Database Info

Submitting Patches to the Repo / Forking

Hi all!
I'm an android developer, and I regularly read the official android-dev and android-porting lists, but on all the fan blogs and from lurking here, it seems that all the good development is coming from XDA-dev!
So why don't you guys do some patch submission? Features like auto-rotating browser and the transition animations should really, really be in the main source, but the official Android team have their thumbs up their asses in regards to UI/polished stuff.. (I bet they're too busy working on the lower level cellular stuff and the ARM-generating stuff like in the *flinger libraries).
So you guys should make some patch submissions over at (http://source.android.com/submit-patches)!
That way, the next RC will have all of these lovely features you guys have implemented.
((Or, alternately (but more ambitiously), fork the entire codebase. Strip out the DRM and add a framework for native code execution. Perhaps that's a pipe dream, though..))
Thoughts?

I think forking the Android source would be a very nice touch, if Google doesn't pull it together. We could still add on to stuff from the official code, but add on all the special stuff that Google refuses to (they've said they won't add the ability to change CPU speed, etc).

Oh, absolutely, there would be numerous advantages to having a fork. It should definitely be discussed! I'm afraid that Google may be trying to exert too much control on their platform in ways that we don't always want, so there is nothing legally to stop us from forking and maintain a more badass tree. GitHub could provide the hosting.
Of course, it might be a waste of effort. If you submit the badass patches, then the good features here go out into all the phones in the next versions. Work on the fork, and only the selected users who are able to flash their own phones can use it, unless some Chinese companies start using it or something like that.
Names?
XanDroid? I'd rather like to see Mandroid with in a slick black theme..

Well to me it seems like the only people doing cool things right now with android have rooted devices
So why cant you ***** a little on google lists to make them actually do some work. The Roadmap @ http://source.android.com/roadmap is a joke. Either they give us root or they start working imo. =)

Seanambers said:
Well to me it seems like the only people doing cool things right now with android have rooted devices
So why cant you ***** a little on google lists to make them actually do some work. The Roadmap @ http://source.android.com/roadmap is a joke. Either they give us root or they start working imo. =)
Click to expand...
Click to collapse
Do you think that the release of the new unlocked Dev phones will change things?

Yeah it'll most probably shake things up a bit, however what about all those that already have a g1?
I for sure isnt buying a new phone to get root.

But even so, we're still talking about modifications to the OS and the packaged applications, which would be released in the next RC version, so even non-root users would get the features in the next update, along with anyone running Android on something besides a G1.

my .02
Id say submit some of the things found here and see what goog does with it, if they openly add these things that need root at this point and let xda dev participate in the OS with such submitions...then cool thats how open source works best, when anybody can add to the project, a phone OS utopia
If they ignore it then, a fork is the way to go but give google a chance to do the right thing first before, just leaving them in the xdadevs dust with a custom distro...

bhang said:
Id say submit some of the things found here and see what goog does with it, if they openly add these things that need root at this point and let xda dev participate in the OS with such submitions...then cool thats how open source works best, when anybody can add to the project, a phone OS utopia
If they ignore it then, a fork is the way to go but give google a chance to do the right thing first before, just leaving them in the xdadevs dust with a custom distro...
Click to expand...
Click to collapse
Google has refused to add multiple features. They feel that they aren't necessary, or that your average consumer wouldn't want it (main thing I can think of atm is CPU speed).
If they don't add the features we request, simply because *they* don't like them, then a fork would get us exactly what we want/need. After we fork it, and the number of users using stock Android plummet, maybe they will listen .

I see a problem with forking... who says what is allowed and not allowed? That is the main problem. Now if you wanted to just add an app that would be one thing but there is not going to be an easy way to do this.

Gary13579 said:
Google has refused to add multiple features. They feel that they aren't necessary, or that your average consumer wouldn't want it (main thing I can think of atm is CPU speed).
If they don't add the features we request, simply because *they* don't like them, then a fork would get us exactly what we want/need. After we fork it, and the number of users using stock Android plummet, maybe they will listen .
Click to expand...
Click to collapse
Given the number of G1s with modified fw installed compared to the total number of sold units, I somehow doubt the number of users is going to plummet.
IMHO it would be a needless fork unless some new or considerably modified features were planned. Better to just patch the functionality into the official builds, if at all possible.

