LrdElderon
Member
**Warning 1: Not starting flame war, give the post its due credence, before bashing me or locking/deleting thread, thanks!**
**Warning 2: somewhat lengthy post**
I was just reading the 2.1 update thread which was started yesterday. I kept seeing posts from 2 groups:
The rooters - Extolling the virtues of their rooted droids
The unrooted - Extolling the virtues of their unrooted droids
This back and forth banter between the two groups made me smile and begin to reflect upon my 15+ years in computing and the lessons that I have learned.
//begin boring-you can skip this//
Firstly, some background on me. I am 28 years young and started out on PCs just as they began booming in the early nineties. I became a full-out geek pretty much from the get-go. I had a 486 PC with Windows 3.11/DOS with maybe a 100mb HD, can't remember. Shortly thereafter, the AOL boom hit. Anyone remember "punters" and "server rooms". No? Not surprising. I was a geek even on AOL.
Only a few years later, I installed my first Linux distro, Suse. Since then, I have not looked back at Windows, installing various distros from year to year, eventually settling back to OpenSuse (my current distro). I have become the goto-guy for fixing all of my friends' and families computers. During these years, I have learned quite a bit about not only PCs in general but the software that is installed in them, ESPECIALLY the Windows crapware (ie virii, trojans, adware, spam, etc).
//end boring//
It is with this bolded sentence on which I wish to make my point. You spend a great deal of your time holding an incredible device. A device that has wifi capabilities, GPS location, email, web-surfing, and so much more. It is precisely because of these capabilities that your phone can be exploited oh so easily.
Not to take anything away from these fine coders who are releasing these custom roms. But I have to ask you, how well do you really know them? Do you know them well enough, that you don't mind if your keys are logged and emailed to a remote server? How about letting them borrow your credit card? Or letting them know your whereabouts via GPS at any given time?
For my part, I say nay. I would need to know someone lifelong to be that trusting. I want to make it VERY CLEAR to whomever is reading this:
I am NOT advocating that any custom ROMs are rigged against you. I only wish to make you aware how you open yourself up to a potential fifteen year old coder who wants to make a name for himself in the "L337" underground.
Be a bit more cautious in what you install on your phone. The Android OS is linux-based. Meaning, you need root privileges in order to make certain changes. That is one of the strongest security points for Linux over Windows. But wait! Conveniently, these Roms root for you! How novel!
If you are a coder, and you can open up these ROMs and pinpoint exactly what is happening inside of them, kudos for you. You should be the ONLY ones who feel completely safe and smug running these. To those that can't, be wary, always. That is all and I hope I didn't anger too many with this. Twas not my intent.
Woof.
well that's why we are not running windows phones :icon_ devil:
see we have this thing called opensource. and as far as I know, perhaps the apache2 license is different but it says it's compatible with the gpl... any source modifications freely distrubted must have the source available on request. I think that was the gist of it.
you can just look at the source if you know programming or others can and im sure someone would see if something fishy were put in.
One of the reasons I mentioned to site admins about mandatory git repositories or some sort of source hosting for ALL rom devs (their private or paid apps are their own business).
and as the other person mentioned yeah you are the one that has to give permission to the apps. if you don't give it, nothing it can do.
edit: not to be an ass, I mean no personal offense at all, but for some with claimed experience that long, you seem to be the one rather naive about what rooting is and how that all works. trusting the dev is a legit concern, I agree, but for most you should be able to see the source, like with koush.... his FULL source code is up there. you can look and see for yourself if there was malware. and as stated before can't do much harm if you don't have root permission given.
Last edited: