything in particular. But there are apps that are meant to look for malicious code. Feel free to use these to help protect you
I have flashed oh so many ROMs over the past 4 years or so and have never seen anything malicious, but I flash a lot of my own source built ROMs and mostly use ROMs on the higher end which tend to be from trusted sources such as recognized developers and people I work with. Also I'm not a paranoid person so I don't look into this sort of thing much, this means unfortunately I can't really give you much more than this
But best of luck to you and happy flashing!
Sent from my Nexus 4 using xda premium

[Q] Are Custom Roms Illegal, and why?

Hey people, how are you?
I was wondering out of nowhere: wait a minute, is this Rom legal?, replacing an Official Rom from the Provider for an Unofficial one that required Unlocking the Bootloader/Rooting the Phone/Flash the Rom is the same as saying that the Phone Protection was broken and it was an Hacking thing, and for making the Rom maybe there was some softwares that were illegally made or stolen from Official Android Version or stolen from Google or from someone.
So with this said, what do you think people? Having a Custom Rom on the Phone, is this Illegal?.
Please don't answer things like: you only void warranty.
Good answers i will give a 'Thanks' button press.
Cheers :good:
Crazy Seed said:
Hey people, how are you?
I was wondering out of nowhere: wait a minute, is this Rom legal?, replacing an Official Rom from the Provider for an Unofficial one that required Unlocking the Bootloader/Rooting the Phone/Flash the Rom is the same as saying that the Phone Protection was broken and it was an Hacking thing, and for making the Rom maybe there was some softwares that were illegally made or stolen from Official Android Version or stolen from Google or from someone.
So with this said, what do you think people? Having a Custom Rom on the Phone, is this Illegal?.
Please don't answer things like: you only void warranty.
Good answers i will give a 'Thanks' button press.
Cheers :good:
Click to expand...
Click to collapse
Android is open source and royalty free software, so anyone is allowed to 'fork' it and do their own thing with it, so that is not illegal, and does not involve stealing or anything else. Amazon uses it on their Kindle Fire in a heavily modified form and MIUI (which just made custom ROMS at first) now also makes phones with their version installed as standard.
The rules on XDA are very strict when it comes to using other people's work without permission and if a ROM contains software which should be paid for or is used without permission that ROM will be removed.
The protection the manufacturers build into their phone is to insure their phones operate the same for everyone and so they can guarantee they can fix it when there is a problem with it.
Apple used to claim that 'jailbreaking' the Iphone was illegal according to their terms and conditions, but a Judge in the United States ruled that when a user buys a device, the user owns it and is allowed to do with that device whatever he wants, essentially meaning that jailbreaking (getting around the phone's factory installed protection mechanisms) is legal.
However, the manufacturer cannot be held responsible if a user does something with that device that the manufacturer did not intend.
That is why you void your warranty when you get around the inbuilt protections.
So, in short: Not illegal in any way, but it is at your own risk and for your own responsibility.
So does that mean that also The GB roms for this phone have legal apk's in it? Confused because of the apk's like: Latinime.apk 'keyboard from xperia x10 mini pro original, i don't know if that is considered stolen from original Firmware' and Gapps 'there are option to flash gapps, and somewhere it says that gapps are illegal on roms unless there is permission.
So breaking the phone protection is not considered a hacking thing right?.
There are country's where unlocking phones are obligatory on the store without charging more from it, so i guess that phones should always be unlocked everywhere, but if someone unlocks a phone not in a store is it legal? Well apparently it is.
That's why i asked also on another thread about the original android that came with the phone, because if the phone went to repair they could know that it was my fault since the firmware isn't the original that came with the phone, or am i wrong?.
So, in short: We're all on our own risk and responsibility, and nothing's illegal unless there was a paid apk on the rom.
Thanks for your answer here and on the other thread mate Cheers :good:
Crazy Seed said:
somewhere it says that gapps are illegal on roms unless there is permission.
Click to expand...
Click to collapse
As far as I understand it, Gapps can't be distributed with a custom ROM, e.g. bundled with it. It's a licensing issue. That doesn't make using them illegal, you just need to flash them separately.