I'm not convinced by that logic. There would be an important difference between a fork and patched versions of the firmware, as a fork would have a totally different design philosophy. Whereas Android is focused on speed (or whatever the hell they're concentrating on..but to be honest, I think they're dicking about over there), Mandroid could have more focus on polished features and low-level access. ((And! No DRM, and I'd like to see some more security features..ZRTP?))
Either way, I think it's really important for the success of the open future of phones that the open source community take and give back. There's no need for the back-and-forth like with, say, PSP-cracking as we have the source code and we are allowed to do whatever we like with it. If we just keep patching what they give us and keeping the modifications closed, then we aren't really in control.
As for project management, I'm absolutely sure there are people who are capable of maintaining an active open-source project such as this, as long as there is a well-thought out design philosophy. I'd love to be involved, if enough people are willing to give it a shot. But, first, it'd be easier just to submit patches.

Miserlou! said:
PSP-cracking
Click to expand...
Click to collapse
PSP cracking is insanely different. If you were in that scene, does my name look familiar ? Was net admin at toc2rta/malloc, admin of psp-hacks.com, worked with a lot of people on a lot of stuff that I barely remember as it was years ago .
But for the PSP, we were working with a system we knew nothing about. So yes, Android would be a lot simpler to work with. But if Google doesn't listen to us, it's not like it would really matter.

neoobs said:
I see a problem with forking... who says what is allowed and not allowed? That is the main problem. Now if you wanted to just add an app that would be one thing but there is not going to be an easy way to do this.
Click to expand...
Click to collapse
Android is licensed by both the Apache Software License (do whatever you want with it) and the General Public License (do whatever you want with it as long as you make the source code available for others). We are certainly allowed to do this, but the problem lies with the G1 owners running the official RC30. They wont have the rights required to flash the image which leaves them out of the party.

2 words
The community(did I spell that right?)
Bhang

Datruesurfer said:
Android is licensed by both the Apache Software License (do whatever you want with it) and the General Public License (do whatever you want with it as long as you make the source code available for others). We are certainly allowed to do this, but the problem lies with the G1 owners running the official RC30. They wont have the rights required to flash the image which leaves them out of the party.
Click to expand...
Click to collapse
I meant who is going to the be decision maker of what features will be added... The Community as a whole? What about some that want it but only 25% of the community wants it?

neoobs said:
I meant who is going to the be decision maker of what features will be added... The Community as a whole? What about some that want it but only 25% of the community wants it?
Click to expand...
Click to collapse
That's what project leads are for. And hypothetically when enough people are dissatisfied with the xda-dev fork they will go and create their own fork. Except I don't think there is any real argument yet to go and create an xda-dev fork in the first place. Forking an operating system meaningfully is not a weekend project for a single person.

I have said it before, let's give them a bit more of a chance, a fork isn't something a guy can do in a weekend.
So let's see what happens in RC3X, the next release will give folks a bbetter idea of where their heads are at. If enough of the community is unhappy there will be a fork
Bhang

[Q] Android and "Openess"

While I know this might not be the greatest place to put this here, and I'm not trying to start any flame wars, but I figured because this topic implies the bettering of our phones, I thought I should put this here.
With the recent Google affair about not releasing the source code on Honeycomb, how open can we expect Android to be? Technically speaking, the only open thing about Android is the app store, and even that has seen better days.
While some people think that Google is doing this just because they feel like it, I honestly believe that they rushed somewhere and need to patch the hole before more malware-like apps enter the app store and wreak havoc on Honeycomb.
So I leave the question here, what do you guys think about this whole ordeal, and has this effected your views on Google in anyway?

They will release it
Sent from my GT-P1000 using XDA App

They have to release it, it is open source.

liorweitz said:
They have to release it, it is open source.
Click to expand...
Click to collapse
No they don't if they dont want to!
Go and read up on the Apache Software Licence, which Android is licensed under.
That being said, I fully expect Google to release the source code when they are good and ready.
Regards,
Dave

I also believe that they abuse the term open, anyway.
Sent from my Droid using XDA Premium App

Protocol 7 said:
I also believe that they abuse the term open, anyway.
Click to expand...
Click to collapse
Openness means, among others, that you can grab sources, close them and release only binaries. Otherwise it would be copyleft, not true openness.

