Related
Hi all,
I have few questions in mind
1) How dev(XDA dev or others) release custom ROM's so soon before manufacture releasing the updates ?
2) How many developers work on cyanogenMod(or any other custom ROM) to a perticular device (say moto g)
3)How Dev get profit from releasing custom ROM's
4)Most importantly, whether cyanogenMod ROM containts the exact same code as google release( whether dev add any code to google release of Android code) ??
Thanx for any Answers !!
1) Devs are able to release custom roms before actual release because they port an os from another phone in this case the Nexus 5 and the Moto X are the easiest to port since they are close to home. Then they modify to work for a certain phone . in this case our beloved moto g
2) Well it depends on the developer support some roms can have as many as 20 people working on it and a few brave souls take a crack at it solo. However a popular phone like the moto g has a lot of dev support so you wont see many solos trying to build a rom.
3) Actually people believe that devs make money off of the custom roms they make but this is not the case devs take out thier own business are personal lives to make these roms for us. However most devs have some sort of PayPal account that u can donate to to show your appreciation
4) Your right its the same code as google however its heavily modified that's why it's called a mod but if your looking for a rom that's close to stock CM is your best bet.
Sent from my XT1031 using XDA Premium 4 mobile app
roshu10 said:
Hi all,
I have few questions in mind
1) How dev(XDA dev or others) release custom ROM's so soon before manufacture releasing the updates ?
2) How many developers work on cyanogenMod(or any other custom ROM) to a perticular device (say moto g)
3)How Dev get profit from releasing custom ROM's
4)Most importantly, whether cyanogenMod ROM containts the exact same code as google release( whether dev add any code to google release of Android code) ??
Thanx for any Answers !!
Click to expand...
Click to collapse
1) QA isnt a thing for us. moto has millions of customers they need to pass certifications and do very in depth testing to make sure things dont just break. custom roms are community hacks of lets see what works and what doesnt.
2)Thats a tough question, out the gate, cm and teh like dont just work on devices or assign people to them unless they are big tickets like the s5/m8/g3 etc. usually someone who has the device steps forward and works on a rom and then submits it to be made official, or the owners pitch in and try to get someone who will do that for them a device. in my experience there tends to be a few people who do the device tree bringup and then all the other roms just use those files and run a few commands.
3) LOL. The only time i have seen teh likes of profit is if you are a kernel dev and people are chipping in money to help get you the latest device they own so you can work on their device and abandon the old one. Root people occasionally get bounties but even most of that is a sham, most bounties end up getting 35-60% of the total amount pledged. roms and recovery tend to net the least IMO, on average i get about 5-10 bucks a month depending on how many devices i port recovery to, make a custom kernel or give root to.
4) Nah CM is very different than AOSP, lots of hours worth of work have gone into making it what it is today.
After purchasing my Oppo F1f have been keeping an eye on xda forums every day since i bought it around may. Im quite suprised at the way this device has been handled on xda forums, never have I seen such problems between people over development of this phone its ridiculous and suprising for xda forums to even see it. I've had numerous devices over the years and always had a respect for xda being the best site for information quides downloads etc, but with the f1 all iv seen is people complaining, holding back information, not releasing any links or anything, I understand the time and work that goes into development but doesnt mean this has to be so hard, people are simply interested in making the device better, root, fastboot, everything has been released, project spectrum is now easily available, work has been done on Github related to building cm13 for the oppo f1, yet still nothing has progressed due to lack of information there is already a working cm13 but it has been hidden from users almost for god knows what reason, then when someone tried to be helpful and got hold of a link, it turned into a big deal and had to be taken down, i dont understand this fuss over development of the oppo f1 understandable people want to claim rights to development etc but for others its just about the device its self and making the most out of it, isnt that what xda developers is all about, being able to know everything about your phone and know how to do everythig to bring it to its full potential, i think this site is excellent one of a kind, but this complaining about this device and then hearing users complain that they should be focusing on the f1Plus no the F1, seriously what has happened here have some rerspect for the device its self, release information that will help other users and developers out there, and stop using this oppo f1 thread as a source of b***chiness and complaints, this is a amazing phone with great hardware and potential we have bootloader unlocked now we have fastboot we have root we have a aosp rom available why has nothing happened?
