Conversation

Replying to

@K1LL3R_1N5TINKT

A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys. It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.

GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs...

Set of scripts to automate AOSP compatible vendor blobs generation from factory images - GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs generation...

1

2

Replying to

I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.

2

3

@K1LL3R_1N5TINKT

Replying to

Thank you for the explanation. So what I understand in simple terms, it is difficult to make a secure OS for a particular device when there are vulnerabilities in the hardware of that device.

1

@K1LL3R_1N5TINKT

Replying to

@K1LL3R_1N5TINKT

and

I've been researching Roms for the iconic Nexus 5 and I liked the Rom Nitrogen 7 which is a rom based on the Nougat 7 Rom, dev solved a security flaw in wifi that allowed the device to be compromised ....

1

@K1LL3R_1N5TINKT

Replying to

@K1LL3R_1N5TINKT

and

So far it was the fastest Rom made for Nexus 5 but unfortunately has bugs in mobile communication and bluetooth among other bugs,the project has been discontinued. So I found this that is also based on the Nougat 7.1 Rom and they offer updates every week lineageos.org

1

@K1LL3R_1N5TINKT

Replying to

@K1LL3R_1N5TINKT

and

When you have time, I'd like to know your opinion about that Rom. Take the time you need to analyze. Thank you.

1

Replying to

@K1LL3R_1N5TINKT

There's no ROM for the Nexus 5 with anything close to full security for drivers or firmware. It has hundreds of unresolved serious security bugs. It's not a safe device, regardless of which OS you use on it. All these ROMs also substantially reduce security compared to AOSP too.

1

1

Replying to

If you care about security, you need to use a device that isn't end-of-life. Shipping the AOSP security updates is not shipping full security updates. Those ROMs explicitly lie to you about the security patch level. The security bulletins include far more issues than they fix...

1

Replying to

Even on a device where full security updates are available *and* the ROM ships all the security updates (i.e. they actually bundle all the updated firmware and drivers, which is rare), they usually lack a security update model and roll back / damage security features in AOSP.

1

Replying to

If you want a secure device, use an iPhone or a Pixel with the stock OS. If you can't afford the current generation, use an iPhone from the previous generation. There are only a couple non-Pixel Android devices with decent security and none are truly competitive with a Pixel.

2

Replying to

AOSP on a Pixel can be as secure as the stock OS, but only when doing signed production builds with all the security features left intact, verified boot enabled after flashing (via locking the bootloader) and properly secured signing keys for signing builds (ideally an HSM).

5:33 PM · Nov 1, 2018Twitter Web Client