Xposed Framework and security

[funkylogik]

For anyone who uses Xposed, this is an excellent post that should be an eye opener.
Xposed is a really useful tool but be aware that its a key to your device.
Only trust open source modules that have been scrutinised by the community :thumbup:
[EDIT: or by a known and trusted developer]

https://plus.google.com/115581258997167602343/posts/b7E9FYSwyVB

 

[Mikestony]

I run a couple modules, from XDA, how does someone like me find out if a module is open-source? What can I look for?

I see that same question has been asked there too

 

[funkylogik]

Yeah it was me who asked the question lol
Waiting for a response from that dude and I'm a mod in that community so we're trying to come up with a way to rate modules for safety, kinda thing.
I'm guessing that the mods you can get from the list in the installer app are open but I'm not sure yet. I'll do some research and find out tomorrow :beer:

 

[BRAINZ2013]

I thought in cm11 the app security was a baseline of the security to block out from some of these things I was thinking privacy app.was a watch dog I guess not . I wasn't aware of this good looking .

 

[out of ideas]

Cool deal funky, didn't know you were a mod over on xda,
I might have to log on there more than once every two years.

and by the way, Im a bigger fan of opensourced tech than almost anybody but....

Only trust open source modules that have been scrutinised by the community

opensssl was open sourced. which should be an encouragement to people to support the unpaid volunteers who makes our phones and computers, cooler, faster, and safer. Because a couple random people who take up a task for no recognition shouldn't be expected to keep everyone safe, especially when the government and private companies have billions to spend on finding flaws.

 

[funkylogik]

No mate I'm not an xda mod lol I hate posting on there. I mod the Xposed Framework community on Google+
So that Dev came back n said in the Xposed repo there should be a link for "source" for a module if it's open source but even some trusted Devs don't share source so it's about using your discretion.
Don't just install something by an unknown Dev that doesn't have source. Basically follow the same rules you would when flashing something :thumbup:

 

[Slug]

Don't just install something by an unknown Dev that doesn't have source.

I've assumed until now that, if it's available in the Xposed Installer, then it's been reviewed and accepted as safe by better brains than I. The actual source would make as much sense to me as Klingon.

 

[funkylogik]

I've assumed until now that, if it's available in the Xposed Installer, then it's been reviewed and accepted as safe by better brains than I. The actual source would make as much sense to me as Klingon.

Lol yeah same here mate but aparently just because it's available in the installer doesn't mean it's been "vetted" by anyone.
If source is available then there's a good chance the Dev isn't trying to hide anything nefarious from the prying eyes of the many smart-asses on xda