This in my honest opinion is a excellent idea. And wish they would of done it along time ago.
Many of you may not give it a second glance, but among all the furor and concern about permissions requested by market apps and privacy, all Custom ROMs (CyanogenMod included) ship with one major security risk — root!
We have been struggling with how to handle this for quite a bit, and took a first step with the first public CyanogenMod 9 alpha builds, by disabling the previously-default root access over USB. You can still get adb root access by running “adb root” in terminal, should you ever need it.
We recently merged 3 patches into CyanogenMod 9, to further address this: http://goo.gl/eCjDV http://goo.gl/oWAFI and http://goo.gl/34vai.
What follows is an explanation of the changes, how they affect you and our reasoning behind them.
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
Code:
Disabled
Enabled for ADB only
Enabled for Apps only
Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestly believe there are limited uses for root on CyanogenMod, and none that warrant shipping the OS defaulted to unsecured.
Click to expand...
Click to collapse
Hope it works out for them, I think it's a pretty good idea.
Sent from my HTC Glacier using xda premium
It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA
THEindian said:
It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA
Click to expand...
Click to collapse
1) it's a setting in the OS, you either pick ADB only / APP only or / Both
2) you still physically still have root access. You'll still have s-off, and have SuperUser in the /bin or /xbin file system.
3) this just allows people who what Cyanogen Mod on their phone to get it w/o having to worry about security risk of applications running SU access and damaging something.
4) this could/may/will pave the way for OE manufacturers to incorporate a similar feature into their OS shipping from the factories.
i actually find this a good idea for new comers, so that they don't mess up their devices
I'm glad to see this. Needlessly running with root access at all times can be a big security issue.
THEindian said:
It better be easy to reactivate because last time i checked, you need root to change ur rom
Sent from my HTC Glacier using XDA
Click to expand...
Click to collapse
not true, all you need is custom recovery which can be flashed via fastboot, i have s-on with cwm recovery and went from stock rom to ics
edit: + This is a good approach for newcomers
Related
"Give a man a fish and he will eat for a day. Teach a man to fish and he will eat for a lifetime.”
What i am trying to say is if someone can lay down the foundation of Rooting an Android Device. I am not talking about any specific device, or the different Methods of Rooting (i.e. through recovery, through script, etc.) I am speaking about what file systems/files are being modified, replace, etc?
From what i understand Android release their OS's rooted, then third parties, (i.e. Samsung, Moto, Tmobile etc) take those releases and make changes. What changes do they make besides the themed, and service ones? the changes that unroot the phone.
If you wish you can lay down the foundation of sudo/su thats cool. However, i am not asking for the history of it.
Side Note:
Pls no trolling.
Posting comments like- "you shouldn't try this..", "Leave it to the experts..", and "You're going to break your device..." are Un-Welcome.
Thanx.
Rooting my touch 4g benefits or drawbacks
I wanted to find out if there are things that work differently like the market or other things if you root a phone. What are some of the benefits to rooting? I want to use my phone as a wifi hotspot for our computer without paying for it. Is that only possible with a rooted phone? Is a phone able to be unrooted if it needs to be? Thank you for your help.
rooted the HTC BEE WILDFIRE CDMA
i have rooted the HTC BEE WILDFIRE CDMA. it is different than the HTC BUZZ WILDFIRE GSM. using the [APP]SuperOneClick v1.5.5 (Root, Unroot, Enable Non-Market App, Get UNLOCK code)
now i cant find a recovery img that will work can any one point me the right way. there is no thread in for this phone.
There's nothing fundamentally changed when you root your phone. Make yourself familiar with Linux security and you're (almost) done. Your phone executes under the control of this model, be it rooted or not. In an unrooted phone, there are nevertheless a lot of processes running with root privileges so of course there's a "root" in an unrooted phone. But it is not available to the normal user, only to system processes.