Are we (ROM Flashers) Idiots?

This writer seems to think so.
http://www.theverge.com/2012/2/16/2801916/home-baked-roms-its-going-to-blow-up-sometime-soon
Actually he makes some valid points (and I use a Custom ROM myself).
Absolutely ZERO disrespect intended to the ROM developers here --- we should appreciate their very hard work and opening our devices up to so many other options and enhancing performance.
But after reading this article, what do people think about the safety of ROM flashing .... not in terms of bricking the device (we all know the risks), but in terms of:
A) Unintentionally opening the device up to exploits due to poor coding etc
B) A rogue developer intentionally exploiting to capture data for profit
Are you comfortable doing bank transactions on a rooted android device w/ custom ROM?

Interesting question
I have never even thought about what I do and don't do on my custom devices.
Forget the internet banking etc, there's also the entire gamit of email, social sites, work email etc etc
Just as well I trust you all!

This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!

I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"

Hmmm -- I had never considered that banks would block it -- have not tried yet. You make a good point about what remains on the device later -- at a minimum clearing browser history is a good idea -- but even that could be circumvented with a devious enough approach.
[email protected] said:
This is definitely a concern......
Here in Korea though, the banking apps do not allow you to use them with a rooted device.....So each time, I have to unroot my device in order to do banking.
I do not know, however, if once I root again it would give the developer or hackers access to that data......
Something to think about as well though!
Click to expand...
Click to collapse

I agree. From what I have seen most of the "advanced" posters here dismiss antivirus packages as a waste of time and money and they could well be right. Still I have not been able to find any real discussions on the risks the article I posted raised. It would be great if some of the more "expert" members here could offer their views.
I am loving my rooted G-Note with custom ROM ---- but I do not really have confidence in Android and its various hacks yet. Unfortunately the alternatives are rather poor.
gentle_giant said:
I realized: I never looked for an app that investigates security issues on a smart phone.
perhaps someone with knowledge in this field can give a few hints to usefull apps?
and yes, "I am with stupid too"
Motorola Defy+ with Quarx's CM9 nightlies and most of the time I still have no clue to what I am doing precisly.
But on the bright side: I do not use my phone for banking, there's nothing to "bank around"
Click to expand...
Click to collapse

I would say I agree and disagree with the article.
For me personally, when I decide to get all flash happy with my Android devices, I tend to not put any information regarding banking or credit cards. Logically, at least to me, the concerns sited in this article do occur to me. Then again, to be honest I do not put any of this information on my non jail broken company secured and encrypted I phone either. Call me paranoid.
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer

I have been thinking about this ever since I've rooted my phone and flashed the first custom rom...
-and I still don't have a real answer.

Thats why I prefer stock ROM

finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong

Ever heard of pdroid? Droidwall?

reversegear said:
finally its your (user) wish, weather to use custom rom or stock rom.
none of the developers are forcing to use their custom rom.
rom development is hobby,passion, and part-time for some of developers.
my few words.pls correct me if I'm wrong
Click to expand...
Click to collapse
You are not wrong, but you are definitely off topic.

This is so one sided. You can say the same about any OpenSource program with small userbases. Take any little Linux Distri, any small OSS and you get to this problem quickly. Most of us can't review the source code properly so we have to rely on others. But at least you CAN rely on someone. You can't rely on anyone at closed source programs.
That's why you use Truecrypt for encrypting your hard drive and not Bitlocker, that's why you should use a Linux Distri and not Windows and that's why i use OpenSource ROMs and not the closed source StockRoms and even try to have as much OpenSource Apps on my Phone as possible.
Just my 2 cents.