stevewq said:
After purchasing my Oppo F1f have been keeping an eye on xda forums every day since i bought it around may. Im quite suprised at the way this device has been handled on xda forums, never have I seen such problems between people over development of this phone its ridiculous and suprising for xda forums to even see it. I've had numerous devices over the years and always had a respect for xda being the best site for information quides downloads etc, but with the f1 all iv seen is people complaining, holding back information, not releasing any links or anything, I understand the time and work that goes into development but doesnt mean this has to be so hard, people are simply interested in making the device better, root, fastboot, everything has been released, project spectrum is now easily available, work has been done on Github related to building cm13 for the oppo f1, yet still nothing has progressed due to lack of information there is already a working cm13 but it has been hidden from users almost for god knows what reason, then when someone tried to be helpful and got hold of a link, it turned into a big deal and had to be taken down, i dont understand this fuss over development of the oppo f1 understandable people want to claim rights to development etc but for others its just about the device its self and making the most out of it, isnt that what xda developers is all about, being able to know everything about your phone and know how to do everythig to bring it to its full potential, i think this site is excellent one of a kind, but this complaining about this device and then hearing users complain that they should be focusing on the f1Plus no the F1, seriously what has happened here have some rerspect for the device its self, release information that will help other users and developers out there, and stop using this oppo f1 thread as a source of b***chiness and complaints, this is a amazing phone with great hardware and potential we have bootloader unlocked now we have fastboot we have root we have a aosp rom available why has nothing happened?
Click to expand...
Click to collapse
Have some respect. A lot has happened behind the scenes. CM13 has been built and mostly works great but there are issues with the RIL (radio interface layer) that means no sim is recognised so no working mobile data or phone calls. Nothing is being hidden, the cm13 kernel, device and vendor trees are all available on git and can be built by anyone with the know how to do it. @uberlaggydarwin and a few others have been working hard to get that fixed and merged into the mainline cm sources so the F1 can have official cm support. I have also built cm12.1 which has working RIL but has a small camera bug and non working gravity sensor. If I can fix those before cm13 is officially released then I will post a build. Remember, all sources being used to build for this device are open to you or anyone else who wishes to start developing for this device.
hats off to @uberlaggydarwin for keeping the flame going.
Just picked up my new Honor 6x(BLN-L24) from Best Buy because I'm tired of only having 2GB RAM on my Honor 5x. Unfortunately I didn't come here before ordering because if I had I would have noticed only a fraction of dev support compared to what is available for the 5x, and I would have not purchased the 6x.
Anyway, I tried flashing HassanMirza01's LineageOS 14.1 but after letting it sit 3 times on animated boot logo screen for over 30 minutes each time I wiped everything and read through the rest of the ROMs in the dev section. Either the ROMs have currently reported install problems, or in the case of all Meticulus ROMs the download links are gone. None seem to be working correctly or near stable for daily use unless I'm missing something here.
At this point I'm following the dload method to go back to latest stock and honestly thinking about just returning the phone to Best Buy. It's quite disappointing seeing such a small amount of support for it. Is that because there is something wrong or difficult with this phone when it comes to development?
The weak development is because Huawei/Honor hasn't released source code yet (I guess, but I've seen a link for my BLL-L23 source code some time ago).
A thing I don't like about H6X devs is that lately they have (strangely) "spammed" their ports from other Huawei devices, maybe without improving the ported codes. I mean, about 6 ROMs in just a few days, with the same ported S.C... That's suspicious
But, since I'm not a dev (sad reaction only) I can't judge their work without considering all the variables involved into their work.
I guess all this happened because of the unreleased S.C, but I'm confident this has a near end.
Cheers to all devs btw, ur work is really appreciated
I can't even return to stock. I tried the dload method, and then I tried the full return to stock where I fastboot flash boot/recovery/system and then dload the update.app. Keeps saying Software install failed! on the part where I do vol+/vol-/pwr and try the dload flash of update.app.
Have I completely bricked this phone?
johnnyrichter said:
Just picked up my new Honor 6x(BLN-L24) from Best Buy because I'm tired of only having 2GB RAM on my Honor 5x. Unfortunately I didn't come here before ordering because if I had I would have noticed only a fraction of dev support compared to what is available for the 5x, and I would have not purchased the 6x.
Anyway, I tried flashing HassanMirza01's LineageOS 14.1 but after letting it sit 3 times on animated boot logo screen for over 30 minutes each time I wiped everything and read through the rest of the ROMs in the dev section. Either the ROMs have currently reported install problems, or in the case of all Meticulus ROMs the download links are gone. None seem to be working correctly or near stable for daily use unless I'm missing something here.
At this point I'm following the dload method to go back to latest stock and honestly thinking about just returning the phone to Best Buy. It's quite disappointing seeing such a small amount of support for it. Is that because there is something wrong or difficult with this phone when it comes to development?
Click to expand...