The only difference is that on a rooted phone there is a way for a non-root process to acquire root privileges, i.e. run as root. That's just about all. Except for some, umhh, minor thing: You cannot install the program required to do so (e.g., su) as long as you're non-root. Only root can install any piece of code which changes the current user into root. Apps run as their own user (to each app, a separate user "account" is assigned, none of those having root privileges) and so can't install such a thing, at least not normally.
Some trick is needed (running an exploit, changing the ROM) to achieve this and this is what makes rooting such a tricky thing.
The fundamental thing to understand what is changed when you root your phone (and that barely anything changes really) is the Linux user/group security concept. It's all open, there's no hidden secret.
mizch said:
There's nothing fundamentally changed when you root your phone. Make yourself familiar with Linux security and you're (almost) done. Your phone executes under the control of this model, be it rooted or not. In an unrooted phone, there are nevertheless a lot of processes running with root privileges so of course there's a "root" in an unrooted phone. But it is not available to the normal user, only to system processes.
The only difference is that on a rooted phone there is a way for a non-root process to acquire root privileges, i.e. run as root. That's just about all. Except for some, umhh, minor thing: You cannot install the program required to do so (e.g., su) as long as you're non-root. Only root can install any piece of code which changes the current user into root. Apps run as their own user (to each app, a separate user "account" is assigned, none of those having root privileges) and so can't install such a thing, at least not normally.
Some trick is needed (running an exploit, changing the ROM) to achieve this and this is what makes rooting such a tricky thing.
The fundamental thing to understand what is changed when you root your phone (and that barely anything changes really) is the Linux user/group security concept. It's all open, there's no hidden secret.
Click to expand...
Click to collapse
thanx for taking the time to write this but i am hoping for something alittle more descriptive.
I've got an HTC Desire and want to root it in order to install some lag-fix to make smoother.
Question is: will rooting affect the updates I get from HTC?
Sent from my HTC Desire using XDA App
Dear XDA users,
I am looking to find a really secure rom. I dont want to run OEM corrupted roms which do gods knows what. I have googled for a good bit and I have found some areas which are interesting from a security perspective. However, there does not seem to be a holy grail when it comes to a secure rom at the moment. Paranoid Rom sounded oh so promising but has no additional security related features. Cyanogenmod is a nice custom rom with root disabled by default, which is a great improvement and makes it interesting as a secured non-OEM rom. You also have the NSA developed SE Android rom which you need to compile yourself but comes with a great list of additional features.
Can anyone recommend me a rom which is build to be secure?
Also lets have a discussion on features which you would like to have in a secure rom:
Hidden-TrueCrypt partition on SD card.
Fully encrypted memory
Password protected recovery
Tor network enabler with apps for the various anon services on onion networks (such as torchat, onionmail, etc.)
Location scrambler
Strict firewall with easy enable/disable mode
Remote lock-down
First question. Why?! Are you a spy or something?! There's nothing wrong with standard ROMs. There are antitheft apps available that can remote wipe the entire device including SD card if its ever lost or stolen. I can't think of any reason why you need that level of security on your device.
I believe a truecrypt partition can be mounted on the SDcard. As far as hiding it goes, I'm not sure.
As far as password protecting recovery, there's no tweak/hack for it. I understand the security concern with someone meddling with your phone and flashing a rom but it's called 'recovery' for a reason.
I believe tor is available for Android.
You can spoof your location with several apps. Wouldn't hurt to google it.
Cerberus can remotely lock-down your phone, retrieve contacts/call logs from a sim, etc...
Try compiling your own rom and cater it to your needs.
Whoa, why would you need that much security? I do suggest creation of your own Rom as mentioned this way all you're security needs can be met.
Sent from my Sensation Z710e using xda premium
privacy
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
My name is Bond. James Bond.