He has the points and those are sorely his.
Calling other ROM flashers idiots is ridiculous and not very nice. In fact, based on what he typed, he seems to be an idiot himself.
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Now I'm going to the very nice, high educated area, I choose to lock the car, put the steering-wheel lock on. Again, it's my choice. Home wireless network, I choose to set the password or not, it's my decision. I understand the risk of not doing that. And if I choose not to do that, it doesn't make me an idiot.
Next, not all baked ROM are based on leaked official one. CyanogenMod team is well-known and they based on the Google source code, ASOP, not a leak one from vendors.
So, if ROM flashers realize what source they use, they're all set.
Writing a long article with just one-minded lopsided thinking like this is pretty lame.

an0nym0us_ said:
Ever heard of pdroid? Droidwall?
Click to expand...
Click to collapse
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Droidwall: from what I understand from it it is a kind of fine-tuning of your data traffic. Pdroid goes much, much further and I would prefer it.
A real shame I'm not a developper/programmer and also very happy with my custom ICS ROM.....
On the bright side; I like tweaking but not social networking or any other more "dangerous stuff" Just like I'm used on my PC.

I've never bothered with a custom ROM, partly because I just realise that pretty much everything I could do with a custom ROM, I can do manually with a rooted phone. I don't like to install a package of software someone else thinks I should use, I prefer to pick and choose the stuff I want. Security concerns never really bothered me, I don't care too much about the security of my phone (I guess maybe some people would be annoyed at me if my contacts were stolen or something, but other than that there isn't really anything I care about on my phone). I never do online banking etc. on it, but that's just because that's something I do very rarely and only do when I'm at a computer anyway.
gentle_giant said:
Pdroid: looks very promissing but you need to be a programmer and only for Gingerbread.
Click to expand...
Click to collapse
You don't need to be a programmer. All you do is get your ROM zip, run the PDroid patcher on the ROM zip, it'll give you a patch zip, flash the patch zip in recovery, install PDroid from market. And I think there are unofficial ports to ICS possibly.

Doesn't stop me from flashing custom ROMs.
Oh well...?
Sent from the future.

I though the article itself was a bit sensationalistic but at the same time I think changing the ROM in a system (not to mention giving root permissions to apps) is a lot more potentially intrusive than downloading apps from Itunes or Gplay.
Anyway I like my custom ROM setup but I sort of feel like I am whistling in the dark at times. I think a lot depends on how sophisticated we are as users.
Case in point:
When I flashed my ROM for the first time, I freaked out seeing a bunch of Chinese names every time I made a call to certain numbers. The good thing about XDA is if you search you can find anything about ROM issues and in this case I learned that this was due to the developer using the contacts part from the leaked Chinese ICS and it had something to do with a "Phone locator service" that could be disabled. Ok so I disable and go back to whistling in the dark --- but I have not been able to learn what the phone locator service is in the first place or WHY i had Chinese names showing in my calls.
As a relative Noob I can follow instructions from most of the generally well written instructions on XDA and not get into trouble --- but (rhetorically) do I really understand the background issues and risks with some of these things?
What is this phone locator service anyway? Why the Chinese Names and Locations in the call indicators?
mcord11758 said:
Where I disagree with the article is in the insinuation that using a stock ROM with apps downloaded from let's say th he iTunes store is really much more secure. If a baked ROM can be pulling information behind your back, and somehow bypass security measures written into a banking app, why could not a fart app some momo downloads to be the life of the party do the same?
Flyer
Click to expand...
Click to collapse

Well you are right that we are all responsible for our own choices. I just think it is better for all that people can make as informed as choices as possible. That is why discussions like these can be good (even if the article was inflammatory).
To extend your analogy, maybe you think it is your choice to leave your car unprotected. But maybe your insurance company will disagree and try to teach you better? Maybe the police inform you to secure your car because you make more work for them when your car is stolen?
So as a car driver it is your choice, but many might argue that the community of car drivers needs to be educated on the risks of their behavior so that they can make more informed decisions. Then you benefit and the community benefits (keep insurance rates down, free up police resources etc.)
I hope I made sense
votinh said:
Now to other Rom flashers, as long as then understand the risk of doing so, they entitle and fully responsible for their actions, no need to teach them.
Security issue? I drive a car to a bad area, get off, windows still lower, not even care to lock the car. That is my choice.
Click to expand...
Click to collapse

I'd rather take the risk and enjoy life than sit on the sidelines. Considering that all smartphones have vulnerabilities, stock or no, I'll take my chances. I also have a bit of faith left in humanity in general and more so some in communities like XDA and Rootz where the general idea is clearly that these are places for everyone to contribute to everyone else, not to come in and scam.
Let's be real: if someone comes through here and drops something that ends up defrauding other for every person involved in coding the malicious item there are ten more capable devs who will have the motivation to take them to task in most unpleasant ways. I, for one, would not put my butt on the line by choosing a dev forum to release or market my malware.

