What are the security implications of flashing a ROM?
I came across this question (posted by robned) in another forum and wasn't sure how to answer this...
"Hey,
Maybe a noob question. I have searched and searched without greater success... so please be kind.
I'm in need to do something about low RAM and lousy battery life. Thus flashing a cooked ROM is starting to surface.
However, how safe is this? I mean, I'll probably pick one of the well-known builders like LEEDroic or Ace's, but how would you rate the risks for spoofing, hacking or other malware incorporated in these builds?
I know just being connedted is a risk .- but this takes it one step further. I'm not paranoid, but I do have some sensitive data like Ewallet/Flexwallet with Credit Card info for reminders...
All you guys flashing - ROM's that is - do you have any sensitive data at all?
Many thanks.
Your humble noob"
Any thoughts? Thanks!
Related
OK, heres the deal. I have a FUZE and want to flash it. As much useful information as there is on this forum, it is nearly impossible (as stated by many of the members here) to find anything in threads with 30, 50, 90 or even 300 pages. It just is not efficient. There is no good guide that has only constants (e.g., they all say you may need this version of SPL, radio, etc.). I would like some sort of UPDATED, concrete guide. I am willing to donate to whichever one of the developers handles this for me and I also think it would be hugely beneficial to the users of the forum. My hopes is that it becomes a locked thread so it cannot be polluted and it only stays a useful guide. The people on this forum are amazingly knowledgeable, probably the best on the net... There just needs to be organization and I'd really like to get that ball moving. Here is what I'd like
1) The fastest, cleanest, most stable ROM
2) The most efficient radio (I'm fine with my current signal strength, which radio does that equate to)
3) The LEAST maintenance, meaning internet settings for AT&T, proxies, settings, all the task manager junk that has to be done.
I would even take one of the cleaned up AT&T ROMS as long as it isn't as slow as a 500lb man in a 40yd dash.
I understand that creating ROMs is no easy task; However, being proficient in the business and technology world, I can bring a few things to the table. Inaccurate and disorganized information usually causes the collapse of many businesses and I feel that is the biggest downside of this forum. Just think about how hard it would be if your file cabinet of work was turned upside down and there was little to no organization? Someone from the outside trying to look for a file would have no clue where to start (e.g. looking at all of the thread names is quite overwhelming... [ROM] [ENG] [READY!|15 NOV] ROMeOSĀ² v1.40.1 (19974.1.2.8|STABLE)). Noobs (including myself) have NO IDEA what any of that means until we start reading.
Therefore, if anyone is willing to help me get this started, I would gladly donate.
Thanks for listening, guys... I look forward to working with everyone.
Well, the first place to start is the Wiki specific to the Raphael. There you can find all the necessary info about the Raphael.
It seems you want to flash a ROM to your device. Right now there's only a handful available and you will have to try to see what best fits your needs. If you flash one, you don't like it, flash another.
If you read the Wiki you will see that you NEED to HardSPL before flashing a ROM. This is a must and I'm not sure where you're finding that it may be needed or not. Just HardSPL before you flash your ROM. And right now there's only 1 HardSPL, at least that I know of in this forum.
As for ROM naming/etc, go to the specific thread to find out more info. I understand the point about the overwheling messages that are here and many times there are just repeats of things that were answer before. However, everyone should take the time to read the sticky posts in the forum as they have very important information you need to know before you start messing with your device. I've been flashing ROMs for about a year now on my Tilt and recently move to the Fuze. A name as the one you referenced
"[ROM] [ENG] [READY!|15 NOV] ROMeOSĀ² v1.40.1 (19974.1.2.8|STABLE", you should be able to figure most of it. It's a ROM, it's ENGlish, It's READY, release 15 Nov, and it's STABLE. The other info is specific to the person who releases it and you will find the info by reading the first 1-3 posts within the thread. What you wrote is the equivalent of reading something you don't have any idea about and you want to understand it all in the same sentence without doing some type of research. Not sure how that works.