To answer your question no you cannot have that kinda ROM here. Root disabled?? pretty much every ROM here has it enabled. GPS can be disabled with one click. I'd suggest SIM lock through phones security settings, face lock for apps pro from the market and a nice cold beer to make you less paranoid. No offence but not even presidents want that much security.. Its a phone..
hjfkuiper said:
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
Your network provider is never going to know you use recovery or that you can gain access to your system partitions. They're not going to know you use root apps or that you have root access either. firewall you can obtain via the avast antivirus app in the market.
And I don't think you'll ever be able to cover your tracks when it comes to hiding who you call and text. The network company holds records of all calls and texts for billing purposes and only relase these in case of police investigations, with your permission. You can turn off your GPS, but you can still be located using the cell towers, which you need for reception, so you can't hide yourself completely. If you want internet access with out this just use wifi with a vpn or other such ip hider/rerouter and remove the sim card all together.
There is genuinely no need for this level of security on your phone. Like I said in my last post, if your phone is lost or stolen, you can always remote wipe your device so no one will know what you had on it, it'll just be a shiny brick.
hjfkuiper said:
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Jonny said:
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Click to expand...
Click to collapse
And Carrier IQ is not in any custom roms, and even if it was it can be easily deleted.
Cyanogen most certainly does NOT have root access disabled by default. Half the features on it wouldnt work without root access.
If you really need that kind of security the best answer is to not do whatever you need that kind of security for on your phone. Use another device.
Also, invest in a high quality tin foil hat.
Sent from my HTC Sensation using xda app-developers app
Hi,
First, not even 1% care about security and privacy in thiers phones. People just having fun not knowing what data is being leaked from thier phones.
I know what you mean, if you want to have secure ROM, use CyanogenMod and patch it with autopatcher - PDroid2.0, then block almost all permission to all apps (including system) and this will give you the best privacy. Also don't use gaps and remove bluetooth if you don't use it.
Use K-Mail with APG to encrypt your emails, use Ostel to make anonymous calls, use Tor as a browser.
I think CyanogenMod9 for Sensation has already Pdroid patch merged. I suggest it over CM10 as is more stable and faster.
Below are links that may be useful for you.
PDROID:
http://forum.xda-developers.com/showthread.php?t=1923576
Autopatcher:
http://forum.xda-developers.com/showthread.php?t=1719408
Guardian Project:
http://forum.xda-developers.com/showthread.php?t=1840929
Hardening Android Guide
http://forum.xda-developers.com/showthread.php?t=1954513
Have fun
THE_GENIUS
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Dun Dun Duuuuuuuuunnnnnnnnnnnn!! (sorry, couldnt resist ) :silly:
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Without DroidWall - yes, anything can leak, but with - no chance.
Thank you! This is the only helpful reply in a thread full of morons.
I'm in the same boat
I would like something similar. I know we have remote wipe, etc. However I would like to know that if I loose my device, the only thing I am loosing would be the device. Currently I am using ARHD 50.0. I can not get the local storage to encrypt. The Micro SD however can be encyrpted. So I am working to try and install all the apps I need, then move them to the microSD and force them to write data there instead of the default location.
It is a bit strange that this seems to not work well at all.
Android is rather secure. Every non-system runs in its own sandbox.
Follow these steps to get you phone really secure:
1. Encrypt internal storage as well as sdcard.
2. Go S-ON. Relock your device.
3. Remove custom recovery after ROM installation. Otherwise encryption can be broken. Especially if you're scared of NSA.
4. Use superuser to remove all apps you don't need, then disable superuser.
5. Disable ADB. Both USB and wireless.
Any "trusted" ROM capable of this is secure.
Happy to help.
Far_SighT said:
1. Encrypt internal storage as well as sdcard.
Click to expand...
Click to collapse
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
imma gonna get ma tinfoil hat
bastei said:
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
Click to expand...
Click to collapse
You need to use a ROM that supports it. I use ViperS 5.1.0 (Vipers 4 also supports this).