Click to collapse
You live in Missouri? :laugh: The Honor 5x is a Qualcom Snapdragon device and that chipset has plenty of official support from LineageOS. The Honor 6x is a Kirin 655 device and has absolutely NO official support what soever. You asked if there is "something wrong or difficult with this phone when it comes to development". Yes there is and for the same reason that it will NEVER had any official support from custom ROMs like Lineage: no source code.
So, if you bought your Honor 6x with expectation that your "custom rom experience" would be the same as your 5x, I'm afraid that you probably made a mistake.
As for "Where are the download links?". I mean absolutely no disrespect when I say that, if you can not find them, then it's probably for the best. :laugh:
Huawei/Honor should do something related to Kirrin processor, considering their massive advertisements on XDA- they're not caring any development
sreekantt said:
Huawei/Honor should do something related to Kirrin processor, considering their massive advertisements on XDA- they're not caring any development
Click to expand...
Click to collapse
I do not know the 'deal' that Huawei/Honor has with XDA but it seems likely to me that Huawei/Honor pays XDA to help make Huawei/Honor devices more popular by sponsoring Honor branded contests and giving away phones to 'openkirin'. I can not say for certain but I don't think that Huawei/Honor cares about 'custom ROM' development at all. It is just a vehicle, by which, XDA can make Huawei/Honor devices more popular, help increase sales and help them build their brand.
Panchoso4D said:
The weak development is because Huawei/Honor hasn't released source code yet (I guess, but I've seen a link for my BLL-L23 source code some time ago).
A thing I don't like about H6X devs is that lately they have (strangely) "spammed" their ports from other Huawei devices, maybe without improving the ported codes. I mean, about 6 ROMs in just a few days, with the same ported S.C... That's suspicious
But, since I'm not a dev (sad reaction only) I can't judge their work without considering all the variables involved into their work.
I guess all this happened because of the unreleased S.C, but I'm confident this has a near end.
Cheers to all devs btw, ur work is really appreciated
Click to expand...
Click to collapse
These ROMs came about because I decided to bring up my code base to operate on EMUI 5. While I was doing that I noticed the way Huawei does things in an abstract way so that the same code base can be used to build ROMs for many devices. I decided to do things in a similar way. In doing so, other quickly found out that this ROM runs on all hi6250 devices. However it is true that I do not own an Honor 6x and where this device differs from the devices that I do own, you come in. If you help me help you I might be able to fix issues. If not, well ... the choice is yours ...
Meticulus said:
I do not know the 'deal' that Huawei/Honor has with XDA but it seems likely to me that Huawei/Honor pays XDA to help make Huawei/Honor devices more popular by sponsoring Honor branded contests and giving away phones to 'openkirin'. I can not say for certain but I don't think that Huawei/Honor cares about 'custom ROM' development at all. It is just a vehicle, by which, XDA can make Huawei/Honor devices more popular, help increase sales and help them build their brand.
Click to expand...
Click to collapse
Yeah absolutely- thats d strategy
But for any device to appeal for XDA public - it should have impressive development or promising atmosphere(releasing sources,support etc)
Advertisements on XDA gonna do more harm than good if they have nill dev support as every user who purchases phone seeing ad on XDA hoping good development like OP would badly be disappointed and it hurts brand value indirectly. Basically majority phones which get advertised on XDA has excellent dev support already like One plus. Huawei is missing this point.
---------- Post added at 01:25 PM ---------- Previous post was at 01:22 PM ----------
Meticulus said:
These ROMs came about because I decided to bring up my code base to operate on EMUI 5. While I was doing that I noticed the way Huawei does things in an abstract way so that the same code base can be used to build ROMs for many devices. I decided to do things in a similar way. In doing so, other quickly found out that this ROM runs on all hi6250 devices. However it is true that I do not own an Honor 6x and where this device differs from the devices that I do own, you come in. If you help me help you I might be able to fix issues. If not, well ... the choice is yours ...
Click to expand...
Click to collapse
Yeah observed this- Feels like Huawei had implemented Project treble like functionality already in all kirrin devices
sreekantt said:
Yeah absolutely- thats d strategy
But for any device to appeal for XDA public - it should have impressive development or promising atmosphere(releasing sources,support etc)
Advertisements on XDA gonna do more harm than good if they have nill dev support as every user who purchases phone seeing ad on XDA hoping good development like OP would badly be disappointed and it hurts brand value indirectly. Basically majority phones which get advertised on XDA has excellent dev support already like One plus. Huawei is missing this point.
Click to expand...
