Related
hi i use custom roms on my s4 i9505, i told my friend and he said i was stupid because people can attach harmful code to any rom or program.
that can give a crook access to your pc or phone. he played me a couple of videos showing this because he has been hit on his self using third party apps, and antivirus programs do not see this code..
Can anyone elaborate on this and prove this is not true about custom roms.
Many thanks
fezz64 said:
hi i use custom roms on my s4 i9505, i told my friend and he said i was stupid because people can attach harmful code to any rom or program.
that can give a crook access to your pc or phone. he played me a couple of videos showing this because he has been hit on his self using third party apps, and antivirus programs do not see this code..
Can anyone elaborate on this and prove this is not true about custom roms.
Many thanks
Click to expand...
Click to collapse
custom roms on this site are required to be open source. that means the developer must post the source code to his work or it can not be posted here. for this reason it is highly unlikely you will find any nefarious code in any of the roms posted here. as for roms posted on other sites, i cant speak for their policies.
apps are always subject to malware, thats why you should only download them from a trusted source like the play store or this site.
bweN diorD said:
custom roms on this site are required to be open source. that means the developer must post the source code to his work or it can not be posted here. for this reason it is highly unlikely you will find any nefarious code in any of the roms posted here. as for roms posted on other sites, i cant speak for their policies.
apps are always subject to malware, thats why you should only download them from a trusted source like the play store or this site.
Click to expand...
Click to collapse
hi thanks for your help i will continue useing echoe rom as i cannot fault it...
.........THANKS TO ALL..........
stick to one developr
stick to one developer and follow the custom rom threads carefully so that u can understand who is a very good developer
Hi devs,
I need email with exchange security disabled
As far as I have looked for, there is no available solution: Wanam module requires xposed, which is not yet available for our S6 64 bits architecture, Alliance fwk announces the feature but it is not active,
So I decided to implement the solution based on the tutorial http://forum.xda-developers.com/galaxy-s5/development/guide-add-toggle-to-bypass-email-t3129898
I can't get the app working on the phone (it crashes). I suspect that zipalign is doing 32 bits alignment whereas the S6 is 64 bits. I found no indications on Android dev site...
So can anyone help me to get S6 app recompiled and working correctly on the device.
I know that exchange security bypass is an expected feature, so I would try helping to get it quickly
Olivier
@odurecu
First of all it's not a place to question thread.
Second you must make something wrong becouse this tutorial is also for S6.
Third in attachment i make it for you.
regards ambasadii!
ambasadii said:
@odurecu
First of all it's not a place to question thread.
Second you must make something wrong becouse this tutorial is also for S6.
Third in attachment i make it for you.
regards ambasadii!
Click to expand...
Click to collapse
Thanks for having done it! But the tutorial does not describe how to compile/decompile. I used apktool to do it but the app was crashing on my phone. So I am curious to know the procedure to be able to do it my self
ambasadii said:
@odurecu
First of all it's not a place to question thread.
Second you must make something wrong becouse this tutorial is also for S6.
Third in attachment i make it for you.
regards ambasadii!
Click to expand...
Click to collapse
can you put this in next rom you release?
ambasadii said:
@odurecu
First of all it's not a place to question thread.
Second you must make something wrong becouse this tutorial is also for S6.
Third in attachment i make it for you.
regards ambasadii!
Click to expand...
Click to collapse
Thanks!!!
Confirmed working on my S6 Port (S4 I9506) , nice to see someone quickly help people and do things like this, and many more gets help.
Hi Guys,
I am new to Android (a noob) - Started with flashing some custom ROMs on my devices and i am bothered by the security of my device, although android is open source, is it possible that a custom ROM is bugged to steal your personal or financial information? I don't have any experience with android development and i don't have time to jump into Android development so even if the ROM is open source i wont be going through the code to check for leaks or potential built-in hacks.
Basically my question is, is it safe to install Unofficial ROMs such as CM unofficial? I understand, the majority of apps store sensitive data on device in encrypted way but still, i don't think it will be hard to just modify the ROM to develop a built-in key-logger OR read username/password from a username/password fields while user is typing using an on-screen keyboard, save it as LOG file and when connected to the internet, send it to the 'unknown' source. I can see so many possibilities, the user wont even have a clue that they are sharing data. it is like Microsoft making windows Open Source and people making their own versions of Windows and users installing them on thier PCs.
Please help me understand - How safe are our devices when running on custom ROMs from developers we don't even know (no disrespect to any dev, all this amazing work is appriciated, I just want to understand the security of android - Please help me understand as after flashing custom ROMs on my devices i am avoiding installation of sensitive apps or even using chrome to type my passwords) - am i paranoid ?