Not that because SD card encryption, other cards that you put into your phone will be read only until you decrypt external storage
Hi guys & girls,
I have a Desire HD, not a sensation smartphone, however maybe I can add helpful Info here.
I am just exploring the activity on all smartphones, so I can discover which devices have the most developers, people and support now =D
Which Smartphones have the most Developers and Users now, by the way? Thanks
Well, the Best Secure Rom, I think is only the Guardian Rom.
That Rom is develloped just with the propose to be most secure, emphatize on just security as a priority, after all the NSA & government & Intelligency Agencies Surveillance.
Era Post-Edward Snowden =D
I think the name of the great Developer is "x942".
The problem is, He is just one Develloper working on that, so not so fast developing and very few devices are supported.
(I think only Galaxy Nexus, Nexus 4 and Galaxy S2, not certain)
He has other security projects also, like "Secdroid" and his hardened kernel.
Second to "Guardian ROM" maybe:
BlackPhone
(But i think for while not so worth because all software and apps is just 3rd party apps opensource that we can install too on our smartphone. And not worth spend 600 euros/dollars i think. But is very good and opensource hardware).
CryptoPhone is a security project on Germany/EU too, based on era Post-Snowden.
But just a smartphone based on Galaxy S2 with software we can install by our methods too =)
I think the best and most secure but simultaneous with very strong developing/support/updates for future proof is really CyanogenMod.
But we need to deposit our trust on them still, even now that they are now a Company, not anymore opensource community like on old early days, when Cyanogen started =)
The best is Guardian ROM.
However just one great develloper can not support many devices and long and faster develloping like CyanogenMod as a fact.
About software and apps we have many:
But the popular/best are:
All apps of "TheGuardianProject" site like:
Orbot; Orweb; GPG; ChatSecure (Gibberbot); Ostel; Pixlknot; Obscura Cam; and so on...
Whisper Security apps:
RedPhone; TextSecure (WhisperPush on Cyanogen);
SilentCircle apps se can trust but i think are Paid.
Tor (orbot) , I2P, and MacChanger (MacMan, etc...) apps for Anonymity.
SecDroid as i said.
PDroid (but with kitkat i think se do not need anymore).
AfWall+ (Sucessor and total opensource of DroidWall, linux iptables firewall).
WiFi Protector (by Gurkedev, opensource wireless that protect us from Arp poisoning, MITM attacks like droidsheep, faceniff, other sniffers and packets captures...)
AdAway (opensource blockers of adware, spyware ads and popups)
Virustotal app =D
KeePassDroid (Password manager protected with encryption data base).
K-9 Mail with APG (opensource email with open PGP implementation).
And for TrueCrypt similar encryption and containers i think exist many apps already on market, but do not know which is the best yet.
EncFS is good also.
One great market just with opensource apps and a must have is
F-Droid.
If you want use your data connection with a VPN (Virtual Private Network) on my researches i discover and read some of the best are:
Free - > SpotFlux; HotSpot Shield; CyberGhost; SecurityKiss; HideMan; ...
Now the Best ones are Paid.
Some of the best ones:
MullVad
iVPN
NordVPN
TorGuard
Proxy.sh
BolehVPN
AirVPN
And the Countries with the Best Privacy Laws and Protection are:
Iceland ; Norway ; Romania ; Serbia ; Sweden ; Swiderland ; Luxenbourg ; Panama ; Seichelles ; Taiwan ; Hong Kong ; Malaysia ; ...
Well, hope I can help with something, and please if anyone know more Info about Security, Privacy & Anonymity tell also, and let all us know more knowledge =)
Cheers, Guys & Girls.
I get asked sometimes why root an android device. What is your reasons for rooting and what are the benefits? I'd be interested to hear your views.
Sent from my Nexus 7 using xda app-developers app
st3vo_1986 said:
I get asked sometimes why root an android device. What is your reasons for rooting and what are the benefits? I'd be interested to hear your views.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
Most phones come with the operating system "locked" by the manufacturers. They do not want their devices to be meddled with and made unusable by the user. There are valid reasons for them to do this, some I think will be as follows.