[Q] Opensource

Would you be willing to make this project opensource for further development?

brotoo25 said:
Would you be willing to make this project opensource for further development?
Click to expand...
Click to collapse
No

alephzain said:
No
Click to expand...
Click to collapse
OK, are you willing to share the source with others?

brotoo25 said:
Would you be willing to make this project opensource for further development?
Click to expand...
Click to collapse
alephzain said:
No
Click to expand...
Click to collapse
k1mu said:
OK, are you willing to share the source with others?
Click to expand...
Click to collapse
@alephzain: Framaroot is, as I'm sure you're aware, a great, handy, easy-to-use app. I was able to root my Nokia X with it, and I'm truly grateful for you for creating the app. Yet at the same time I'm quite dumbfounded by this.
The Framaroot forum section is listed under "XDA Community Apps", although I don't understand how an app can be a "community app" if the community can't do as much with it as they should be able to. I'd have understood the decision to keep the source closed if this were a paid app, but it's not, and you already have a donation app on Google Play Store which enables people to donate to you as a way of saying "thank you for all your hard work and effort for putting this app together!".
Closed source is counterproductive and I'm sure that I'm not the only person out there who is always somewhat suspicious of closed-source tools; yes, you're a trusted developer and you're probably not going to steal my data/brick my device/burn down my house, but I can't be 100% sure if I'm not able to review the source and maybe even compile it myself.
You seem like a sensible person, so I'd request you reconsider this decision and weigh the positive and negative aspects of it.

If this was OpenSourced i'm sure the (exploits) would be patched by OEM's .
Then no root for you.
There are things that its better to keep closed source.. ( very few)
Root exploit methods are one of those things.
Regards

superdragonpt said:
If this was OpenSourced i'm sure the (exploits) would be patched by OEM's .
Then no root for you.
There are things that its better to keep closed source.. ( very few)
Root exploit methods are one of those things.
Regards
Click to expand...
Click to collapse
You give the OEMs too much credit. Sure, they might be interested in fixing flaws in their recent high-end/flagship devices, but older and/or discontinued devices -- such as the Nokia X, which I own and which is vulnerable to CVE-2013-2595* -- are extremely unlikely to receive such patches which'd have an impact on the rootability of the device.
Koushik Dutta wrote a free and open source Superuser management app. The app's README file answers the question, "Why another Superuser?" with multiple points, of which the first and most important is: "Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security". The same goes for unofficial ways to gain root access in my view.
* There is a GPLv3-licensed implementation of CVE-2013-2595 for several devices running a Qualcomm SoC, and it's been there for almost a year, so no matter how closed Framaroot stays (which I hope it won't), OEMs have been an opportunity to "fix" this "issue", but I'm not sure how many chose to fix it. In any case, the Nokia X -- which is what I care the most about, given that it's my Android device of choice for the time being -- is vulnerable to it and as such, I'd like a FOSS rooting tool built around this exploit. Framaroot is capable of rooting the Nokia X, but Framaroot is not FOSS (yet) and I unfortunately lack the relevant Android NDK experience, so I'm not able to build a "clone" on my own, and I haven't found anyone willing to build such a tool.
Security through obscurity isn't security, no matter how hard you try to tell yourself that it is.

How can we trust Custom ROMs?