The guys that releases these ROMs take their time to make sure all the necessary info for a specific ROM release is contain within the first 3 posts of a thread. It's the best place to gather all the info you need about a ROM.
Anyway, hope this helps you.
As has been said MANY times:
1) there is no BEST rom
2) there is no BEST radio
Each is measured subjectively based on your needs. Most of the information you need can be found in the threads related to HARDSPL, Radios, & the roms you're flashing.
Thread Closed.
Hi, I'm new to this forum and this is my first post. I have looked at other questions on here, however thought I would ask a new one, as they do not all cover what I would like to ask, as mine are more specific. I have a few questions/issues that I'm unsure about, so would like to ask on here Excuse me if they sound silly and basic
Anywhoo, I would like to Root my device (HTC Hero 2.1) however would like to know the potential disadvantges of this and any 'safe guide' to doing so. I have read advice online where some drawbacks can be 'bricking' and voiding the warranty, but would like advice upon how to prevent this from happening. Also, I have read that you can un-root the device? If this is the case, once this is done, if there is a problem with my phone and I send it back, will it still be under warranty as such, so in the sense that can't they tell it's been rooted prior to the repair? (may sound like a silly question but I'm a newbie on this)
Also, I don't intend to make my phone some sort of superpowered device (which it won't as it's not the best of phones on the market but hey), however would like to increase the loading/processing time of applications, view other OS', Baseband etc.. Also, how will this affect my data? - i.e. messages, conversations (whatsapp, pingchat etc) and other apps currently installed on the phone. Also any other information that may be necassary to know. Not meaning to sound picky or bossy, but would like a more complex answer to this, not just short one lined answers that are much help as a chocolate teapot!
Many Thanks
HCP_123
Please use the Q&A Forum for questions Thanks
Moving to Q&A
I think we should have them. Roms get daily/weekly updates and I don't understand why we shouldn't discuss pros and cons of different roms every now and then.
Me, for instance would never flash coindroid without these threads. I'm loving it to bits. If a better rom comes around I'd like to be aware of it.
What is wrong with knowing that coindroid's standby battery consumption is 50ma vs revolution's 90ma before flashing both?
calyxim said:
I think we should have them. Roms get daily/weekly updates and I don't understand why we shouldn't discuss pros and cons of different roms every now and then.
Me, for instance would never flash coindroid without these threads. I'm loving it to bits. If a better rom comes around I'd like to be aware of it.
What is wrong with knowing that coindroid's standby battery consumption is 50ma vs revolution's 90ma before flashing both?
Click to expand...
Click to collapse
I understand your intentions with this post, to be completely honest. You've got a good initiative for bringing the everyday "flashers" as you might call them, into the loop without reading about the specific daily updates on each of the countless ROMs on this site.
The problem lies in synchronization with every other thread. If the OP of CoinDroid, for example, posts his updates on the original development thread, then what's his incentive for also posting on this new thread? If someone else did it for him in a quick little blurb, that's fine, but then there could be misinformation spread and not even necessarily the latest updates. Someone would have to go through every thread, every day, and update this new one after that.
Another issue with a thread like this is that most of them venture into the realm of opinion, which is great for everyone in gaining a general consensus opinion on an awesome ROM (ARHD), but awful for discerning any actual facts. It's just people stating the pros and cons through their eyes in a cluttered manner on one thread. If we wanted that, we could just go look at all the countless other threads that go through this same routine. Hell, the people making the opinions could be running a very old version of the ROM that feels stable anyway, with a custom kernel and any other number of mods. That means their opinion says nothing about the current state of the ROM.
ROMs don't get that drastic of a change of a nightly basis. Plus, it's not really necessary to have a thread that says "This one is best" or "I like this one because..." simply because there are so many threads that previously address this. Feel free to start them (it's a forum, after all), but don't expect replies every time. I just think what you're proposing is far too lofty for a forum
I am fairly lost on the process for updating my nook tablet 16GB to CM7 or CM10. This forum is like an information overload for a noob like me.