1. Maintain integrity of the phone they sell.
2. Lower Helpdesk cost. Users who do not know how, meddled and rendered phone un-usable during warranty and then make claims for repair under warranty terms. This will unrealistically increase the cost of providing repair works under the warranty period.
3. Ease of maintenance. There is one copy of the ROM. If the user brings in a phone that is not working, they will just flash the standard ROM over as a first check. This is easy to do for the first step of troubleshooting.
4. Avoid bad publicity- the word of mouth that there is a high rate of return for maintenance (due to incompetent wannabe phone hackers) spread and this creates a public image of the phone being "unreliable".
Reasons for rooting is mainly to be able to use the phone as how we like to use it. Some examples:
1. Not happy with the phone producer's version of Android user-interface. Same version of Android, but different manufacturers offer their own take on the user interface. By rooting the phone, the user can change to a custom ROM that he finds suitable.
2. Not happy with the manufacturer's choice of apps. For example, the media-player app. Without rooting, you cannot uninstall the media app that came with the phone ROM. Yes, you can install an additional media-player app, but then you will have some bloatware (manufacturer's app) that you cannot uninstall.
3. Change to a newer (or older) version of Android. E.g., Older phones that are rooted can upgrade from Android 2x to 4x, if the hardware is suitable.
4. Change operating system. After having an Android phone, a user might want to change his mind try out a Windows Phone. After rooting the phone, it is possible to change the operating system from Android to Windows and vice versa. A good example are the older WM6x phones, such as HTC Touch HD or HD2, they can be installed and work with Android, and if the user is not happy, revert to WM6x. Without rooting the phone, this cannot be done.
5. Build and install our own tailor-made custom ROM using a Kitchen+ROM of choice. Sometimes, a custom ROM provided by an independent developer may not be entirely suitable for all of us. With the Kitchen+ROM, it is possible to break-down the ROM to components, and select the components to build another ROM (a variant of the original) that meets a specific requirement. For example, it is possible to exclude GoogleMarket, Facebook, Twitter apps and build a ROM without them, if a person wishes.
There are many more other reasons, but I guess the main ones are those.
Hope this helps.
I wish to know if there are any custom roms or os'es that wouldn't touch my data using background processes that doesn't ask for permission to do so. Because these apps are either pre-installed or installed by me (which ask for permissions up front)? Or at least that I would be able grant app permissions when it needs them? It's like a real time permission request service.
Thanks.
I don't understand your question very well but I think you'll need an AOSP 6.0 ROM like the one made by Flashhhh beacuse AOSP is the most secure beacuse just Google modifies it and the developer (Flashhhh in our case). You can't make it 100 % secure beacuse you need to encrypt the partition and lock the bootloader. Encryption slows the device like hell and locking the bootloader with costum software cannot by made except if some of the great develoeprs of the falcon can reprogram the bootloader and the other low level bootloaders. Hardware encryption isn't supported on falcon I don't know why beacuse my Lumia 435 has encryption enabled via settings as you can see here:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And yes the device is as fast as with the option disabled ! So hardware encryption is supported on Snapdragon 200 and our device has Snapdragon 400. I don't know why but that's the life...I am also interested in a secure OS with encryption that can run on our Moto G without performance loss.