I have been a fan of installing custom ROMs, root and other mods to my phones since I first owned an Android phone, which was a Sony Xpera Z3 Compact.
Back then I didn't care so much about security, because I was thinking 'What, are they gonna steal my Instagram account?'. But as I grew older the situation got more complex and now I feel the need to feel secure while using a ROM, which is almost never these days. So here are my reasons:
- Custom ROM developers have the exact same device as we do, so if they wanted to exploit it, they would exploit the hell out of it and get their hands on everything we have. (Looking at you, MIUI port)
- Some ROMs come with SELinux disabled which is a problem in itself, I believe.
- Even apps like Magisk, although they're open source (well, most of them) who knows what they're doing in the background.
- It is fairly easy to install a keylogger built into a custom ROM, how do we know that we are already not compromised a few times?
Am I being paranoid here? Or does everyone just want to install their flashy mods and get on with it, like I used to back in the day?
I would love to hear all of your opinions on this!

interesting thoughts and it's always good to be a little concerned about security and privacy!
for custom roms i think in general they tend to be more secure than most stock roms. especially when they have OFFICIAL status - you often get faster updates or updates at all if you have an older device.
unlike big company's, the developer of these roms do it for fun and in general don't have economical interest. so why would they want to steal data/insert backdoors or whatever? thats something company's and governments are interested in...
what i see is that these devs usually check exactly what's happening inside a ROM and a more likely to remove/block suspicious apps or whatever.
also custom ROMs are always open source, aren't they? so everyone can check what's happening... same like Magisk and stuff. everyone's gonna see it if you are trying to steal people's data or something.
i personally trust ROMs based on Lineage OS more than any other stock ROM because they're developed by normal people and not by greedy company's...
although im using MIUI right now because its comfortable but i don't really trust them chinese stuff in terms of data security

merlin.berlin said:
also custom ROMs are always open source, aren't they? so everyone can check what's happening... same like Magisk and stuff. everyone's gonna see it if you are trying to steal people's data or something.
Click to expand...
Click to collapse
First off, thanks for sharing your thought on this. Second, that's been a long time debate, whether open source software is really secure or not. Because although the source of the code is open for inspection, especially in small projects - like device specific projects, many of the security threats and bugs go unnoticed. Of course I trust Magisk, because it is open source AND many Android enthusiasts know about it to a level.
But when it comes to custom ROMs, if you actually check the forum, most of them aren't open source. Hell, we don't even know where they're coming from in some cases (MIUI, EvolutionX etc...). Well, I agree with the Official custom ROMs, because most of the time they're open sourced. But you need to be aware that especially the MIUI ports on this forum, are grabbed from Russian forums. So now (I'm not accusing anyone here), possibly the Russians (4pda), Chinese (Xiaomi) and feds (lol) can reach your data.

I share these concerns. I don't understand why xda doesn't have a policy of not allowing custom roms which don't display their origin/source. Miui mods, Gapps I never use. Bottom line is that with all data collection and spying going on through devices one can only protect her/himself based on personal knowledge and level of concern. And official vs. unofficial is a non issue.

Well, shortly - they aren't secure and you can trust them as much as you trust a person behind them, which you probably don't know well - means not much. And even if there is no bad will from trustworthy community member, you still have to trust that they weren't hacked and let's be honest - big companies are being hacked fairly regularly, let alone hobbyst xda developers. Considering the small user base of the roms, in 99% cases nobody would even realize any malicious stuff happening.
Definitely most stock roms are more secure than custom roms. BUT. Then comes privacy. On stock roms, google, and in most cases phone manufacturer harvest virtually all your data and everything you do, so the only plus here is that you may believe that it will never leak. For me it's not better at all.
At this moment probably the best you can get is a custom rom from trustworthy project with big userbase and many eyes watching - Official Lineage OS builds or one of the few serious privacy focused projects.

