Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
dj.houba said:
Hi everyone,
can you recommend me some custom Android ROMs with focus on better security? Or isolate of dependence on Google?
Both of them together will be the best.
My phone is Samsung Galaxy S2.
Many thanks
Click to expand...
Click to collapse
Cyanogen or GingerBread are some good ROMS for good security, as I know.
D-J Mutant said:
Cyanogen or GingerBread are some good ROMS for good security, as I know.
Click to expand...
Click to collapse
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Omnirom is supposed to be security and privacy consious.
Sent from my Nexus 7 using XDA Premium 4 mobile app
Well I'd suggest the cyanogenmod, but without the google apps. They're optional.
In the nexus 4 section there is an aokp that is patched so built in Google analytics are gone. There is a patch that can be applied to other ROMs.
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
Is that so , see from what u saying ,,, the ASOP is better then the other build rite
Sent From GT i9300
jcase said:
Custom roms, including Cyanogenmod, have a history of BAD security. Many rom developers end up introducing new vulnerabilities. In the past, some hardened Android builds existed, but I know of no current hardened roms.
I personally would stay away from custom roms, and stick to as close to AOSP as possible, signed with your own private keys. (and no Omnirom, AOKP, Cyanogenmod are NOT AOSP in any way shape or form.)
Click to expand...
Click to collapse
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Thanks
Thanks, I was trying different ROMs, finally I chose PAC-MAN ROM without Google apps
Hello !
does it mean that any modded stock rom with GApps will be insecure ?
Thx
just youtube some galaxy s2 roms you'll find reviews on some good roms
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
http://www.kandroid.org/online-pdk/guide/release_keys.html
something like this
I think you can skip "make dist" part, just do a regular build as you would normally (CyanogenMod ==> brunch your_device
you can fine the need file under "out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/cm_hammerhead-target_files-")
for Cyanogenmod Nexus 5 for ex (hammerhead )
source build/envsetup.sh
brunch hammerhead
and you'll fine the target_files zip under
out/target/product/hammerhead/obj/PACKAGING/target_files_intermediates/
that the one you need to feed to build/tools/releasetools/sign_target_files_apks
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
JamieFL said:
How do you get your own private key and what does that do? Sorry, I have never heard of this, so I'm sure others are probably also wondering.
Sent from my Nexus 5 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
This probably isn't exactly spot on, but here's a rough sysnopsis... When a ROM is built from source, the creator "signs" their creation (i.e. the ROM and the apps within). This way you can be sure that you're indeed getting an official ROM built by AOKP (or whomever) and not by some malicious 3rd party. Likewise, the Android OS uses signatures to ID which files are legitimate and given permission to run (i.e. official updates). However, there have been incidents with custom ROMs when this functionality has been exploited. This could allow an otherwise innocuous seeming app to deploy hidden malware and cloak itself as a legitimate app, gaining full rights to the phone.
A self-built ROM with your own private key is presumably safer against such an attack. I don't think most people would need to be concerned about this, but still something to keep in mind. Unfortunately jcase is spot on about custom ROMs almost always creating or exposing more vulnerabilities than stock. For instance, features like ADB or USB-OTG are often enabled by default. If that wasn't bad enough, in the event that your phone is ever lost/stolen/seized, having a custom recovery installed is pretty much handing over your identity with a bow wrapped on top. It makes it easy for anyone to bypass PIN/password/face/gesture-lock or dump off the entire disk image. Not to mention analysis can reveal your account passwords, WiFi keys, SMS, phone records, photos. Most of these vulnerabilities can be safeguarded against with careful consideration, but you certainly won't get there by default.
dj.houba said:
Thanks, yes, I know about Cyanogen.
Oh you mean GingerBread from Google? This is exactly what I don't want. I want to separate from Google, coz we all know about NSA case. So I thought, there will be some developers, who will try to build some custom ROM and try to eliminate "Big brother" and focus mainly on security.
Click to expand...
Click to collapse
The only way to eliminate the ability of a nation-state interfering in your data would be to not generate any. If they're watching you, then stopping them from watching you isn't going to be possible. So it's better to ensure that when they watch you appear innocent.