I was really looking forward to cyanogen-mod, because it was looked as safe. But after I've read their DISCLAIMER stating "Modifying or replacing your device's software may void your device's warranty, lead to data loss, hair loss, financial loss, privacy loss, security breaches, or other damage, and therefore must be done entirely at your own risk. No one affiliated with the CyanogenMod project is responsible for your actions. Good luck." I changed my mind. I am paranoid about my privacy and security therefore this disclaimer put all my excitement and hopes to find privacy and security in their custom rom down. On the other had they're stating the things that could happen to my phone through the use of their custom rom, which I am thankful for their honesty and precautions. I was looking for official carbon rom, because of it's flexibility in customization and some other useful features, but sadly they don't support our device so yet again I was let down. Even if there is ports of it. Yet again my paranoia for privacy and security appears to be in action and I just can't help it when It come to it. It's my need and I believe it is everyone's need that sadly seems to be not met... even my keyboard sends data through background services... The more I see what android does the more I want to switch back to windows phone... it was easy to use, simple, and at least secure. I loved the thing that you could use one app for text messaging and social network messaging and I found it really handy feature. Android is highly customizable, but not as secure as WP. Also did everyone else noticed that Android version names are alphabetically ordered which could mean that they have plans up front for Z? Ohhh and google is in alphabet now...
Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big
Hwyl.Fawr said:
Was WP really more secure or did you simply don't know what it did in the background?
Concerning your question: to find a "perfect" system might by impossible. However, you should not completely give up on Cyanogenmod (or on custom roms in general). You do get the possibility to manage permissions and you get root. The latter you can use to uninstall system-apps you dont like or to set up a firewall for apps and services you dont trust (for instance your keyboard). As a further step you could try if a Google-free device would work for you (i.e. not flash gapps after rom). That might be less convenient in some aspects but you would get rid of the no. 1 risk for privacy. And dont worry too much about the disclaimer! Sure, flashing a custom rom can turn your device into electronic scrap and things like root are risky anyway, the crucial point is that stuff needs to be handled the correct way. With enough information acquired in the first place the risks arent too big
Click to expand...
Click to collapse
Well yes WP doesn't have such feature as seeing what backgroung processes are active, what they're doing which should be a concern, but I think there are some devices that doesn't support multi-tasking which probably deals with the issue. Well the cyanogen mod does offer that security and frees you from app permission chains, but I don't want to rush on flashing it.
What about ubuntu os? They provide tutorial to port it for your own device which I am really interested in. But is there any advantages over cyanogen mod in terms of user privacy and security? Should I consider porting it myself or flashing a port made by community?
This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763
lost101 said:
This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763
Click to expand...
Click to collapse
Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.
zgodig said:
Is it only for LTE version?
Thank you for your time spent on developing this rom for the community. I will flash it straight away.
Click to expand...
Click to collapse
As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.
lost101 said:
As I said, the ROM will boot and work fine on your phone if you flash the Falcon kernel. @minimale_ldz created this ROM based on my previous work.
Click to expand...
Click to collapse
This is madness.
Also
lost101 said:
This ROM was created with privacy in mind: (Read the first post carefully and follow the instructions)
http://forum.xda-developers.com/moto-g/4g-development/rom-identity-crisis-6-lte-extreme-t3328861
It will boot on Falcon; if after flashing the ROM, you immediately flash the Stock 6.0 Kernel available here:
http://forum.xda-developers.com/showthread.php?t=2649763
Click to expand...
Click to collapse
Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.
zgodig said:
Okay. The rom looks good and seems to offer what I need, but that bug when you dim your brightness and flickering occurs can be annoying, since I like to dim it as much as possible, to save my battery from draining. I guess I will have to keep on using the stock rom till port of your rom will be fixed.
Click to expand...
Click to collapse
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.
minimale_ldz said:
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.
Click to expand...
Click to collapse
I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!
zgodig said:
I think that I should wait for the marshmallow patch. Because I wouldn't have to use the apps you have mentioned in order to protect myself. I've read that you recommend these apps to use on marshmallow too. Which one would you recommend? Lollipop ir marshmallow? From the things you have mentioned it made me an impression that there has to be done more on lollipop to protect yourself as much as possible, than on marshmallow. Besides I suspect that marshmallow is more advanced than lollipop. Anyways an expert opinion is allways worth to concider. A big thank you xda developers for your hard work and time put in developing all of the software available for us. You're the best!
Click to expand...
Click to collapse
Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.