Cheers
It's entirely possible that a malicious custom ROM could steal your data (or worse), and there's really no technical way to mitigate it. You're implicitly trusting the developer of a ROM by flashing it. All you can really do is make sure that whatever ROM you choose is from a well-known, trusted developer.
aliusman999 said:
Hi Guys,
I am new to Android (a noob) - Started with flashing some custom ROMs on my devices and i am bothered by the security of my device, although android is open source, is it possible that a custom ROM is bugged to steal your personal or financial information? I don't have any experience with android development and i don't have time to jump into Android development so even if the ROM is open source i wont be going through the code to check for leaks or potential built-in hacks.
Basically my question is, is it safe to install Unofficial ROMs such as CM unofficial? I understand, the majority of apps store sensitive data on device in encrypted way but still, i don't think it will be hard to just modify the ROM to develop a built-in key-logger OR read username/password from a username/password fields while user is typing using an on-screen keyboard, save it as LOG file and when connected to the internet, send it to the 'unknown' source. I can see so many possibilities, the user wont even have a clue that they are sharing data. it is like Microsoft making windows Open Source and people making their own versions of Windows and users installing them on thier PCs.
Please help me understand - How safe are our devices when running on custom ROMs from developers we don't even know (no disrespect to any dev, all this amazing work is appriciated, I just want to understand the security of android - Please help me understand as after flashing custom ROMs on my devices i am avoiding installation of sensitive apps or even using chrome to type my passwords) - am i paranoid ?
Cheers
Click to expand...
Click to collapse
You are paranoid but that's good!
Yes we are trusting the devs (or Samsung et al with stock) AND hopefully smart coders who regularly check the code (but I suspect checking doesn't happen a lot!). You can use a firewall/packet sniffer to check what servers your phone is connecting to and see (some) of the data being sent to reduce your risk and put your mind at ease. But still it's no guarantee, as I understand it (I'm no expert!).
---
trainsuit said:
If you get a stock android you are also trusting the developer. Just look at these lenovo laptops which had malware served on their stock windows versions. Best is to always start clean when buying any form of product.
Click to expand...
Click to collapse
That's true, but how do you define ”clean”? In theory, you could build AOSP for your device yourself so you're only trusting Google, but that's completely impractical for most people. If you just switch from stock to someone else's custom ROM, you're just changing who you're trusting.
---
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Bach_J said:
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Click to expand...
Click to collapse
Another question for you: if a ROM has malicious code that send personal information to unknown servers, is using a firewall like AFWall+ twhich blocks all system apps sufficient to prevent this malicious ROM to stole data?
Thanks
Bach_J said:
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Click to expand...
Click to collapse
Probably.
Bach_J said:
Another question for you: if a ROM has malicious code that send personal information to unknown servers, is using a firewall like AFWall+ twhich blocks all system apps sufficient to prevent this malicious ROM to stole data?
Thanks
Click to expand...
Click to collapse
No, a custom ROM could make data look like it's coming from any app it wants, or just bypass the firewall completely.
josephcsible said:
No, a custom ROM could make data look like it's coming from any app it wants, or just bypass the firewall completely.
Click to expand...
Click to collapse
Alternatively if the device is on your own network you could wireshark it using a computer and monitor IP addresses that the device attempts to connect to.
LyricalMagical said:
Alternatively if the device is on your own network you could wireshark it using a computer and monitor IP addresses that the device attempts to connect to.
Click to expand...
Click to collapse
This is helpful but not perfect. There's a bunch of ways to stealthily exfiltrate data over a monitored network, and don't forget a malicious ROM might only do its dirty work over cell and not Wi-Fi for this very reason.
josephcsible said:
This is helpful but not perfect. There's a bunch of ways to stealthily exfiltrate data over a monitored network, and don't forget a malicious ROM might only do its dirty work over cell and not Wi-Fi for this very reason.
Click to expand...
Click to collapse
I agree with you it's not a perfect solution; this question is sort of like asking if you can trust someone who has a root account to your computer when you cannot see what they are doing, it's an incredibly disadvantaged situation from the start.
LyricalMagical said:
I agree with you it's not a perfect solution; this question is sort of like asking if you can trust someone who has a root account to your computer when you cannot see what they are doing, it's an incredibly disadvantaged situation from the start.
Click to expand...
Click to collapse
I don't want to flash custom ROMs anymore! :crying:
It can be very dangerous! Or am I paranoid and I can trust xda developers?
Bach_J said:
I don't want to flash custom ROMs anymore! :crying:
It can be very dangerous! Or am I paranoid and I can trust xda developers?
Click to expand...