Granted, I'm not saying you shouldn't take any precautions. But to truly get away from their snooping you're probably better of without a phone.
fadedout said:
There are some really exciting Android security projects out there... For instance, one awesome function a-la-Truecrypt involves full disk encryption with plausible deniability. You are able to give out a first-layer passphrase if you are coerced - yet a truly private volume remains secure and disguised within the apparent unused portion of the storage disk.
Yet it's unlikely that any of this is relevant to you, otherwise you wouldn't be asking this sort of thing. When it comes to security leaks, try to barricade off the paths of least resistance from the ground up. For instance, even all of that wouldn't do much good if you had forensic evidence of your phone config on your computer, a lockscreen that could be bypassed, a phone seized whilst still turned with encryptions keys remaining in RAM, etc. Also keep in mind all of the data you are sending out in the clear via your cloud storage, SMS/IM, WiFi, etc.
So in the end, just pick a ROM that runs smoothly and you enjoy. Whatever you end up deciding, make absolutely certain to:
- encrypt with strong passphrase (then use cryptfs app to create a shorter lock screen key)
- disable USB debugging
---------- Post added at 06:06 AM ---------- Previous post was at 05:32 AM ----------
Click to expand...
Click to collapse
:good: Excellent advice.
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Liberr said:
I still wonder if AOSP or any of the bigger custom ROMs without Gapps is truly Google free. I have been browsing the forums for a while on that question but cant really find a good answer. Google free meaning: it doesn't communicate in any way on any moment with Google.
Anyone who can verify that? Has there ever been a XDA'er who researched this? For some it seems an assumption and some think since Android is developed by Google they surely try to analyze even AOSP roms or derivatives.
Click to expand...
Click to collapse
It only sends version statistics to Google, and there's a build.prop setting that allegedly disables it (ro.config.nocheckin=1) -- haven't tried it because I'd rather show my pride in Gingerbread
smartymcfly said:
There is a patch that can be applied to other ROMs.
Click to expand...
Click to collapse
What and where is this patch?
I would think you could block all of Google's ip address's in your host file on any rom also.
You could edit the host file before flashing it.
Related
Hello,
I was wondering if there was an Android app like Activator on the iPhone? I have searched to the best of my abilities regarding this question but have not found a clear answer. The closest I have come to finding this answer was the app "LaunchKey." However, it does not seem to fit what I am looking for.
Reason for this search is due to my brief episode with the iPhone 3g and yes I know...(after finding out, android system is definitely better in terms of customizing and freedom) Thus during that time I came upon this app called "Activator", which is basically amazing. Now that I am back using the android system I realized the only I miss about the iPhone was that app.
So if anyone can help that would be great! Thanks!
BTW:
Background information on the iPhone jailbreak app "Activator." Basically you can launch any apps and system actions via gestures or hardware buttons. (such as long-press, short-press, double tap,etc...)
http://forum.xda-developers.com/showthread.php?t=850464
and for gestures Im not entirely sure where I saw it or or what it was called but it does exist.
Reply
Thanks for the reply, however, I did stumble upon that app but it does not really support long press, short press, double tap and other various hardware buttons. As for gestures, I guess it does not matter as much as the hardware button configuration. Basically can a button have more functions than just one ie: home button-going to home. Thanks
I'm hoping that this app exists, as its one of the first apps I discovered years ago that was auto installed after jail breaking my previous iPhone. The app basically allows you customize a very large range of settings as shortcuts.
http://m.lifehacker.com/5899492/mak...hen-you-connect-or-disconnect-your-headphones
not strongly related but here's an app which I found very useful:
https://play.google.com/store/apps/details?id=tora.mamma.swipestart
Thanks!
Thanks for your input I however have found the app "SwipePad" to be extremely useful, albeit not the original application I was looking for but it does the job Thank you again!
really!!! Android is amazing, I think is like a pocket pc, but sometimes I miss my old iPhone when I remember cydia tweeks like Activator. :silly:
mnunez2 said:
really!!! Android is amazing, I think is like a pocket pc, but sometimes I miss my old iPhone when I remember cydia tweeks like Activator. :silly:
Click to expand...
Click to collapse
LOL, yeah same here man this post is old Most of the updates in 4.2 resolved my need for Activator...though not as much options it serves well nevertheless
clikonco said:
LOL, yeah same here man this post is old Most of the updates in 4.2 resolved my need for Activator...though not as much options it serves well nevertheless
Click to expand...