The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.
minimale_ldz said:
There's also Lollipop version of this rom available, and it doesn't flicker. Installing the rom itself, however, won't be enough - even removing GApps doesn't prevent Google and from collecting "anonymous" data as there are still some leaks through kernel and modem debug settings. They can be blocked by firewall (like AFWall+). You may also want to install Network Log to see all the traffic. XPosed Xprivacy module is also very helpful in restricting internet, network, location, sensors, etc. access to the apps. You can also disable location services and bluetooth (and other things) with Servicely for extra protection and battery life.
All of it will give you SOME protection as obviously your carrier will have a lot of data about your device and this can't be avoided as long as you use its phone services.
Click to expand...
Click to collapse
minimale_ldz said:
Well, I don't consider myself an expert - just spent some time reading security and privacy related stuff in the web and used some of the information to help myself. Please also mind all the things I mentioned (firewall, XPrivacy, etc.) don't come with Marshmallow and need to be installed and set up anyway so it doesn't make much difference if you use Lollipop or MM version. The biggest privacy-related changes that come with MM are built-in permissions manager (which is good but insufficient) and more up to date security patch. And I think that is it, so it's up to you if you want to wait. The thing with Android updates is that they bring new stuff that OEM and carriers need to implement and optimize, so I wouldn't say that Marshmallow is better in every aspect than Lollipo. I was using 5.1.1 for a few months on Moto G and was very happy - I'm using 6.0.1 on Moto X Play now, and see some annoying bugs that came with it. Interesting thing is they only appeared after removing GApps from the rom. So again - it's up to you.
The other fact is that the more you protect yourself from intrusive Google services the more new privacy and security issues appear. For example - if you use stock rom there's no need to unlock bootloader nor using custom recovery which are actually negatively affecting your privacy. You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone. Good practice is not to keep too much private stuff on it, because there's always a risk someone can get it - one way or another.
Click to expand...
Click to collapse
If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?
zgodig said:
If you're not an expert then you're not far from it, because I don't think it's easy to do the things you did.
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?
Click to expand...
Click to collapse
As far as I know relocking bootloader will fail if installed system is not original, but I'd ask @lost101 as he's got much more expertise in Motorola issues.
minimale_ldz said:
You can access all the system and data in TWRP, so your privacy is pretty much none in case someone steals your phone.
Click to expand...
Click to collapse
Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.
zgodig said:
Is it possible to re-flash stoch recovery and re-lock bootloader after flashing one your roms to improve security, or are they essential to make rom work?
Click to expand...
Click to collapse
Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.
So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.
Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.
I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.
lost101 said:
Originally Falcon (and Peregrine I suspect) did not support Factory Reset Protection (FRP) - this may have changed for those with locked Bootloaders who updated to Lollipop via official OTA Update. Even with FRP, all you are doing is stopping someone who stole / found your phone from accessing your data. Obviously you must unlock Bootloader to gain real control over your data by flashing a ROM just as those created by @minimale_ldz. Once Bootloader is unlocked, it's permanent. So-called 'relocking' is purely superficial and can be simply undone by anyone with fastboot access.
So the answer is no, flashing Stock Recovery and 'relocking' Bootloader does absolutely nothing for you in terms of security.
Newer phones such as Moto G (3rd Gen) support FRP out of the box. But again, you are at the mercy of Google and Motorola when it comes to privacy as long as the Bootloader remains locked. You cannot root, nor install a custom ROM.
I fear ultimately you must examine your own psychological / egoic need for control and privacy, as the world outside your mind is unlikely to deliver what you seek.
Click to expand...
Click to collapse
Is it possible to make or do something that no one would be able to enter recovery mode without password or at least pin code?
_that said:
Using encryption helps in this case. Just remember that when you get your phone back, don't trust it anymore.
Click to expand...
Click to collapse
So encrypting the phone would help to protect data. In case of loost or stolen phone, the person would only be able to delete my data through recovery mode?