Click to collapse
Remember, everything I've been saying is reasons not to flash a ROM unless you trust the dev. None of it is saying that devs aren't trustworthy. I don't know of a single instance when a well-respected XDA member's ROM turned out to be malicious.
josephcsible said:
Remember, everything I've been saying is reasons not to flash a ROM unless you trust the dev. None of it is saying that devs aren't trustworthy. I don't know of a single instance when a well-respected XDA member's ROM turned out to be malicious.
Click to expand...
Click to collapse
Thank you for clarifying that but the question comes once more: how to recognize a well-respected XDA member? With the number of thanks? It is obvious that if the smartphone you are interested in is not so famous, there will be few comments on custom ROMs, too. So, how to evaluate the reliability of a xda dev who is developing ROM for not-well-known devices?
Are ROMs in Original development Section trustworthy?
Bach_J said:
Thank you for clarifying that but the question comes once more: how to recognize a well-respected XDA member? With the number of thanks? It is obvious that if the smartphone you are interested in is not so famous, there will be few comments on custom ROMs, too. So, how to evaluate the reliability of a xda dev who is developing ROM for not-well-known devices?
Are ROMs in Original development Section trustworthy?
Click to expand...
Click to collapse
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
billysam said:
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
Click to expand...
Click to collapse
Thanks for the complete explanation!
billysam said:
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
Click to expand...
Click to collapse
I've just unzipped ROM but I can't find what you said. I've only found build.prop and nothing else!
Here a screenshot:
Bach_J said:
I've just unzipped ROM but I can't find what you said. I've only found build.prop and nothing else!
Here a screenshot:
Click to expand...
Click to collapse
That's because lollipop and marshmallow ROM files are further zipped into system.new.dat files which needs another method to extract, https:\\forum.xda-developers.com/android/help/extract-dat-marshmallow-lollipop-easily-t3334117
Just a small correction. When going to aosp you I ly are trusting yourself as you can inspect everything you add and remove what you don't.
Now to add to your paranoia. A custom rom could be made that allows all apps root permission without the users knowing. Add in a Key logger and have e it all headed without you ever knowing. This is common is xiaomi and other china based devices.
Heck there are a few key parts in the playstore with built in Key loggers.
Heck most of the go apps send all their data to China. Things like their Keylogger files, screen recording and device usage. But mind you it is all legal
hi guyz(developers),
i am extremely sorry for requesting you in this way.
i have bought the phone on launching time, and i am using it till now, but guyz in every phone , some basic things which are needed to us that
a. ROOT
b. ADSAWAY
c. BusyBox
and without these features it seems that we are missing many features.
guys i know that there are two partitions why this has not been possibled till now.
but guyz we believe on all of you, and we are always thankful for that all which you are giving to us .
so guyz i am requesting you plz have a look on this concern and make it available for us..
we are always thankful to all of u. and it is our pleasure that we have got all of you with us.
Guyz plz response on this concern. plz. and thanks a lot in advance
>Lucky Patcher
Please do not use this, not only you harm developers by not giving them money, but you also can screw up Google Play services. Use Google Play rewards if you want free Google play credit.
---------- Post added at 09:57 PM ---------- Previous post was at 09:56 PM ----------
Also why should the devs listen to you? Maybe give them money and they'll have an incentive to fulfill your requests
Guyz plz
Did someone really understand what OP wants? I am lost.. We already have working root, adaway, busybox and probably also luckypatcher (haven't tried it though).
can u plz say _mysiak_ how we can use adsaway and install in BusyBox in mi a1
educationprps said:
can u plz say _mysiak_ how we can use adsaway and install in BusyBox in mi a1
Click to expand...
Click to collapse
There loads of threads here.
_mysiak_ said:
Did someone really understand what OP wants? I am lost.. We already have working root, adaway, busybox and probably also luckypatcher (haven't tried it though).
Click to expand...
Click to collapse
plz give us the procedure through which i can install them, because many time i have gone to flash them or install , but time error occurred,
educationprps said:
plz give us the procedure through which i can install them, because many time i have gone to flash them or install , but time error occurred,
Click to expand...
Click to collapse
Unlock bootloader, boot into TWRP (don't flash it), install Magisk from there, reboot to system. Enable systemless hosts in Magisk manager, install Adaway. Install busybox module from Magisk repository.
_mysiak_ said:
Unlock bootloader, boot into TWRP (don't flash it), install Magisk from there, reboot to system. Enable systemless hosts in Magisk manager, install Adaway. Install busybox module from Magisk repository.
Click to expand...
Click to collapse
thanks bro....
i did not know that magiskmask provide the module of busybox and adsaway.
thanks
Thread Closed.