Click to collapse
OMG This is what I want to say my Android Friends Iphone tweaks are more easy way to go, im wondering How can I get Activator !!! >> since 4 years im iphone user and recently bought Note 2 (still I have Iphone) this entire conversation is what im looking for Please help to get a tweaks like that even I looked Cydia substrate for Android mm no use as of know....
Widgets are great but you still have to unlock the phone and look at the screen and press it. With activator you can, for example, press the power button of the phone twice and that will initiate the flash light... this is much better when you are in need of the flash light quickly...I wish android had something like that...
Help Help .... Droid help
webvamsi555 said:
OMG This is what I want to say my Android Friends Iphone tweaks are more easy way to go, im wondering How can I get Activator !!! >> since 4 years im iphone user and recently bought Note 2 (still I have Iphone) this entire conversation is what im looking for Please help to get a tweaks like that even I looked Cydia substrate for Android mm no use as of know....
Widgets are great but you still have to unlock the phone and look at the screen and press it. With activator you can, for example, press the power button of the phone twice and that will initiate the flash light... this is much better when you are in need of the flash light quickly...I wish android had something like that...
Help Help .... Droid help
Click to expand...
Click to collapse
I believe since the time I have posted this question to the present, there have been alternatives as well as actual implementations to the hardware tweaks. Currently, there are baked in hardware tweaks in custom ROM such as CM10.1 (lock screen long press buttons do variety of different things) or software programs such as swipepad, or Trigger app (Both of which I use a lot)
My current ROM CM10.1 has the capability of accessing the flashlight from the longpress of home button while in lockscreen. Or even changing music volume and music track by volume press/longpress. This I consider the equivilent of what you were referring to.
clikonco said:
I believe since the time I have posted this question to the present, there have been alternatives as well as actual implementations to the hardware tweaks. Currently, there are baked in hardware tweaks in custom ROM such as CM10.1 (lock screen long press buttons do variety of different things) or software programs such as swipepad, or Trigger app (Both of which I use a lot)
My current ROM CM10.1 has the capability of accessing the flashlight from the longpress of home button while in lockscreen. Or even changing music volume and music track by volume press/longpress. This I consider the equivilent of what you were referring to.
Click to expand...
Click to collapse
Hi Clikonco,
Thanks for the Update, awesome response, I'm new to Android and have few questions
1) if I do Custom Rom CM10.1 can I get is back to normal Stock ROM to get warranty back ?
2) If so what would be the best procedure to install CM10.1 ?
I already root my Stock Rom with Rooting using Odin by Beginners Guide
3) So would I be able to install CM10.1 after rooting my custom Rom
4) If possible also please point me(url) to unroot custom Rom to Stock Operating system please (for future need).
5) And also I heard a lot about cm10, cm10 nightly, cm10 aopk which one is better or all these same ? I have international Note 2 with
GT- N7100 > 4.1.2 > Baseband : N7100DDDMG1 > Build no : JZ054K.N7100XXDMG1 > Kernel V: 3.0.31-1071214
confused !!!!
Please help .. Thanks a lot lot lot :good:
webvamsi555 said:
Hi Clikonco,
Thanks for the Update, awesome response, I'm new to Android and have few questions
1) if I do Custom Rom CM10.1 can I get is back to normal Stock ROM to get warranty back ?
2) If so what would be the best procedure to install CM10.1 ?
I already root my Stock Rom with Rooting using Odin by Beginners Guide
3) So would I be able to install CM10.1 after rooting my custom Rom
4) If possible also please point me(url) to unroot custom Rom to Stock Operating system please (for future need).
5) And also I heard a lot about cm10, cm10 nightly, cm10 aopk which one is better or all these same ? I have international Note 2 with
GT- N7100 > 4.1.2 > Baseband : N7100DDDMG1 > Build no : JZ054K.N7100XXDMG1 > Kernel V: 3.0.31-1071214
confused !!!!
Please help .. Thanks a lot lot lot :good:
Click to expand...
Click to collapse
**ATTENTION: any of the information I have provided are based on my own experience/knowledge/research. IT IS IMPERATIVE(important) that you do your own research to double check my information and advice. If ever in DOUBT, ask/research around. (or dont follow through is usually the safest option) YOU are ultimately responsible for what you do with YOUR device, if you don't believe this, please do not continue dabbling in this area.
