Chairshot215
Android Expert
From What I have been reading the last few days Custom roms are more private than stock roms, At least in the case of CM7.
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Root Privacy & Safety of using ROMs
- Thread starter TARDIS
- Start date
-
- Tags
- motorola triumph
The Last Lemming
Lurker
There are other attack vectors other than the ROM:
1. zip updates (overclocking, boot up image/animation, etc)
2. root applications requiring root
3. non-root application with SD Card access (pictures, files, etc.)
4. SMS messages activating carrier/device subroutines (probably not CM7)
5. Google killswitch
Almost ALL sites allow password reset via email, so that's probably the most important thing to secure. Everyone I know configures their main email to their mobile device.
I've been a victim of identity theft for $1,000 twice on cloned credit cards. It would be a very bad day if someone transferred your life savings to Syberia one sunny Sunday afternoon.
1. zip updates (overclocking, boot up image/animation, etc)
2. root applications requiring root
3. non-root application with SD Card access (pictures, files, etc.)
4. SMS messages activating carrier/device subroutines (probably not CM7)
5. Google killswitch
Almost ALL sites allow password reset via email, so that's probably the most important thing to secure. Everyone I know configures their main email to their mobile device.
I've been a victim of identity theft for $1,000 twice on cloned credit cards. It would be a very bad day if someone transferred your life savings to Syberia one sunny Sunday afternoon.
The Last Lemming
Lurker
Thing 2: I'd recommend compiling a list of all accounts, user name and password used on your phone NOW. If it's ever lost, you can quickly change all of your passwords.
It is not in the T-Mobile SGS-II ROM and I DID check it.
It IS in a lot of stock devices however. I have no idea if it's in the base Froyo code, but were it in the CM7 code I'm quite sure someone would have found it by now.
The nice thing about open source is that anyone can look, which means someone eventually will, and that in turn is a strong disincentive to try to pull this crap -- the odds of getting caught is extremelyhigh.
Copy and pasted from (T-Mobile Support Community: This phone is infected with "Carrier IQ." Is there a way to opt out this invasion?)
"Someone posted
I just finished a conversation with T-Mobile's chat support and was told that the following phones DO have the Carrier IQ software BB 9900, BB 9360, BB 9810, HTC Amaze 4G, Samsung Galaxy S II, Samsung Exhibit II, LG myTouch, LG myTouch Q, LG Doubletake According to support the HTC Sensation does NOT have the Carrier IQ software installed." "
Now obviously this is word of mouth and the person and/or the rep could be lying. Eiterway I though it was relavent
Almost ALL sites allow password reset via email, so that's probably the most important thing to secure. Everyone I know configures their main email to their mobile device.
Well, I was pretty shocked to see how the Google account is always on. They never imagined someone with Android would want an option to log out??? I know you can turn off syncing and background services or delete the account or walk around in Airline mode, but all of those lower the functionality. Anyway, I just used a spare dummy Google account, so I can access some of the basic services. I wouldn't want any of my main accounts on there. It seems crazy to me.
I am still worried about having my Amazon account on there and others like Netflix that are connected to my ID and payment info. Especially since I'm not sure what information they're constantly leaking out in the background. And of course I can't do a security audit of every app I install that could have access to who knows what.
The Last Lemming said:I've been a victim of identity theft for $1,000 twice on cloned credit cards.
Sorry to hear it. I had a brush with ID theft myself. I guess it takes an experience like that to start taking security and privacy seriously.