Conversation

@K1LL3R_1N5TINKT

Replying to

Hi ,do you know some unofficial rom that is secure?

1

Replying to

@K1LL3R_1N5TINKT

A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys. It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.

GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs...

Set of scripts to automate AOSP compatible vendor blobs generation from factory images - GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs generation...

1

2

Replying to

I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.

2

3

Leonardo Porpora

Replying to

What you think about

1

Replying to

and

I was the one that created and maintained it, almost entirely on my own. It offered substantially more privacy and security than the stock OS. It couldn't offer a longer support period since it relied on the same security updates. It's no longer the same thing that it was before.

2

2

@K1LL3R_1N5TINKT

Replying to

and

Finally you admitted that there are ROMs better than stock ROMs :) Do not be upset with me for thinking differently and wanting to do differently.

2

@K1LL3R_1N5TINKT

Replying to

@K1LL3R_1N5TINKT

I just want to say a few more things. It's possible relock the Bootloader after flash a new rom.

How to Relock Bootloader via Fastboot on Android

Although having an unlocked bootloader is useful in many ways like flashing firmware (factory images), installing TWRP and getting root, but it can also lead to blocked services on your device due …

1

Replying to

@K1LL3R_1N5TINKT

and

Only Nexus and Pixel phones support locking the bootloader with an alternate OS. I'm obviously aware of that since I worked on an alternate OS preserving the security model used by the stock OS and AOSP. There's no point in locking it if the OS being used breaks that security.

2

Replying to

and

Third party recovery images like TWRP don't preserve the security model and it's entirely pointless to lock the bootloader. It also prevents updating them since the OS won't be doing it. You're also missing that on modern devices that can have basic security verified boot exists.

1

Replying to

and

Nexus 5X/6P and Pixel phones fully support verified boot for other operating systems and enable it when the bootloader is locked. Having a mismatched recovery or a tampered OS (i.e. sideloaded gapps) aren't compatible. LineageOS, etc. don't include verified boot support either.

1

Replying to

and

I don't need you to explain to me how this works. You're wasting your time and mine. As I've said, devices without full security updates are a security disaster. Your Nexus 5 is incredibly insecure and easy to exploit, regardless of which insecure ROM you choose to run on it.

9:04 PM · Nov 1, 2018Twitter Web Client

Replying to

and

Nexus 5 stopped receiving support after October 2016. Using a ROM shipping the latest AOSP security patch doesn't fix that, as I've explained, since the vast majority of the driver, kernel and firmware updates aren't available. The firmware and many drivers are closed source too.

1

@K1LL3R_1N5TINKT

Replying to

and

Some modified roms use modified kernels. Firmware can be rewritten.

2

Show replies