You should be able to do that, to "unroot" your phone, but it depends on the device as well as the instructions that other developers/rooters have given. (meaning not 100% probable, you need to do more research)
*JUST NOTICED YOU SAID YOU ARE ROOTED
-To get Stock ROM, just download the appropriate ROM zip files and then flash it.
-if you want to get warranty back, you will have to follow instructions for your device on how to unroot. (if even possible)
Follow the instructions given on the cyanogenmod website, usually involves flashing and wiping. (sounds like you have a samsung phone )
Based on question 3 statement, I believe you have to do MORE research. (as this is an extremely basic idea of rooting, unless of course I misread or the question was mistyped) Here is where you can start:CM about
Again, you have to do MORE research yourself, google is your friend for that. There is no one size fits all unrooting method.
Cyanogenmod (also known as CM) has an software release life cycle. (not counting the M snapshot nor experiments) You have Stable>Nightly> Release Candidates(RC).
Taken from this Forum
bassmadrigal:
Stable is after all the features desired by the CM devs have been put in and the code has been tested. Snapshots (M builds) are builds done roughly once a month that has had some testing to make sure things are mostly working and released to the public. These are the first builds that allow official bug reports on the project manager site, https://jira.cyanogenmod.org. Nightlies are automated builds that are built, well, every night. There is no human interaction with these and they are largely there just to see if the code added throughout the day will compile. As far as the devs are concerned, there are no bad builds with the nightlies, because if it doesn't build, that is news to let them know that something is screwed up in the code. They don't accept any bug reports on these builds.
Generally, the nightly builds, while extremely experimental and considered bleeding-edge, tend to be relatively stable and mostly bug-free. Many people use the nightlies as their so-called daily-driver, meaning that any bugs that they may have aren't so severe that they want to switch to a different version. For my Nexus 4, as soon as I got it I switched to a nightly build and haven't had any bugs pop up.
Also, all builds are full builds, so if you switch to a nightly, you aren't required to flash every single nightly. You can do it as you see fit. I've been known sometimes to flash a build every day, but then I've gone a month in between updating. Just grab the latest version you want to flash and flash that one.
Click to expand...
Click to collapse
Similar answer regarding AOPK (Android Open Kang Project:What Is AOKP ROM? How Is It Different From CM9? All You Ever Wanted To Know About
Hope these answered/helped you. I intentionally did not include some information such as unrooting because you will have find them yourself Alright, already spent too much time on this post, im out for now.
BTW: if you or anyone finds incorrect information in this post, please feel free to correct me. Thank you!
clikonco said:
Hello,
I was wondering if there was an Android app like Activator on the iPhone? I have searched to the best of my abilities regarding this question but have not found a clear answer. The closest I have come to finding this answer was the app "LaunchKey." However, it does not seem to fit what I am looking for.
Reason for this search is due to my brief episode with the iPhone 3g and yes I know...(after finding out, android system is definitely better in terms of customizing and freedom) Thus during that time I came upon this app called "Activator", which is basically amazing. Now that I am back using the android system I realized the only I miss about the iPhone was that app.
So if anyone can help that would be great! Thanks!
BTW:
Background information on the iPhone jailbreak app "Activator." Basically you can launch any apps and system actions via gestures or hardware buttons. (such as long-press, short-press, double tap,etc...)
Click to expand...
Click to collapse
Use xposed addition in xposed
I'm very new to android dev, not new to dev in general, though.
I hear ROMs being talked about quite frequently, not sure if I'll get into it, can't seem to find an address of the specific issue:
- What is a ROM?
In the sense, is it the entire OS? Is it the OS + UI? Does it include local apps & contact storage? Like, obviously apps and contacts wouldn't be read-only, but typically ROM means PROM (or some variation (EPROM/EEPROM/FROM, whatever), so I take it with a grain of salt.
From what I gather it's the entire OS + UI, and that's all? But I'm not sure.
Also, is there ways to replace specific parts of the ROM? Ie. Say I want to make modifications to the thread scheduler but I don't want it to touch some of the reliant modules..is it possible to just drop in a new scheduler by overwriting part of the binary image? Or are these things whole-sale?
Reason simply being is I don't like the idea of some random ass ROM that somebody cooked up with god knows how much OS exp controlling everything, as it's a binary it's not like you can crack it open and diff it or anything...or there's no official forks or branches to look at, y'know? Do people just "trust" all these ROM modders/creators?