However, the whole thing about what's legal and what's not can sometimes take some bizarre turns that defy logic... For example, take the recent decision of the US Library of Congress to make a cellphone unlocking a violation of the DMCA, and therefore, illegal. First off, the DMCA itself is a bull$h!t, if you ask me, but that's just my opinion. But what the hell does the Library of Congress have to do with it? What kind of authority they have over the matter, anyway? Well, the real lawmakers passed the bill that actually allows the unlocking, so common sense prevails this time, but you never know...
kt-Froggy said:
As far as I understand it, Gapps can't be distributed with a custom ROM, e.g. bundled with it. It's a licensing issue. That doesn't make using them illegal, you just need to flash them separately.
However, the whole thing about what's legal and what's not can sometimes take some bizarre turns that defy logic... For example, take the recent decision of the US Library of Congress to make a cellphone unlocking a violation of the DMCA, and therefore, illegal. First off, the DMCA itself is a bull$h!t, if you ask me, but that's just my opinion. But what the hell does the Library of Congress have to do with it? What kind of authority they have over the matter, anyway? Well, the real lawmakers passed the bill that actually allows the unlocking, so common sense prevails this time, but you never know...
Click to expand...
Click to collapse
I think there were some roms with the gapps inside, but without them bundled it's all legal then .
Luckily i unlocked my phone on the store so i don't have problems with these stuff, i was more concerned about if the roms use Illegal software in it, gapps you tell me now that it isn't legal if we flash them separately, so i guess that what remains on my question is if the keyboard LatinIme.apk is legal since it seems to be like the original used on the Stock Android version that came with the phone, i don't know if there's any other software that i can ask if it's legal or not. In logic, Rooting and flashing would be illegal because it's like 'Hacking', but in the Law and stuff if it's legal then it's ok by me.
Thanks
Cheers :good:
Crazy Seed said:
I think there were some roms with the gapps inside, but without them bundled it's all legal then .
Luckily i unlocked my phone on the store so i don't have problems with these stuff, i was more concerned about if the roms use Illegal software in it, gapps you tell me now that it isn't legal if we flash them separately, so i guess that what remains on my question is if the keyboard LatinIme.apk is legal since it seems to be like the original used on the Stock Android version that came with the phone, i don't know if there's any other software that i can ask if it's legal or not. In logic, Rooting and flashing would be illegal because it's like 'Hacking', but in the Law and stuff if it's legal then it's ok by me.
Thanks
Cheers :good:
Click to expand...
Click to collapse
I think the LatinIME is the google keyboard, the one that came with the phone was the suqashiinput.apk, and I don't think Sony is too concerned if you use the programs that came with the phone on that same phone.
Sony would be in it's right to take down any ROMS that infringe on it's copyrights, but they don't, they have even taken steps to make it easier to use custom roms on their phones, so I don't think you need to worry about that.
SmG67 said:
I think the LatinIME is the google keyboard, the one that came with the phone was the suqashiinput.apk, and I don't think Sony is too concerned if you use the programs that came with the phone on that same phone.
Sony would be in it's right to take down any ROMS that infringe on it's copyrights, but they don't, they have even taken steps to make it easier to use custom roms on their phones, so I don't think you need to worry about that.
Click to expand...
Click to collapse
Lol you're right i switched the name of the keyboards xD, but none of them is illegal apparently
So with all of this said, custom roms doesn't mean 'hacking' and therefore not illegal, right? I think my question is fully answered now then, thanks mate
Cheers :good:
let me jump in and share my thoughts. hacking has 2 categories (i think), developmental and the other one i call destructive (i dont need to explain the difference, do i?) like previously stated, any licensed and paid apk if bundled with the rom is illegal including the gapps. thats why gapps is flash seperately (see the bold thing is what makes the difference). i dont know about manufacturers allowing their default apks to be used and distributed by cookers but maybe they see its a good thing rather than being pestered by consumers about having an upgrade of the old phones. i have an htc and xperia and both offers bootloader unlocking feature/tutorials, which i think they know why we are unlocking it. they are aware and support it. maybe they are looking for apks that could help their brand soar. who knows, when you develop one and they buy them.
