Conversation

@K1LL3R_1N5TINKT

Replying to

Hi ,do you know some unofficial rom that is secure?

1

Replying to

@K1LL3R_1N5TINKT

A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys. It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.

GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs...

Set of scripts to automate AOSP compatible vendor blobs generation from factory images - GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs generation...

1

2

Replying to

I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.

2

3

Leonardo Porpora

Replying to

What you think about

1

Replying to

and

I was the one that created and maintained it, almost entirely on my own. It offered substantially more privacy and security than the stock OS. It couldn't offer a longer support period since it relied on the same security updates. It's no longer the same thing that it was before.

2

2

@K1LL3R_1N5TINKT

Replying to

and

Finally you admitted that there are ROMs better than stock ROMs :) Do not be upset with me for thinking differently and wanting to do differently.

2

@K1LL3R_1N5TINKT

Replying to

@K1LL3R_1N5TINKT

I just want to say a few more things. It's possible relock the Bootloader after flash a new rom.

How to Relock Bootloader via Fastboot on Android

Although having an unlocked bootloader is useful in many ways like flashing firmware (factory images), installing TWRP and getting root, but it can also lead to blocked services on your device due …

1

Replying to

@K1LL3R_1N5TINKT

and

Only Nexus and Pixel phones support locking the bootloader with an alternate OS. I'm obviously aware of that since I worked on an alternate OS preserving the security model used by the stock OS and AOSP. There's no point in locking it if the OS being used breaks that security.

2

@K1LL3R_1N5TINKT

Replying to

and

Yes I know that, thats why I do not want to use the Nexus 5 stock Rom because it has too many vulnerabilities and it's not optimized to use the maximum power of the Nexus 5 and also the battery drains very fast ......

2

Replying to

@K1LL3R_1N5TINKT

and

It has a huge number of vulnerabilities with whatever ROM you are using. The issue is using a Nexus 5 at all when it isn't receiving security support for the kernel, drivers and firmware. Your choice of ROM doesn't solve these issues. It's still incredibly insecure regardless.

1

Replying to

and

It doesn't matter if your ROM pulls in all the latest AOSP security fixes and then lies about the security patch level by pretending that those are the only fixes in the Android security updates. It's missing half of the fixes for vulnerabilities. Sorry but it's totally insecure.

9:09 PM · Nov 1, 2018Twitter Web Client

Replying to

and

Even if they rewrote all of the closed source drivers that aren't receiving security updates and maintained them, moved to a kernel branch receiving security updates and maintained the other device-specific code, it wouldn't fully solve the problem. They're not doing that anyway.

1

Replying to

and

It would be possible for people to rewrite and maintain all those drivers and move to a modern kernel receiving security updates. It would be an enormous amount of work. It's certainly not something that the ROM development community is doing, and it couldn't fix the firmware.

1

Show replies