Two things I want to accomplish:
(1) Decide on CM7, CM9, or CM10
(2) Once I decide, update my nook
This is going to be a family tablet. Kids (older than 10) might use it a lot. I have read that CM10 is too unstable right now (especially for kids to use). Is this still true? I got the impression from this thread that there may be vast improvements:
http://forum.xda-developers.com/showthread.php?t=1877217
Cam someone tell me which version has the best combination of stability/performance? Is CM10 even close yet? Not crazy about the idea of going with gingerbread.
So, once I have decided, its not clear how I should update my nook. Are there simple instructions somewhere?
I'm sorry if I offend with this post, but it needs to be said - to you and the hundreds of other newbies coming on here with similar questions ...
If you can't figure out the basics of what you need to do by reading the information already posted across the existing threads on your device's forums then you should not even consider trying to do anything other than leave it well alone on the 'Stock' build.
The potential to break your nice, new, shiny device and find yourself in a position where you cannot recover it is high unless you are sure what you are doing, and the benefits really aren't enough for what you are trying to achieve.
SimonTS said:
I'm sorry if I offend with this post, but it needs to be said - to you and the hundreds of other newbies coming on here with similar questions ...
If you can't figure out the basics of what you need to do by reading the information already posted across the existing threads on your device's forums then you should not even consider trying to do anything other than leave it well alone on the 'Stock' build.
The potential to break your nice, new, shiny device and find yourself in a position where you cannot recover it is high unless you are sure what you are doing, and the benefits really aren't enough for what you are trying to achieve.
Click to expand...
Click to collapse
Your post does not offend me. I think I can figure out the basics. That's not a fair assumption about me. The problem is that I am seeing a lot of info on the web, and it is a little difficult for me to separate what I need from what I don't need. I see a lot of different info about which sd card to use or how the sd card needs to be formatted, etc, etc.
I just need one set of instructions that seems to work for most people.
But that only addresses one of my questions. The other question is whether CM10 is mature enough at this point or not?
In short, what I am trying to break out into discussion is simple - we need to figure out a way to reduce user-related/caused damaged devices.
I know we all put our disclaimers in our ROM threads, if you break your device, not my fault, etc. etc.... and before we discuss this I will say it is not our sole responsibility to make sure nobody does something dumb by installing firmware to their devices that may cause issues. What is inspiring this discussion are threads and posts such as this one, and they seem to be popping up more and more:
http://forum.xda-developers.com/showthread.php?t=2056369
http://forum.xda-developers.com/showpost.php?p=35793341&postcount=10
For the benefit of the general community and for people who, quite honestly, have almost no idea what they are doing when installing custom software to their devices, I think there should be a little more clarity and warning to users regarding what they should and shouldn't be flashing on top of their custom/packaged ROMs. And for the record I am in no sense of mind saying this could have been avoided by this user. In an analogical way I would say it is similar to teaching a child how to walk, or not play with light sockets. We cannot simply say, "oh be careful" because most people are careful, their issue is simply that they don't know. As developers we know EXACTLY what is compatible with our ROMs and what is not. This would include firmware, of all types - kernels, radios, build versions and modifications to the framework through flashable zip files in recovery.
More and more I am seeing threads like this one mentioned springing up about boot looping, lost IMEI's, and devices being destroyed because a user is (most likely) unaware of small differences between a device or installation method which if was aware, could have avoided an issues, and could have avoided another thread being posted wondering why "x" issue is happening. Of course there will always be these threads, issues, etc., but I feel like some type of quality control could be done on our part. This is what I propose, and I think we should encourage this among ourselves to avoid issues:
At the very top of our threads, the very top, before they see a download link, before they see a list of all of the exciting modifications amplifying their eagerness to flash, and dulling their eagerness to read, we should implement some "OP structure" so to speak. What I would propose is we all try to lay out our threads in this manner:
1. Name of ROM
2. List of ALL known compatible working (in this order): kernels, UI modifications (themes, etc.), firmwares. I would say that THIS is where our disclaimers should go. Right after telling the user what they should and shouldn't flash. This will strike up awareness on the other end (the user) that anything done outside of this instruction is a risk to the device and can permanently damage the device. This should be stressed even more in a thread where the developer has chosen to implement firmwares, builds/ROMs of other devices. The idea is more warning and thorough explanation of what can and can't be installed on top of our ROMs will in fact decrease user error. It is our responsibility to make an effort to decrease this possibility as much as possible. A quick list of useful information will go a long ways.