Sorry for the over-abundance of questions :-X
Oh my god it's already on page 7...bump...?
Take a look at cyanogen mod. It comes with the source which you can fork if you'd like.
Sent from my HTC Desire
ROM - its the entire visible OS that you tend to interact on your phone + the kernel (shipping just the ROM would be useless). Its pretty much every software that you need to get your work done on the phone. You may chose to install additional's but thats just accessorizing your phone. Its called ROM since once you install the OS image over the phone, the region of sd-card is generally marked read-only & you are not expected to make changes to it (concisely /system partition & also /data where the OS can do write operations but again, there are exceptions to this rule too in custom ROMs).
As for Custom ROMS, they are generally forked of the AOSP except for the little nuances the rom maker's add to them (mostly those changes are in form of theme, few apps here & there, icons, wallpapers). I think your question is more specific to custom kernel instead because thats the entity which help/harm your device.
For that, I would suggest you to pick a particular custom release (such as Netarchy, popular for Nexus S)
& read over their change-logs. The kernel devs generally do a great job of maintaining those logs precisely. The initial fork of their kernel too comes from AOSP to which they add specific features such
as ext4 fix a.k.a Turboboost, Voodoo color & sound enhancement, BLN & odd.
Hope I have allayed some of your fears regarding customs software.
Thanks.
Yeah, I just get nervous installing an OS/Kernel blindly.
Changing themes would be nice, and I'd like the ability to do so without dropping in a ROM that can potentially have changes made to the Kernel. I don't like the fact that the ROM encompasses EVERYTHING, therefore it's coupled to the fact that you need a different ROM regardless of what you change.
It should be modular enough that you can modify themes without flashing an entire OS onto it.
Also, what's the chances that if a ROM install fails, you can re-load it (ie. what are the chances of you bricking your phone)? I don't have time for that.
Next to none if you make a nandroid, which is a backup.
Sent from my myTouch 4G using XDA App
rockstarar said:
Next to none if you make a nandroid, which is a backup.
Sent from my myTouch 4G using XDA App
Click to expand...
Click to collapse
It says that only works for the G1.
I completely forgot to ask, apps should stay, right?
I mean they're all in user land, shouldn't have anything to do with the ROM nor actual OS....right? (probably wrong... )
Hi,
I have recently developed a privacy protection application for Android.
You can use it to block access for any installed application to the following data separately:
Device ID (IMEI/MEID/ESN)
Subscriber ID (IMSI)
SIM serial (ICCID)
Phone and mailbox number
Incoming call number
Outgoing call number
GPS location
Network location
List of accounts (including your google e-mail address)
Account auth tokens
Contacts
Call logs
Calendar
SMS
MMS
Browser bookmarks and history
System logs
SIM info (operator, country)
Network info (operator, country)
For device ID, phone and mailbox number, SIM serial, subscriber ID and device location it also allows supplying custom or random values.
Unlike others (e.g., Permissions Denied or CM) this does not make applications crash when access to private data is blocked.
The following short video shows some of its functionality.
PDroid does not require ROOT or any Android permission to function, nor does it need any services running in the background. But it does require patching some ROM components, so that it needs to be ported to different devices. Currently it is available for Nexus One, Nexus S, Desire HD (Gingerbread) as well as Magic with CM 6.1 (Froyo).
So I am wondering if I should release it for public use and maybe port to other devices. I will only do so if you would like to use it, since it requires some fine-tuning to be more user-friendly. So please vote if you would like to use PDroid.
I would love to use this app on my galaxy s and tab.
Especially the point to give the apps random or custom information instead of just blocking the access is important.
If you need help testing the app on those mentioned devices just let me know
I hope you get enough positive feedback to port and continue developing this app.
I ll love to have such an app on my Xperia X10 mini pro (cyanogenmod 7)
so basicly it's a LBE replacement? The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
I would like to give this app a shot too with my devices (Nexus S 4G, EVO 3D and Epic Touch 4G). Does not require root, but assume that root is ok? Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well. Looks promising.
XlAfbk said:
so basicly it's a LBE replacement?
Click to expand...