And what do you mean that after I'd get my phone back I shouldn't trust it?
Exodus, a popular, albeit closed-source, crypto wallet app recently stopped working on my device. After a few days of back-and-forth troubleshooting via support, they somehow realized that my device is both rooted and running a custom, open source, community-supported ROM. They told me this was no longer allowed because it is far less secure than running the proprietary ROM. I countered with both personal testimony (back when I had a Blu phone, and a year later they got kicked off Amazon due to spyware streaming customer data out without consent) and common fact that OEM ROMs are almost always packed full of bloatware and spyware. I countered that installing a reputable open source ROM with only those apps I want and need is better. I argued that root gives me the ability to use AFWall to block outbound access to apps that I don't want having having access to the Internet without my permission. I could have argue that continuing to use a 1-2 year old phone that no longer receives security updates when I could use an open source ROM that does is better. I also provided a few public articles showing how frequently apps from the Play Store and other "OEM" stores are caught abusing their users' trust and performing malicious action. My point was that it's not correct to just automatically assume that having root and using a non-OEM ROM is less secure. That's a falsehood. But that said, I am interested to know what the XDA community thinks about that. And if the XDA community has any facts about custom, open source, community-supported ROMs being more secure than OEM ROMs, I am interested to further arm myself. And of course, I am completely willing to be instructed by the XDA community that indeed Exodus is right and using a custom ROM and having a rooted phone is completely, inherently, automatically more insecure than using an OEM ROM full of bloatware and spyware, not having root so that any rag-tag app can stream data back to home base, and falling behind with security patches because the vendor is either too slow to release or decides my device is no longer worth supporting.
You can't blame them for not troubleshooting unknown firmware. You changed the playing field.
Less mainstream use and support* is one of the disadvantages of custom roms and rooting.
I run stock and use other methods to kill bloatware. Zero brick risk, little down time and they run well.
I'm not saying don't root etc... but you knew the job was dangerous when you took it.
*this can have potentially far reaching and multifaceted implication$
@blackhawk I'm pretty sure it wasn't broken on my phone. One day I opened the app and it said I needed to update to continue using it. So I thought maybe the app just had failed to automatically update from the Play Store. But shortly thereafter I found it wouldn't update. That led to opening support ticket with them which eventually led to them saying it no longer works on rooted devices. Their argument was that they were attempting to protect me. My rebuttal was that I don't want their protection, I want my freedom back. They should focus on making their app as secure as possible and then, if they discover I am running it on a rooted phone, then give me a warning box and force me to accept it but don't just take away my freedom.
The irony of their stance is that they still provide the Linux program. And who doesn't have root access on their Linux computer? Or their Mac or Windows computer, for that matter? I can completely understand if they don't wish to troubleshoot the installation of the Debian package or even the use of the zip on every Linux version out there. I wouldn't either! But that's completely different than saying, "Oh, you have root access to your Linux/Mac/Windows computer? We can't let you use our program anymore." That makes zero sense, and it's the same nonsensical argument they are making for rooted Android phones.
I run stock N10+'s because they're easier to troubleshoot, maintain and it doesn't trip the Knox efuse. I have to add a package disabler and do some optimizing but it's child's play for me to do it at this point.
Unfortunately if you root you're going to have to suck it up and do the work needed to optimize it.
Same thing I do with stock but with more tools at your disposal... after the learning curve.
It's this learning curve, the chance of bricking and the damage that can be inadvertently done to the OS with no access restrictions are some of the downsides. Rooting takes time to learn and perfect. With unlimited power, blah, blah, blah.
I rather just do basic infrequent troubleshooting and have fun... my current load is over 1.5 yo, still fast and stable.
I don't update the firmware because that breaks things. No updates needed once you optimize it and find any needed work arounds... it's good to go. Anything from Pie up is pretty secure; they have some vulnerabilities but in practice this isn't an issue... unless you do something stupid.