Click to collapse
I am not a "business expert" and I willing to bet that you are not either. We have no idea what the nature of the business relationship is, with Huawei and it's hardware partners such as Hisilicon. Perhaps Huawei is unable to be more forth coming with its source code because of agreements they have with Hisilicon. Perhaps, Hisilicon, being relatively new to the market-place has decided that keeping their userspace code closed is in their best interest, in the face of older companies like Qualcom. Who knows? I think that companies do things by the numbers and if having "good development at XDA" could produce bigger profits for them, I'm sure they would encourage it. I willing to bet that 'custom ROM' development's impact on Huawei's bottom line is negligible. XDA is more useful to them for helping to spread the word about the brand. Also, XDA also generates revenue by advertising and although it is an unfortunate fact. When a ROM is running perfectly their is less reason to come here and post. When a ROM is half working and has lots of bugs, ppl are checking constantly while waiting for bugs to get fixes. If a ROM works well, then you just flash it and go on. No reason to stick around here....
I'm just spit balling anyway.... I could be all wrong...:laugh:
Meticulus said:
You live in Missouri? :laugh: The Honor 5x is a Qualcom Snapdragon device and that chipset has plenty of official support from LineageOS. The Honor 6x is a Kirin 655 device and has absolutely NO official support what soever. You asked if there is "something wrong or difficult with this phone when it comes to development". Yes there is and for the same reason that it will NEVER had any official support from custom ROMs like Lineage: no source code.
So, if you bought your Honor 6x with expectation that your "custom rom experience" would be the same as your 5x, I'm afraid that you probably made a mistake.
As for "Where are the download links?". I mean absolutely no disrespect when I say that, if you can not find them, then it's probably for the best. :laugh:
Click to expand...
Click to collapse
Yep, about 20 minutes from Springfield. :good:
So with Kirin, is it that they just haven't opensourced what you devs need? Has there been any 'official' discussion on that from them that would give any hope towards easier development
I didn't see links in your rom threads, and your threads don't have the Downloads tab on them like other rom threads do. Guessing you're hosting the files directly from your website you have linked in your threads?
johnnyrichter said:
So with Kirin, is it that they just haven't opensourced what you devs need? Has there been any 'official' discussion on that from them that would give any hope towards easier development.
Click to expand...
Click to collapse
I like to think I've done pretty well despite any lack of resources from Huawei. On the devices I own, to me at least, my ROMs are full daily drivers. Perhaps they are not perfect but without source it was never gonna be but, afaict the bugs are minor. I have never heard anything from Huawei on publishing their source. They publish their GPL stuff which is more than some companies do. I will admit that my ROMs probably run better on the P9 Lite and the P10 Lite because I own those devices and when they have problems, I can get information personally. Something I can't do for devices I don't own.
Meticulus said:
I like to think I've done pretty well despite any lack of resources from Huawei. On the devices I own, to me at least, my ROMs are full daily drivers. Perhaps they are not perfect but without source it was never gonna be but, afaict the bugs are minor. I have never heard anything from Huawei on publishing their source. They publish their GPL stuff which is more than some companies do. I will admit that my ROMs probably run better on the P9 Lite and the P10 Lite because I own those devices and when they have problems, I can get information personally. Something I can't do for devices I don't own.
Click to expand...
Click to collapse
Well if you're nearby in SPFD you can always hit me up if you need a phone to test stuff on, haha.
One thing that can help revive the development is an Oreo update with treble support
Apply to get a Free OnePlus 6 for your Development Projects
OnePlus has a long history of always supporting the development community when it comes to their devices. They have been consistent with offering phones that can easily be unlocked and flashed with different ROMs and recoveries. They're one of the few companies that allow you to unlock the bootloader of your phone without any requirement of an unlock key. They are also quick to release their kernel sources to encourage development.
Now OnePlus is taking another big step in showing their support of the development community. They are sending out 36 free OnePlus 6 units to different developers so that they can get to work on creating great ROMs, Kernels, and other modifications to the device.
Leave a comment in this thread telling us why you think you deserve a free OnePlus 6 and what kind of development projects you would bring to the community. There are three untis still up for grabs.
Update: All units have been claimed. Thanks for participating!
Hi suggest my name ..I am working on aoscp for one plus 6/3/3t
Low Latency Kernel coz why not
I was working on orion os on the Moto g and later on oneplus x. I also have several threads here in OpX section. So I think it would be great if I could get the device for testing and building purposes.
I think I should have one because I used to develop themes, modifications and many more for Sony Xperia devices. I have been active on XDA for over 5 years and I would like to make more contribution to the community. Thanks !
Bcoz I am ROM tester for many devices.