Hey,
as somebody who has published ROMs here I really wanted to share my thoughts on this.
First of all, you are right on having concerns about the security of custom ROMs.
There are essentially two types of security at stake here: One is the security of your device, if a third person gets physical control over it. Here, the case is quite clear: The moment you unlock the bootloader, an attacker with physical access to the device will be able to flash anything he wants and essentially circumvent any locking mechanism you have in place. Encryption would help, but implementing properly in a custom ROM and still keeping the functionalities users like about custom ROMs (e.g. easy switching between them, proper updates without the need for OTA) is quite difficult. In short, if you want to prevent anybody who might access your phone physically from gaining access to your data, keep stock ROM and boot loader locked.
The second type is data security and privacy, which was treated in OP. And OP was right, that there is a possibility of adding nearly anything to the code. I am speaking for myself right now, but I guarantee you, that I have never added anything to the ROM code (which for all AOSP ROMs needs to be public, any single line can be reviewed), device tree (public on github as well) or kernel (needs to be published as well). I know, it is my word to be taken here and there is nothing preventing e from lying (because I could add local changes to the code that are never made public). And there is a lot of faith involved, which is why I started building my own ROM. So if anybody feels uncomfortable with installing a ROM that potentially could contain malicious changes, it is better to stay on the stock ROM. On the other side though, the probability that devs like me, that do this essentially for fun and because they want more features and better experience than stock has to offer on their own phones, will invest the time to add a keylogger or other malware to than exploit maybe 10 or 12 people that will actually run the ROM, is quite low imho. Xiaomi, Huawei (or any other company) might be forced by some government to install backdoors or reveal userdata as well. It essentially boils down to trusting the open source community and a dev or trusting some corporation. I honestly do not have an easy answer to this and it probably differs for each person.
As why some ROMs (including my AOSiP 10) run with SELinux on permissive: SELinux enforcing is tricky. If the policy is written poorly, it will prevent your phone from booting or block essential features. And although I am quite android and linux savy and can write my own code, getting SELinux right is still a challenge. On Pie we had an experienced dev like Offain who essentially did it for most others as we used his trees, but for Ten we are still trying to get the devices working to their full extent on a never kernel version (4.9 instead of 3.18). SELinux has a lower priority for me, although I definitely want to make it enforcing as soon as possible.
The example of the kernel is a good point though why I think that custom ROMs can be more secure than stock if you are ready to trust the devs: Most of us use a newer, more up to date kernel than Xiaomi with upstreamed security patches, provide Android security patches earlier than Xiaomi and probably will continue to do so even when for Xiaomi the device will have reached EOL. At the moment, stock probably is the safest in terms of integrity, although it lacks features and is not quite up-to-date. But I have found on any device I owned, that keeping it somewhat up-to-date after official EOL through custom ROMs was a very important part of being able to use it longer than its intended life span.
Long story short: I guarantee you all that I am not interested in your private data and will not try to extort you or sell your credit card information or whatever... If there are bugs and vulnerabilities they are absolutely unintentional and I will try to fix them to my best knowledge if I am made aware of them. Anyway, please think critically and feel free to make the decision you feel best with.

opal06 said:
Hey,
as somebody who has published ROMs here I really wanted to share my thoughts on this.
First of all, you are right on having concerns about the security of custom ROMs.
There are essentially two types of security at stake here: One is the security of your device, if a third person gets physical control over it. Here, the case is quite clear: The moment you unlock the bootloader, an attacker with physical access to the device will be able to flash anything he wants and essentially circumvent any locking mechanism you have in place. Encryption would help, but implementing properly in a custom ROM and still keeping the functionalities users like about custom ROMs (e.g. easy switching between them, proper updates without the need for OTA) is quite difficult. In short, if you want to prevent anybody who might access your phone physically from gaining access to your data, keep stock ROM and boot loader locked.
The second type is data security and privacy, which was treated in OP. And OP was right, that there is a possibility of adding nearly anything to the code. I am speaking for myself right now, but I guarantee you, that I have never added anything to the ROM code (which for all AOSP ROMs needs to be public, any single line can be reviewed), device tree (public on github as well) or kernel (needs to be published as well). I know, it is my word to be taken here and there is nothing preventing e from lying (because I could add local changes to the code that are never made public). And there is a lot of faith involved, which is why I started building my own ROM. So if anybody feels uncomfortable with installing a ROM that potentially could contain malicious changes, it is better to stay on the stock ROM. On the other side though, the probability that devs like me, that do this essentially for fun and because they want more features and better experience than stock has to offer on their own phones, will invest the time to add a keylogger or other malware to than exploit maybe 10 or 12 people that will actually run the ROM, is quite low imho. Xiaomi, Huawei (or any other company) might be forced by some government to install backdoors or reveal userdata as well. It essentially boils down to trusting the open source community and a dev or trusting some corporation. I honestly do not have an easy answer to this and it probably differs for each person.
As why some ROMs (including my AOSiP 10) run with SELinux on permissive: SELinux enforcing is tricky. If the policy is written poorly, it will prevent your phone from booting or block essential features. And although I am quite android and linux savy and can write my own code, getting SELinux right is still a challenge. On Pie we had an experienced dev like Offain who essentially did it for most others as we used his trees, but for Ten we are still trying to get the devices working to their full extent on a never kernel version (4.9 instead of 3.18). SELinux has a lower priority for me, although I definitely want to make it enforcing as soon as possible.
The example of the kernel is a good point though why I think that custom ROMs can be more secure than stock if you are ready to trust the devs: Most of us use a newer, more up to date kernel than Xiaomi with upstreamed security patches, provide Android security patches earlier than Xiaomi and probably will continue to do so even when for Xiaomi the device will have reached EOL. At the moment, stock probably is the safest in terms of integrity, although it lacks features and is not quite up-to-date. But I have found on any device I owned, that keeping it somewhat up-to-date after official EOL through custom ROMs was a very important part of being able to use it longer than its intended life span.
Long story short: I guarantee you all that I am not interested in your private data and will not try to extort you or sell your credit card information or whatever... If there are bugs and vulnerabilities they are absolutely unintentional and I will try to fix them to my best knowledge if I am made aware of them. Anyway, please think critically and feel free to make the decision you feel best with.
Click to expand...
Click to collapse
exactly, we don't need your data, just why we would want it. additionally, as you said, all is open sources so OP can check all. everything was written here, perfect answer