Click to collapse
Kind of. The functionality is similar to that of LBE while I tried to account for its disadvantages, such as not being able to disallow access to some data (e.g., system logs, incoming and outgoing call numbers etc.), requiring root or being unreliable since LBE requires its protection service to be running so that malicious apps still can steal data if they are started before LBE after boot.
XlAfbk said:
The major disadvantage of that one is being closed-source. Do you plan to open-source yours?
Click to expand...
Click to collapse
Most likely yes (depends on how much spare time I can allocale to this project).
Tahde said:
Does not require root, but assume that root is ok?
Click to expand...
Click to collapse
Yes, it won't interfere
Tahde said:
Also seen that you have for Nexus S, but was not sure if that implies to the NS4G as well.
Click to expand...
Click to collapse
Yes, basically any device, for which Android can be directly built from AOSP (and this includes Nexus 4G) is supported right now.
Love to see it for the T-Mobile G2x especially if it is open.
svyat said:
You can use it to block access for any installed application to the following data separately...
Click to expand...
Click to collapse
That's a nice list. I'd really like a version for my Motorola Defy.
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
I too would like to use this app, sounds awesome. If you need any beta testers, I volunteer
rogier666 said:
How hard would it be to reuse the code to make it run like LBE, i.e. make an apk that works on every phone without having to patch ROMs for every type of device?
Click to expand...
Click to collapse
Impossible, since the actual application logic performing the data access control is based on the Android application framework and not the SDK. Plus, doing it the LBE way requires root and will never be 100% reliable. In other words, there is no way of creating a proper solution without patching the ROM.
I would like to have this for t-mobile US Vibrant since we're getting no Gingerbread love from t-mo or Sammy and I'm all flashed out with nothing else to do.
I would like to give your app a spin to see how it works
KB0SDQ said:
I would like to give your app a spin to see how it works
Click to expand...
Click to collapse
I am also interested in this app... Sounds very promising and I hope this will get ported for the G2/DesireZ, so I can get some freakin' privacy!
If I can help in any way, any way at all, I'd be very happy to do so.. I'm running CM7.1.0 on my DesireZ @ 1.2ghz...
Thanks a lot!
Looks great. I'd love to get that on my Thunderbolt (CM7) would there be anyway to block permissions like internet and SD card access, I know Cyanogenmod lets you disable them but you have to reset your phone after a change for them to take effect. Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around if you could make an app think it was using one or the other for a connection I think that would be very helpful to some folks.
I'd test this on the t-mo Galaxy S2 if you're willing to do it...
Sent from my SGH-T989 using xda premium
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
I would like to see for Desire , Great to have this kind of app! I'll help which ever way
IvanNCase said:
would there be anyway to block permissions like internet and SD card access
Click to expand...
Click to collapse
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
IvanNCase said:
Also I don't know if it falls into the scope of what this project is intended for but I've seen people ask about making certain apps work on 3G that only work on wifi or the other way around [...]
Click to expand...
Click to collapse
Nope, it doesn't
ukanth said:
I guess this is TISSA (http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf) ?
Click to expand...
Click to collapse
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
svyat said:
Not in near future. Doing that would require modifying the kernel and that, in turn, would make PDroid much less portable.
Nope, it doesn't
.
Click to expand...
Click to collapse
Fair enough.
By the way how do you install this does the ROM patching need to be done by the original creator or done with a zip file through recovery?
svyat said:
Nope, I've developed PDroid completely from scratch as a part of my Master's Thesis.
Click to expand...
Click to collapse
That's great to hear. Good job done ! I can't wait to see you release. I'll surely try to port it for Desire
As far as I can tell there are no significant Android roms that utilize custom keys. What's more, it's not even up for discussion. I've proposed it to multiple developers and it's been embarrassed by exactly ZERO. I've installed the overwhelming majority of ROMs for Flo, Grouper and myriad legacy Android device and haven't so much as stumbled on a single rom boasting this very basic security precaution.
So my question is: how are we going to change that?
I'll admit I know precious little about anything concerning 'code.' My development really pretty much ended at "power user." (An emphasis on 'user').
That said, I have to ask the following:
Is something like a key customizer possible? Perhaps something like a PC based patcher utility that could automatically import the appropriate test key credentials for the user selected rom and then repackage it using user &/or PC generated random data??
pan.droid said:
As far as I can tell there are no significant Android roms that utilize custom keys. What's more, it's not even up for discussion. I've proposed it to multiple developers and it's been embarrassed by exactly ZERO. I've installed the overwhelming majority of ROMs for Flo, Grouper and myriad legacy Android device and haven't so much as stumbled on a single rom boasting this very basic security precaution.