+ I already own OnePlus 6 as daily driver so other device can be used exclusively for ROM testing
I'm the developer of Discovery ROM. I'm a developer and a computer science student. I want to test on it my projects (actual and future), I have a lot of things ready to be developed (some apps and a lot of very interesting exclusive features for my ROM). With the OnePlus 6 all these things would be easier to develop and test.
I'm 1 of 2 lead devs for https://github.com/AquariOS and would love to make AquariOS for op6
Hi. I'm one of the two developers of Havoc-OS and I also have a variant of the Modded Google Camera. I am also a bit of a themer and have made a subs overlay for Transparent In-Call UI for Google Dialer. These are my current projects. In the past I have been a part of Zenity-N, Z-Unleashed, Unleash-OS and OxygenOS System Mods. I would really like to get a OnePlus 6. I've been a huge fan of OnePlus since OnePlus One days. I know I'm not too qualified developer but I learn as I go and I've come a long way since I started. I really like this phone and if I win, it will give me an opportunity to work on Havoc-OS for OnePlus 6.
Hi, my name is Sergio. I'm an Italian engineering student, I want to work on the appearance of the Rom and test new ROMS and fix them if needed. I'm a tester for any One Plus roms and kernels. Give me a chance to work with you! It's a dream. I actually use OP3
Hi, I'm Sai, a developer interning for the Substratum team and would really appreciate an additional device for testing and debugging several of our projects on the device, as OOS has some of its own quirks that may need some additional testing. Additionally I am also a Substratum themer, meaning that I could add support for OOS 5.1.5+ on my theme.
Theme's GitHub page:
https://github.com/InFlames03/Oreo-Theme
I am 1 of 2 Founder/Developer of PureFusionOS, Currently Deving on LG G6 H872 and Past HTC10, Would consider porting our ROM and deving on the OP6 if giving the opportunity..
I'm active member in development of both my present Honor 7x and Past K3 Note devices.
My previous works include a 3.1.1 twrp recovery for K3 Note , Flashable Face Unlock Zips for Android 5.1+, AOSP based themes for Honor 7x.I can sure do much more if I get a device like OnePlus 6 .
As the OnePlus 6 supports Project Treble I will try to build a Stable TWRP with vendor partition and Ressurection Remix Rom if possible .
Build rom and kernel for yureka and zuk devices .
Now i want to work for OnePlus 6 device (ROMS & KERNEL).
XDARoni said:
Apply to get a Free OnePlus 6 for your Development Projects
OnePlus has a long history of always supporting the development community when it comes to their devices. They have been consistent with offering phones that can easily be unlocked and flashed with different ROMs and recoveries. They're one of the few companies that allow you to unlock the bootloader of your phone without any requirement of an unlock key. They are also quick to release their kernel sources to encourage development.
Now OnePlus is taking another big step in showing their support of the development community. They are sending out 36 free OnePlus 6 units to different developers so that they can get to work on creating great ROMs, Kernels, and other modifications to the device.
Leave a comment in this thread telling us why you think you deserve a free OnePlus 6 and what kind of development projects you would bring to the community. There are three untis still up for grabs.
Click to expand...
Click to collapse
Hello,
I work on the Dirty Unicorns project which currently is not shared on XDA, but we are still a popular project. Alternatively, I also work on the unicornblood kernel for the devices I support (many of which, to include the OP5).
Please keep me in consideration.
I would love to have the chance to get a OnePlus 6!
I develop official AICP for the OnePlus 3 so have good knowledge regarding the OnePlus community and OnePlus devices in general. AICP is a highly customisable ROM which is very popular in a lot of communities, and I can't see why the OnePlus 6 community would be any different
I am part of the Exynos 5420 team, where we bring official LineageOS and AICP to older devices, such as Galaxy Tab S devices and Galaxy Note Tablet devices.
I'm an official LineageOS member working on my exynos device and would like to bring AICP to the OnePlus 6 and use it to further my knowledge of developing custom ROMs for devices
Thanks!
Make it 35 and give one to a tester. I'll be glad to test and report bugs to those 35 developers
I have been working on mediatek devices for one year and definitely want to hands on snapedragon 845.I have limited resources but can be your beta tester , guaranteed.
* Please give chance to junior members*
My contribution to mediatek 6592
Aicp
Benstalk
Xosp
Aokp
Bliss
Crdroid
Mokee and many more
. First few members in mediatek family to crossport CyanogenMod 13 from mtk 6582 (bugfree).
If i would be given op6 then i would surely increase my coding skills.
@HolyAngel
Because his kernel and custom OMNI rom is on another level. Battery friendly and smoothest experience. Period. If you don't believe me, ask all 200 members in his Telegram chat. Most guys there said they'll be getting device which HolyAngel gets next.