:laugh:
demoniacs said:
let me jump in and share my thoughts. hacking has 2 categories (i think), developmental and the other one i call destructive (i dont need to explain the difference, do i?) like previously stated, any licensed and paid apk if bundled with the rom is illegal including the gapps. thats why gapps is flash seperately (see the bold thing is what makes the difference). i dont know about manufacturers allowing their default apks to be used and distributed by cookers but maybe they see its a good thing rather than being pestered by consumers about having an upgrade of the old phones. i have an htc and xperia and both offers bootloader unlocking feature/tutorials, which i think they know why we are unlocking it. they are aware and support it. maybe they are looking for apks that could help their brand soar. who knows, when you develop one and they buy them.
:laugh:
Click to expand...
Click to collapse
Be my guest then xD. As long as the Hacking type isn't the Bad One/Illegal One then that's fine xD.
I don't know about that one either, because it's true that the keyboard apk came with the phone, but that keyboard is being used in a 'Unofficial' Android Version not created by them but yes by someone else, i don't know if they allow it like that even if it is for the same phone.
Yes in reality they know everything we do, and everyone knows about hacking and cracking but No One does a damn thing about it xD.
I think Sony should buy Android 2.3 from this website and perfect it for our phone, but i don't see that happening xD, i would say Android 4+ but it's too much for this phone xD.
:laugh:
Crazy Seed said:
Be my guest then xD. As long as the Hacking type isn't the Bad One/Illegal One then that's fine xD.
I don't know about that one either, because it's true that the keyboard apk came with the phone, but that keyboard is being used in a 'Unofficial' Android Version not created by them but yes by someone else, i don't know if they allow it like that even if it is for the same phone.
Yes in reality they know everything we do, and everyone knows about hacking and cracking but No One does a damn thing about it xD.
I think Sony should buy Android 2.3 from this website and perfect it for our phone, but i don't see that happening xD, i would say Android 4+ but it's too much for this phone xD.
:laugh:
Click to expand...
Click to collapse
In the end, Sony would rather sell us a new phone, but they (or anyone else for that matter) don't make phones like ours anymore.
But I think, with the work Google has put into KitKat, it should run better on our phones then ICS or JellyBean, so it's kind of a shame we don't have developers capable of porting it anymore.
That said, I still think it's very cool we've got Jellybean ROMS that run ok, and I'm very grateful for all the effort that has gone into development in that respect, even if it's not as fast as Gingerbread ROMS or even the original firrmware.
Let's just finish by this: If it was all illegal, then XDA wouldn't exist anymore, it would have been litigated out of existence by any of the big phone-manufacturers or phone-operating-systems-producers.
SmG67 said:
In the end, Sony would rather sell us a new phone, but they (or anyone else for that matter) don't make phones like ours anymore.
But I think, with the work Google has put into KitKat, it should run better on our phones then ICS or JellyBean, so it's kind of a shame we don't have developers capable of porting it anymore.
That said, I still think it's very cool we've got Jellybean ROMS that run ok, and I'm very grateful for all the effort that has gone into development in that respect, even if it's not as fast as Gingerbread ROMS or even the original firrmware.
Let's just finish by this: If it was all illegal, then XDA wouldn't exist anymore, it would have been litigated out of existence by any of the big phone-manufacturers or phone-operating-systems-producers.
Click to expand...
Click to collapse
Or we could always buy Xperia Mini Pro 'difference is not very big beetween them', but it's a little expensive and the benefits are almost nothing since Xperia Mini Pro x10 has great quality in Music, Image, Video with the only letdown being the Android Version + CPU capacity.
Yes Kit Kat should run better on our phones, but it's also true that right now there's nobody capable of porting it to our phone :S.
Respect and Thanks for the efforts on the ICS Jelly Roms, and call me crazy but i think that if someone could fix some bugs from the ICS version then it could be perfect since almost everything is working, Jellybean is more difficult because of the Audio drivers for Sound quality making it almost impossible.
Yes they could finish this website if they had the rights to do so, apparently there's nothing wrong with custom roms so it's all ok, but it's also true that sometimes even if something is illegal people just close their eyes 'just like in piracy, everyone downloads songs movies etc and nobody does a damn thing about it because they know it's a fight they can't ever win'.
So with all said, everything is apparently legal and ok to go .
No, they're not illegal. Android is an open source community, as long as you conform with legal policies, you will be good to go!

Are all custom roms slowly dying?

I notice quite a lot of rom threads are being closed...
only a few are being updates while lots were lasted update near the beginning of the month...