So my question is: how are we going to change that?
I'll admit I know precious little about anything concerning 'code.' My development really pretty much ended at "power user." (An emphasis on 'user').
That said, I have to ask the following:
Is something like a key customizer possible? Perhaps something like a PC based patcher utility that could automatically import the appropriate test key credentials for the user selected rom and then repackage it using user &/or PC generated random data??
Click to expand...
Click to collapse
Omni rom uses private keys in official builds I believe, and after much prodding cyanogenmod has started to as well. Solution is to resign the firmware.
I thought Omni might be taking things seriously. I seem to remember it's Delta updates having a pre-checked 'Secure' box, probably meaning they were transferred using HTTPS or some other secure transfer method.
So what about an automated tool that could resign the firmware on a user's PC prior to flashing? Is that theoretically possible?
pan.droid said:
I thought Omni might be taking things seriously. I seem to remember it's Delta updates having a pre-checked 'Secure' box, probably meaning they were transferred using HTTPS or some other secure transfer method.
So what about an automated tool that could resign the firmware on a user's PC prior to flashing? Is that theoretically possible?
Click to expand...
Click to collapse
Yes easy, even and update.zip could be done to do it.
So, I guess the question is: who's leg do I have to hump to get this kick-started?
I want to port the rom which gives me highest level of security on my rooted oneplus one device, whether it eats battery, slow working, less features, no matter of camera, video and/or internet. I wish that ROM should be most secured for hacking and must be rewarded for a great price for bug bounty programs.
Can anyone please suggest me the name of best secured ROM till now?
GirishSharma said:
I want to port the rom which gives me highest level of security on my rooted oneplus one device, whether it eats battery, slow working, less features, no matter of camera, video and/or internet. I wish that ROM should be most secured for hacking and must be rewarded for a great price for bug bounty programs.
Can anyone please suggest me the name of best secured ROM till now?
Click to expand...
Click to collapse
First things first. You are in wrong thread. This should be in Q&A section.
All the ROMs here are secure. You should take care of what you install and from where you install.
BTW Ever heard of iOS??
GirishSharma said:
I want to port the rom which gives me highest level of security on my rooted oneplus one device, whether it eats battery, slow working, less features, no matter of camera, video and/or internet. I wish that ROM should be most secured for hacking and must be rewarded for a great price for bug bounty programs.
Can anyone please suggest me the name of best secured ROM till now?
Click to expand...
Click to collapse
Kali Nethunter.
#A0001
Please check this link:
http://thehackernews.com/2015/11/ios9-zero-day-hack.html?m=1
Will you still like iOS?
Nothing is secure, even if you are installing from authenticated source though, that is why I urge to great ROM developers to please put more weightage to security rather than battery, camera, audio, video, internet speed, fancy pump and show etc.
GirishSharma said:
Please check this link:
http://thehackernews.com/2015/11/ios9-zero-day-hack.html?m=1
Will you still like iOS?
Nothing is secure, even if you are installing from authenticated source though, that is why I urge to great ROM developers to please put more weightage to security rather than battery, camera, audio, video, internet speed, fancy pump and show etc.
Click to expand...
Click to collapse
Mate, one way to ensure security on any ROM based on OPO is to enable encryption from Settings.
Yes, iOS was hacked by those hackers, TBH, iOS is stable and more secure than Android.
Rooting is one of the way that you compromise your security.
Best combination for security is : Non root + Stock + encryption + no sideloading of apps + restricting permissions + Antivirus app(if you are interested)
Developers can only develop apps and integrate in ROMs
Only Google can enforce more security by coding the required lines in AOSP
I am downloading the zip file from below link:
http://images.kali.org/kali_linux_nethunter_2.0.1_bacon_lollipop.zip
Is it flashable ROM please i.e. installation like other ROM through twrp?
GirishSharma said:
I am downloading the zip file from below link:
http://images.kali.org/kali_linux_nethunter_2.0.1_bacon_lollipop.zip
Is it flashable ROM please i.e. installation like other ROM through twrp?
Click to expand...
Click to collapse
Better ask the location where you got the ROM from.