Please use the search function in this forum before starting a thread in term of rooting etc.
You can find useful information in my signature too about how to search and some stuff around, XDA Rules reminder:
1. Search before posting.
Use one of our search functions before posting or creating a new thread. Whether you have a question or just something new to share, it's very likely that someone has already asked that question or shared that news.
Click to expand...
Click to collapse
Adding to this lucky patcher got no place at all in XDA so please don't post and think about it here, You have signed up to this site with agreement to forum rules.
6. Do not post or request warez.
If a piece of software requires you to pay to use it, then pay for it. We do not accept warez nor do we permit members to request, post, promote or describe ways in which warez, cracks, serial codes or other means of avoiding payment, can be obtained or used. This is a site of developers, i.e. the sort of people who create such software. When you cheat a software developer, you cheat us as a community.
Click to expand...
Click to collapse
Thanks for understanding.
Logan, XDA Moderator
Has anyone managed to get secure folder working? I can't figure out how to get it to work I've tried a few different methods and nothing works. Same goes for island. If anyone knows a solution or if there even is one lmk.
Yes, you can patch it but you need to have knowledge of smali editing and decompiling services.jar
[Mods]Samsung ¬Android Mods Collection[Exynos]
I Hope All Agree With Me And Share Guides Here. Please Feel Free To Contribute As Well. Notes: "This Thread is For Samsung Exynos Devices Only" "This Thread is Purely Meant For Custom ROM Devs / Learners" "Others Please Ignore And...
forum.xda-developers.com
Edit:
Looks like someone already made it into a magisk module. Give it a try:
SecureFolder_Magisk.zip | by Kirby Nx for -All-General-Generic-
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
ShaDisNX255 said:
Yes, you can patch it but you need to have knowledge of smali editing and decompiling services.jar
[Mods]Samsung ¬Android Mods Collection[Exynos]
I Hope All Agree With Me And Share Guides Here. Please Feel Free To Contribute As Well. Notes: "This Thread is For Samsung Exynos Devices Only" "This Thread is Purely Meant For Custom ROM Devs / Learners" "Others Please Ignore And...
forum.xda-developers.com
Edit:
Looks like someone already made it into a magisk module. Give it a try:
SecureFolder_Magisk.zip | by Kirby Nx for -All-General-Generic-
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Click to expand...
Click to collapse
i can confirm this module works,
thanks man you are life saver
ShaDisNX255 said:
Yes, you can patch it but you need to have knowledge of smali editing and decompiling services.jar
[Mods]Samsung ¬Android Mods Collection[Exynos]
I Hope All Agree With Me And Share Guides Here. Please Feel Free To Contribute As Well. Notes: "This Thread is For Samsung Exynos Devices Only" "This Thread is Purely Meant For Custom ROM Devs / Learners" "Others Please Ignore And...
forum.xda-developers.com
Edit:
Looks like someone already made it into a magisk module. Give it a try:
SecureFolder_Magisk.zip | by Kirby Nx for -All-General-Generic-
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Click to expand...
Click to collapse
Actually I have deleted the "original" secure folder because I though it was impossible to repair, but I actually need it and now I have installed him via the play store and made him "system app" and applied the magisk module without error, but when I open it, the screen just turn black 2 sec and the lockscreen appear.
Any way to fix it?
Or I just have to completely reinstall my firmware?
Este13_ said:
Actually I have deleted the "original" secure folder because I though it was impossible to repair, but I actually need it and now I have installed him via the play store and made him "system app" and applied the magisk module without error, but when I open it, the screen just turn black 2 sec and the lockscreen appear.
Any way to fix it?
Or I just have to completely reinstall my firmware?
Click to expand...
Click to collapse
No idea but I'd go with your second option
ShaDisNX255 said:
Yes, you can patch it but you need to have knowledge of smali editing and decompiling services.jar
[Mods]Samsung ¬Android Mods Collection[Exynos]
I Hope All Agree With Me And Share Guides Here. Please Feel Free To Contribute As Well. Notes: "This Thread is For Samsung Exynos Devices Only" "This Thread is Purely Meant For Custom ROM Devs / Learners" "Others Please Ignore And...
forum.xda-developers.com
Edit:
Looks like someone already made it into a magisk module. Give it a try:
SecureFolder_Magisk.zip | by Kirby Nx for -All-General-Generic-
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
Click to expand...
Click to collapse
that file for only A12 exynos
@go said:
that file for only A12 exynos
Click to expand...
Click to collapse
No, works on Snapdragon too
You can also use android 13 by changing the version number from build.prop
I installed it myself in z fold 3