Lol.. There are too many roms already and almost all of them are very stable. So why do we need nightly/weekly updates if we have something like pure nexus or chroma running solid? Custom roms will live forever especially for nexus devices.
Sent from my Nexus 6P using Tapatalk
Another one was added today. I'm patiently waiting to see if pure nexus appears with cmte. Its in the works.I hear
No end in sight! This is XDA ftw!
Today is a terrible, terrible day.
We lost an absolute gem
Soulfly3 said:
Today is a terrible, terrible day.
We lost an absolute gem
Click to expand...
Click to collapse
You mean with cataclysm, there is a cached page about his final words, I hope he still continues
http://txt.do/57rjs
Ref
https://www.reddit.com/r/Nexus6P/comments/42v96a/cataclysm_threads_closed_by_mods/
The community legit doesn't deserve for him to continue.
His threads would literally make me sick the way ppl treated him. The way they DEMANDED alterations as opposed to asking. The way they asked over and over, despite his firm NO.
I'm gonna miss the hell out of his ROMs. The best. If some major changes happen, maybe Ill move to Pure Nexus, but for now... and a long while... I think the latest Cata mod will be on my phone.
This community truly sucks, sometimes
This has definitely been true for non-Nexus phones. I was big into LG phones, I had the G2, G3, and G4 (all on Verizon). The G2 had tons of development, both stock and AOSP ROMs, and the G3 was similar but noticeably less. The G4 has been non-existent. I remember the days when virtually all phones were rooted and unlocked by devs, with lots of custom ROMs, but this seems to be going away very quickly. Now it's likely if you buy a non-Nexus device, it won't get root at all, let alone custom ROMs.
Looking at the 6P development, I see what you're talking about. Lots of ROMs that started when the phone came out have ceased getting updates, and you only have a handful of solid ROMs to choose from.
I wouldn't be surprised if custom roms are a dying breed. IMHO part of it is that Android is slowly moving towards getting the basic feature set and UI tweaks that people want, and more manufacturers are trimming down their bloated UI's (some exceptions obv, unnamed). But also --- this may sound cynical, but just from my own observation: Many of these enthusiast-worked/powered/funded projects are far too often met with self-entitled users (in the very literal sense of the word) who think their use of the rom/software/art/w/e entitles them to complain endlessly about every little thing and every minute lack of an update (or desired/demanded feature) for what is usually a free or donationware product. Not to mention the people who are too careless/hasty to follow instructions and end up bricking their devices, only to blame the devs and spew a bunch of vitriol. I don't blame anyone who quits at all.
republicano said:
You mean with cataclysm, there is a cached page about his final words, I hope he still continues
http://txt.do/57rjs
Ref
https://www.reddit.com/r/Nexus6P/comments/42v96a/cataclysm_threads_closed_by_mods/
Click to expand...
Click to collapse
That's one breathe taking letter! Wish him the best and this Developer will be missed by XDA...
I love custom ROMs!!! I remember when I unlocked my first smart phone the first evo and I found the perfect stable ROM for it...now every time I get a new phone I find myself searching for a ROM I think it makes whatever handset you're using perfect. Thank you to everyone that takes the time to develop
the past roms I used, have not closed down.. Cataclysm was the second rom I used and liked...
I try not to use any roms that are CM based.. lol.. not sure why... I like the AOSP based roms better...
XDA has been going downhill for years now. Seen some amazing devs and funny members just up and leave over the years for this very reason.
Sent from my LG-H815 using XDA Free mobile app
Every ROM will meet its end some time... Beanstalk disappeared. Avatar halted. AOKP is no longer active. ParanoidAndroid and PACman had gone big in form but small in functionality and usefulness. Even CM, with Google incorporating more and more changes into each new Android version and limiting features these ROMs can touch, might die out someday.
Sent from Google Nexus 6P @ CM13
[WARNING: XDA One have not implemented "mark forum as read" - do not use]
Yeah some people here do not understand devs do this in there free time, for fun theycowe you nothing and you are very privileged to be getting such incredible free software. This upsets a lot if devs and makes them leave the community.