Testing is in my blood
Well, I’m not really a developer but I am the kind of person who has all the time in the world. I dont do much since I’m a student so I can dedicate my time in testing rom, kernels and whatever xda can throw at me.
I’d like to work with the various great devs to test their contributions and make them suitable for public release.
I’m coming from the Xioami Mi5 community and I’ve been very active there. However, sadly my phone broke into pieces recently. So I could use a huge upgrade as the OnePlus 6. Considering the goodness of the phone, I’d be more keen to use the time I idle away in testing xda goodies and make OnePlus 6 community a great place.
P.S Yes I know how to take logs and all the rest.
I have been a fan of installing custom ROMs, root and other mods to my phones since I first owned an Android phone, which was a Sony Xpera Z3 Compact.
Back then I didn't care so much about security, because I was thinking 'What, are they gonna steal my Instagram account?'. But as I grew older the situation got more complex and now I feel the need to feel secure while using a ROM, which is almost never these days. So here are my reasons:
- Custom ROM developers have the exact same device as we do, so if they wanted to exploit it, they would exploit the hell out of it and get their hands on everything we have. (Looking at you, MIUI port)
- Some ROMs come with SELinux disabled which is a problem in itself, I believe.
- Even apps like Magisk, although they're open source (well, most of them) who knows what they're doing in the background.
- It is fairly easy to install a keylogger built into a custom ROM, how do we know that we are already not compromised a few times?
Am I being paranoid here? Or does everyone just want to install their flashy mods and get on with it, like I used to back in the day?
I would love to hear all of your opinions on this!
interesting thoughts and it's always good to be a little concerned about security and privacy!
for custom roms i think in general they tend to be more secure than most stock roms. especially when they have OFFICIAL status - you often get faster updates or updates at all if you have an older device.
unlike big company's, the developer of these roms do it for fun and in general don't have economical interest. so why would they want to steal data/insert backdoors or whatever? thats something company's and governments are interested in...
what i see is that these devs usually check exactly what's happening inside a ROM and a more likely to remove/block suspicious apps or whatever.
also custom ROMs are always open source, aren't they? so everyone can check what's happening... same like Magisk and stuff. everyone's gonna see it if you are trying to steal people's data or something.
i personally trust ROMs based on Lineage OS more than any other stock ROM because they're developed by normal people and not by greedy company's...
although im using MIUI right now because its comfortable but i don't really trust them chinese stuff in terms of data security
merlin.berlin said:
also custom ROMs are always open source, aren't they? so everyone can check what's happening... same like Magisk and stuff. everyone's gonna see it if you are trying to steal people's data or something.
Click to expand...
Click to collapse
First off, thanks for sharing your thought on this. Second, that's been a long time debate, whether open source software is really secure or not. Because although the source of the code is open for inspection, especially in small projects - like device specific projects, many of the security threats and bugs go unnoticed. Of course I trust Magisk, because it is open source AND many Android enthusiasts know about it to a level.
But when it comes to custom ROMs, if you actually check the forum, most of them aren't open source. Hell, we don't even know where they're coming from in some cases (MIUI, EvolutionX etc...). Well, I agree with the Official custom ROMs, because most of the time they're open sourced. But you need to be aware that especially the MIUI ports on this forum, are grabbed from Russian forums. So now (I'm not accusing anyone here), possibly the Russians (4pda), Chinese (Xiaomi) and feds (lol) can reach your data.
I share these concerns. I don't understand why xda doesn't have a policy of not allowing custom roms which don't display their origin/source. Miui mods, Gapps I never use. Bottom line is that with all data collection and spying going on through devices one can only protect her/himself based on personal knowledge and level of concern. And official vs. unofficial is a non issue.
Well, shortly - they aren't secure and you can trust them as much as you trust a person behind them, which you probably don't know well - means not much. And even if there is no bad will from trustworthy community member, you still have to trust that they weren't hacked and let's be honest - big companies are being hacked fairly regularly, let alone hobbyst xda developers. Considering the small user base of the roms, in 99% cases nobody would even realize any malicious stuff happening.
Definitely most stock roms are more secure than custom roms. BUT. Then comes privacy. On stock roms, google, and in most cases phone manufacturer harvest virtually all your data and everything you do, so the only plus here is that you may believe that it will never leak. For me it's not better at all.
At this moment probably the best you can get is a custom rom from trustworthy project with big userbase and many eyes watching - Official Lineage OS builds or one of the few serious privacy focused projects.
Hey,
as somebody who has published ROMs here I really wanted to share my thoughts on this.
First of all, you are right on having concerns about the security of custom ROMs.