opal06's post is right on the money as explanation to what security can mean for rom/device. No need to be defensive though, trust in developers is the only thing that keeps the custom roms community going and I've been using them since Gingerbread.
On the other hand, I must say, custom roms that come pre-loaded with all bells and whistles from Google diminish the trust factor.

celrau said:
On the other hand, I must say, custom roms that come pre-loaded with all bells and whistles from Google diminish the trust factor.
Click to expand...
Click to collapse
How come ? Could you explain that ?

marstonpear said:
How come ? Could you explain that ?
Click to expand...
Click to collapse
I guess what he means is that Google is notorious for grabbing any bit of data and having a custom ROM preloaded with Google stuff diminishes the need for installing it ib the first place, as it will have the same privacy concerns regarding Google as stock has. In general, Google's involvment into Android is a reason for concern to many, myself included. But there are very few ROMs that actually try to be privacy focused and get rid of Google entirely, although the situation can be improved by using MicroG services instead of GAPPS. They already work on many ROMs

opal06 said:
I guess what he means is that Google is notorious for grabbing any bit of data and having a custom ROM preloaded with Google stuff diminishes the need for installing it ib the first place, as it will have the same privacy concerns regarding Google as stock has. In general, Google's involvment into Android is a reason for concern to many, myself included. But there are very few ROMs that actually try to be privacy focused and get rid of Google entirely, although the situation can be improved by using MicroG services instead of GAPPS. They already work on many ROMs
Click to expand...
Click to collapse
I was half way through typing pretty much the same thing when I noticed your post, that's exactly what I meant. One more thing, some people really need Gapps (i.e. for some banking apps) but they should install them themselves as opposed to providing custom roms with Gapps preinstalled.

Thank you guys for sharing your thoughts on this! I believe all we can do is trust our devs with our info and devices and as a paranoid user, I believe I won't be able to do that, so I'll stick to stock ROMs for our device. But I also believe this has been very helpful for other users who want to try custom ROMs and if they're not as paranoid as I am, they can safely use the open-sourced/official ROMs in the forum. Cheers.

marstonpear said:
Thank you guys for sharing your thoughts on this! I believe all we can do is trust our devs with our info and devices and as a paranoid user, I believe I won't be able to do that, so I'll stick to stock ROMs for our device. But I also believe this has been very helpful for other users who want to try custom ROMs and if they're not as paranoid as I am, they can safely use the open-sourced/official ROMs in the forum. Cheers.
Click to expand...
Click to collapse
I wouldn't call it being paranoid, I think it's very sane.
I agree and have similar view on that, but please ask yourself a question - how much you trust Xiaomi and their security measures? Because in terms of privacy it's obvious that nothing worse than Xiaomi plus Google can happen to you. If you're really what you call "paranoid" you should rather get a device with official Lineage OS support that you would download directly from their servers or systems mentioned here: https://www.privacytools.io/operating-systems/#mobile_os

Thread closed at OP request