3. Recommended installation method as the developer has tested and proven - with a step by step instruction to flash.
People need to see this kind of thing before they see a download link. It will help the forum not be overridden by threads and posts of people wondering why something is broken (sometimes permanently), or not working correctly. This will also help troubleshoot issues as somebody will ALWAYS come back with "x" issue, and the first response by somebody should be "well did you follow all the instruction at the top of the OP?" and right away in a productive manner we are troubleshooting issues.
I believe we can ourselves "do some reading" and follow the work of our fellow developer members who spend tiresome hours building for various devices. Knowing what issues are going on with each other's work and thus knowing what our users are expecting will again only help everyone. Let's promote proper cautious behavior as an initial emotion when seeing a new update to a ROM, rather than the excitement of simply a new update. I know this will help, and it will make it easier on those of us who build and produce the software for our users.
I am curious to know people's thoughts about this idea - a structured method of laying out our threads with instruction and information, then the great things they have to expect after installation is complete. These are computers, not phones, let's treat them as such.
:highfive:
I am copying a thread over to this forum that I wrote up in the S3 section about proper flashing methods that have always worked for me flawlessly. There is never fault in taking extra time to make sure something is done 100% correct the first time, to rule out variables that might have caused "x" issue.
Here is the thread I was referring to. http://forum.xda-developers.com/showthread.php?t=1946701
This will be posted in the dev section as this is where people go to flash ROMs, putting it in QA is useless as that is where people go once they already have an issue.
Chime in boys, I really want to know what people think.
As someone who reads a lot of help i broke my phone posts the simple fact is that a large number of users if not the majority of noobs refuse point blank to read the instructions .
jje
This is also true. What I am getting at is by making information like this the first thing they would see, it would likely help reduce the "flasher flurry" that some people get into simply because of excitement and ignorance.
For those who don't read simply because they choose not to, we cannot help them. I believe there are many people, however, that proceed with caution, but are not informed enough. Simply saying "I am not responsible for your damaged device" is not enough in my opinion. I would revert to the child near the light socket analogy. It is not a enough to say "hey kid, you stick that fork in the light socket you may or may not be electrocuted - proceed with caution." We can do more, and we should.
I don't disagree about the need for this type of thread, but I'm not sure this is the proper section for it. This type of thread could (and probably should) be discussed across ALL android (and maybe even non-android) devices - not specific to samsung, exynos, touchwiz, etc. As well, it's not really a discussion of process, but more a discussion of how to advertise and support a firmware "product."
So, please explain how the OP fits the section guidelines here: http://forum.xda-developers.com/showthread.php?t=2017367
Thank you
Gary
Probably correct there Gary. If it needs to be moved I apologize. Not sure what I was thinking posting it here... it was late... I was tired lol
A simple solution would be to "hide" the download link in OP, so ppl are forced to read at least some of the OP.but there will always be ppl there is out of reach.
garyd9 said:
I don't disagree about the need for this type of thread, but I'm not sure this is the proper section for it. This type of thread could (and probably should) be discussed across ALL android (and maybe even non-android) devices - not specific to samsung, exynos, touchwiz, etc. As well, it's not really a discussion of process, but more a discussion of how to advertise and support a firmware "product."
So, please explain how the OP fits the section guidelines here: http://forum.xda-developers.com/showthread.php?t=2017367
Thank you
Gary
Click to expand...
Click to collapse
I agree gary, I've moved this to XDA general as this would cover pretty much any device, WP or Android.