There are essentially two types of security at stake here: One is the security of your device, if a third person gets physical control over it. Here, the case is quite clear: The moment you unlock the bootloader, an attacker with physical access to the device will be able to flash anything he wants and essentially circumvent any locking mechanism you have in place. Encryption would help, but implementing properly in a custom ROM and still keeping the functionalities users like about custom ROMs (e.g. easy switching between them, proper updates without the need for OTA) is quite difficult. In short, if you want to prevent anybody who might access your phone physically from gaining access to your data, keep stock ROM and boot loader locked.
The second type is data security and privacy, which was treated in OP. And OP was right, that there is a possibility of adding nearly anything to the code. I am speaking for myself right now, but I guarantee you, that I have never added anything to the ROM code (which for all AOSP ROMs needs to be public, any single line can be reviewed), device tree (public on github as well) or kernel (needs to be published as well). I know, it is my word to be taken here and there is nothing preventing e from lying (because I could add local changes to the code that are never made public). And there is a lot of faith involved, which is why I started building my own ROM. So if anybody feels uncomfortable with installing a ROM that potentially could contain malicious changes, it is better to stay on the stock ROM. On the other side though, the probability that devs like me, that do this essentially for fun and because they want more features and better experience than stock has to offer on their own phones, will invest the time to add a keylogger or other malware to than exploit maybe 10 or 12 people that will actually run the ROM, is quite low imho. Xiaomi, Huawei (or any other company) might be forced by some government to install backdoors or reveal userdata as well. It essentially boils down to trusting the open source community and a dev or trusting some corporation. I honestly do not have an easy answer to this and it probably differs for each person.
As why some ROMs (including my AOSiP 10) run with SELinux on permissive: SELinux enforcing is tricky. If the policy is written poorly, it will prevent your phone from booting or block essential features. And although I am quite android and linux savy and can write my own code, getting SELinux right is still a challenge. On Pie we had an experienced dev like Offain who essentially did it for most others as we used his trees, but for Ten we are still trying to get the devices working to their full extent on a never kernel version (4.9 instead of 3.18). SELinux has a lower priority for me, although I definitely want to make it enforcing as soon as possible.
The example of the kernel is a good point though why I think that custom ROMs can be more secure than stock if you are ready to trust the devs: Most of us use a newer, more up to date kernel than Xiaomi with upstreamed security patches, provide Android security patches earlier than Xiaomi and probably will continue to do so even when for Xiaomi the device will have reached EOL. At the moment, stock probably is the safest in terms of integrity, although it lacks features and is not quite up-to-date. But I have found on any device I owned, that keeping it somewhat up-to-date after official EOL through custom ROMs was a very important part of being able to use it longer than its intended life span.
Long story short: I guarantee you all that I am not interested in your private data and will not try to extort you or sell your credit card information or whatever... If there are bugs and vulnerabilities they are absolutely unintentional and I will try to fix them to my best knowledge if I am made aware of them. Anyway, please think critically and feel free to make the decision you feel best with.
opal06 said:
Hey,
as somebody who has published ROMs here I really wanted to share my thoughts on this.
First of all, you are right on having concerns about the security of custom ROMs.
There are essentially two types of security at stake here: One is the security of your device, if a third person gets physical control over it. Here, the case is quite clear: The moment you unlock the bootloader, an attacker with physical access to the device will be able to flash anything he wants and essentially circumvent any locking mechanism you have in place. Encryption would help, but implementing properly in a custom ROM and still keeping the functionalities users like about custom ROMs (e.g. easy switching between them, proper updates without the need for OTA) is quite difficult. In short, if you want to prevent anybody who might access your phone physically from gaining access to your data, keep stock ROM and boot loader locked.
The second type is data security and privacy, which was treated in OP. And OP was right, that there is a possibility of adding nearly anything to the code. I am speaking for myself right now, but I guarantee you, that I have never added anything to the ROM code (which for all AOSP ROMs needs to be public, any single line can be reviewed), device tree (public on github as well) or kernel (needs to be published as well). I know, it is my word to be taken here and there is nothing preventing e from lying (because I could add local changes to the code that are never made public). And there is a lot of faith involved, which is why I started building my own ROM. So if anybody feels uncomfortable with installing a ROM that potentially could contain malicious changes, it is better to stay on the stock ROM. On the other side though, the probability that devs like me, that do this essentially for fun and because they want more features and better experience than stock has to offer on their own phones, will invest the time to add a keylogger or other malware to than exploit maybe 10 or 12 people that will actually run the ROM, is quite low imho. Xiaomi, Huawei (or any other company) might be forced by some government to install backdoors or reveal userdata as well. It essentially boils down to trusting the open source community and a dev or trusting some corporation. I honestly do not have an easy answer to this and it probably differs for each person.