I stopped publishing my own approach of a ROM after I got rid of my old Samsung Galaxy S3 and moved on to Nexus devices. I'm happy with a customised Stock based ROM which suits me well. I'm not sure if anybody else would be interested in it since the Nexus forums offer a great number of custom ROMs, some of which are filled with extra stuff. I can somehow understand the guys who stop publishing their work. I never asked for donations, in fact I don't have a PayPal account linked to my profile Maintaining a ROM is a huge effort, especially if you're on your own and not part of a team.
ROMs are no longer needed plain and simple. Back in the hay days of ROMs, Galaxy S2 and 3, HTC EVO, ROMs were a necessity considering how badly optimized phones were back then.. running great software with horrible specs. Developers made the phone a lot better... I still remember the days of running Viper ROM on my samsung epic on the Sprint network.. those were the days.
Fast forward today I'm going on two years without flashing a ROM and reality is I see no need for it.
I pose a question to the great Nexus community, what's the purpose of flashing ROMs when the device runs perfect out the box?
Sent from my LG-H811 using Tapatalk
Root is a must for me since it allows you to get rid of some unwanted Google Apps (eg Google+, Google Play Games etc), use a Adblocker and special Apps like eg Titanium Backup or LMT
Custom roms, with the exception of a select few, have always been highly overrated imo. Most of them take software that is already created, debloat it (which we can do ourselves) and add some features that anyone can get through xposed, etc.
I used to always laugh when people would jump in a rom thread with outrageous claims like their battery life doubled, it's 100x smoother than stock, etc. Placebo effect runs high on custom roms imo.
With that being said, I've flashed just as many roms as most of you. I still see the value in some of them.
But as other people have said, it's just not as necessary anymore. As long as you can root, you can debloat, add xposed if you wanted, etc.
Doesn't seem to make as big of a difference as before.
Yeah it's not how it used to be and that probably for the better, most anything you could want can be done through Xposed and a custom kernel. While most custom roms are more stable than they were in the early days(seems to have more to do with a more stable aosp), there isn't much incentive and there are often still bugs. It's not because devs are bad at what they do, but building a stable rom requires a team of people and testing environments that people just don't have at home. Early in the days of windows mobile and Android roms were very poorly optimised out of the box, but it'd not really like that anymore.
Sent from my Nexus 6P using Tapatalk

Trustworthy sites for downloading roms and lineage OS

You have to trust the source where you get your os from. Its known that middlemen insert malware into smartphone firmwares before sale. But if you flash your rom yourself then you have to trust the downloadsource. I searched a lineage or /e/ os rom for galaxy s4 mini and found this site: "lineageosroms com /s4-i9192/" ( I cant post links because i am new here) I doupt that this belongs to LineageOS, because on the LineageOS site there is no download for this device. My question is, what sources are trustworthy, which not? What about the unofficial roms on XDA Forums? What can i do or should not do with a not so trustworthy rom? Insert Sim Card? Chat about personal life, take personal pictures, banking, buying stuff etc. .. And what about old firmwares which do not receive any updates anymore, are there some rules to follow which make the device save although the rom is old?
handynoobinator said:
You have to trust the source where you get your os from. Its known that middlemen insert malware into smartphone firmwares before sale. But if you flash your rom yourself then you have to trust the downloadsource. I searched a lineage or /e/ os rom for galaxy s4 mini and found this site: "lineageosroms com /s4-i9192/" ( I cant post links because i am new here) I doupt that this belongs to LineageOS, because on the LineageOS site there is no download for this device. My question is, what sources are trustworthy, which not? What about the unofficial roms on XDA Forums? What can i do or should not do with a not so trustworthy rom? Insert Sim Card? Chat about personal life, take personal pictures, banking, buying stuff etc. .. And what about old firmwares which do not receive any updates anymore, are there some rules to follow which make the device save although the rom is old?
Click to expand...
Click to collapse
The only official site for LOS is this one: https://download.lineageos.org/
You can find over the internet some unofficial websites, with unofficial LineageOs Builds. Idk about them being 100% safe, but Lineageos has its own privacy features, that may prevent (not at 100% obviously) virus to be silent. On XDA, and especially for popular devices (like yours), unofficial build can be trusted. Because a lot of people download them, and if there is something suspicious with the build, it will be soon called out, and the developer banned. So I'd say unofficial build in XDA can be trusted, outside of xda it's more hazardous, and the official build can be trusted eyes closed. If you don't even trust devs donc XDA, you can always make one build from your device tree in GitHub. It's free, and just requires a 64-bit Device (PC).