As why some ROMs (including my AOSiP 10) run with SELinux on permissive: SELinux enforcing is tricky. If the policy is written poorly, it will prevent your phone from booting or block essential features. And although I am quite android and linux savy and can write my own code, getting SELinux right is still a challenge. On Pie we had an experienced dev like Offain who essentially did it for most others as we used his trees, but for Ten we are still trying to get the devices working to their full extent on a never kernel version (4.9 instead of 3.18). SELinux has a lower priority for me, although I definitely want to make it enforcing as soon as possible.
The example of the kernel is a good point though why I think that custom ROMs can be more secure than stock if you are ready to trust the devs: Most of us use a newer, more up to date kernel than Xiaomi with upstreamed security patches, provide Android security patches earlier than Xiaomi and probably will continue to do so even when for Xiaomi the device will have reached EOL. At the moment, stock probably is the safest in terms of integrity, although it lacks features and is not quite up-to-date. But I have found on any device I owned, that keeping it somewhat up-to-date after official EOL through custom ROMs was a very important part of being able to use it longer than its intended life span.
Long story short: I guarantee you all that I am not interested in your private data and will not try to extort you or sell your credit card information or whatever... If there are bugs and vulnerabilities they are absolutely unintentional and I will try to fix them to my best knowledge if I am made aware of them. Anyway, please think critically and feel free to make the decision you feel best with.
Click to expand...
Click to collapse
exactly, we don't need your data, just why we would want it. additionally, as you said, all is open sources so OP can check all. everything was written here, perfect answer
opal06's post is right on the money as explanation to what security can mean for rom/device. No need to be defensive though, trust in developers is the only thing that keeps the custom roms community going and I've been using them since Gingerbread.
On the other hand, I must say, custom roms that come pre-loaded with all bells and whistles from Google diminish the trust factor.
celrau said:
On the other hand, I must say, custom roms that come pre-loaded with all bells and whistles from Google diminish the trust factor.
Click to expand...
Click to collapse
How come ? Could you explain that ?
marstonpear said:
How come ? Could you explain that ?
Click to expand...
Click to collapse
I guess what he means is that Google is notorious for grabbing any bit of data and having a custom ROM preloaded with Google stuff diminishes the need for installing it ib the first place, as it will have the same privacy concerns regarding Google as stock has. In general, Google's involvment into Android is a reason for concern to many, myself included. But there are very few ROMs that actually try to be privacy focused and get rid of Google entirely, although the situation can be improved by using MicroG services instead of GAPPS. They already work on many ROMs
opal06 said:
I guess what he means is that Google is notorious for grabbing any bit of data and having a custom ROM preloaded with Google stuff diminishes the need for installing it ib the first place, as it will have the same privacy concerns regarding Google as stock has. In general, Google's involvment into Android is a reason for concern to many, myself included. But there are very few ROMs that actually try to be privacy focused and get rid of Google entirely, although the situation can be improved by using MicroG services instead of GAPPS. They already work on many ROMs
Click to expand...
Click to collapse
I was half way through typing pretty much the same thing when I noticed your post, that's exactly what I meant. One more thing, some people really need Gapps (i.e. for some banking apps) but they should install them themselves as opposed to providing custom roms with Gapps preinstalled.
Thank you guys for sharing your thoughts on this! I believe all we can do is trust our devs with our info and devices and as a paranoid user, I believe I won't be able to do that, so I'll stick to stock ROMs for our device. But I also believe this has been very helpful for other users who want to try custom ROMs and if they're not as paranoid as I am, they can safely use the open-sourced/official ROMs in the forum. Cheers.
marstonpear said:
Thank you guys for sharing your thoughts on this! I believe all we can do is trust our devs with our info and devices and as a paranoid user, I believe I won't be able to do that, so I'll stick to stock ROMs for our device. But I also believe this has been very helpful for other users who want to try custom ROMs and if they're not as paranoid as I am, they can safely use the open-sourced/official ROMs in the forum. Cheers.
Click to expand...
Click to collapse
I wouldn't call it being paranoid, I think it's very sane.
I agree and have similar view on that, but please ask yourself a question - how much you trust Xiaomi and their security measures? Because in terms of privacy it's obvious that nothing worse than Xiaomi plus Google can happen to you. If you're really what you call "paranoid" you should rather get a device with official Lineage OS support that you would download directly from their servers or systems mentioned here: https://www.privacytools.io/operating-systems/#mobile_os
Thread closed at OP request