Thank you very much for your advice. I have a similar question. I dont like the Playstore, because i dont want to have to login in order to install an app. I use playstore download tools like "apkcombo com apk-downloader" or "apps. evozi com apk-downloader" to create download links. Or Mirrors like APKPure or appsapk.com. I know its easy to bind malware to a program, and it can be cryptet so a virus scanner is not able to detect it. Is there a way to verify these apks? The most easy way i could think of would be a list with the program versions with the correlating md5sum, then i can create the md5sum and see if its the same. Further Question: why are mostly the big phones with the big screens supported by linage os? Because the small phones arent used to surf the internet very much and an old firmware doesnt matter in this case? I like the small phones better.
handynoobinator said:
Thank you very much for your advice. I have a similar question. I dont like the Playstore, because i dont want to have to login in order to install an app. I use playstore download tools like "apkcombo com apk-downloader" or "apps. evozi com apk-downloader" to create download links. Or Mirrors like APKPure or appsapk.com. I know its easy to bind malware to a program, and it can be cryptet so a virus scanner is not able to detect it. Is there a way to verify these apks? The most easy way i could think of would be a list with the program versions with the correlating md5sum, then i can create the md5sum and see if its the same. Further Question: why are mostly the big phones with the big screens supported by linage os? Because the small phones arent used to surf the internet very much and an old firmware doesnt matter in this case? I like the small phones better.
Click to expand...
Click to collapse
Instead of Play Store download tools consider to use the Aurora Store (an unofficial OSS Play Store client) by @WhyOrean as I and many other privacy concerned XDA members do.
handynoobinator said:
Thank you very much for your advice. I have a similar question. I dont like the Playstore, because i dont want to have to login in
...
with the big screens supported by linage os? Because the small phones arent used to surf the internet very much and an old firmware doesnt matter in this case? I like the small phones better.
Click to expand...
Click to collapse
Can confirm, Aurora store is a good value.
And LineageOs (and other ROMs) support popular devices, which are now bigger screen phone. I got to say tho, I think that the mini form factor of the iPhone 12 Mini revived a nostalgic feeling for actual small phones. So I guess that in 2021 some flagships will adopt this form factor and you'll have a community, and ROMs to interact with.
And IMO, small phones have always been the more "mature taste" lol. No seriously, I miss them, and I don't wanna get myself locked in iOS (although it's a pretty good OS)
Thank you very much for this tipp! I will try Aurora store in the near future. Further Question, why is only android on XDA and not ios? I suppose Apple keeps everything closed and there is no community other than the jailbreak stuff. I have an old iphone 5c, i bought it for cheap to see what apple devices are like. I cant recommend apple, because you have to give all your data in order to install free apps, and even contact the support, this is ludicrous! You cant store files on the device, you have to use itunes to get music on the device, its really not pleasant, the only thing you can do is to download your pictures on windows or linux. I am new to smartphones and i dont know very much about them yet, is there a way to bring this iphone to use? Store files like pdfs on it and install apps without the apple appstore? Only a safe way, without the risc of viruses or malware.
handynoobinator said:
Thank you very much for this tipp! I will try Aurora store in the near future. Further Question, why is only android on XDA and not ios? I suppose Apple keeps everything closed and there is no community other than the jailbreak stuff. I have an
...
appstore? Only a safe way, without the risc of viruses or malware.
Click to expand...
Click to collapse
Once there was a xda-developers' sister site called "iphone-developers.com" which is dead as of now.
But the "good" new is that XDA has its first iPhone forum recently. It's the iPhone 12 Forums.
If you're still new around xda, you may check a thread I made to introduce users (originally iPhone users) to xda (https://forum.xda-developers.com/apple-iphone-12/how-to/welcome-hello-iphone-users-quick-t4180667)
It's also very important to read the rules, make sure you do that (link is in my signature).
Also, I don't know much about it but you can jailbreak iPhones and install .ipa files on them. Idk if it's safe and virus free tho. Jailbreak uses an exploit, whereas here on android google let users do this freely, with proper tools (I'm talking about root of course).

Categories

Resources