I have already concluded that I am wasting my time arguing with him, I also realized that I will not learn anything from him :)
Conversation
Do you really know who you have been arguing with ?, Daniel implemented substantial malloc and linux hardening into android.
2
Cat, he erased his tweets, now start to think why he did it.
I'm just a humble bird, nothing more :)
2
No, I didn't erase my tweets. My responses to you are all still there. Stop lying please.
1
1
Okay Micay I'll stop bothering you but do not say that stock roms are the best.
BTW firmware vulnerabilities were easy to solve.
1
I didn't say that. I pointed out that a Nexus 5 has hundreds of serious, unfixed disclosed vulnerabilities regardless of which custom ROM you choose. They don't even come close to addressing the problem of it being end-of-life.
2
Using an alternate OS preserving the standard security features and providing full security updates is great. Even better if it builds upon the baseline security of AOSP rather than rolling it back with added attack surface, crippled SELinux policy and disabled mitigations.
1
You have a serious misunderstanding of what I've been saying.
Good: using a robust alternative OS with full security updates on a device with proper support for other OSes.
Bad: using an OS substantially reducing security from AOSP and not providing the full security updates.
1
An OS is also only part of the overall picture. It can't make up for lacking support for various OS exploit mitigations at a hardware level, a 32-bit address space, lack of verified boot, insecure firmware, lack of IOMMUs isolating components, etc.
1
What is the OS is going to do to protect you when you have a Wi-Fi SoC running a secondary OS vulnerable to assorted remote exploits, and with zero isolation from the rest of the system? An attacker gaining code exec there has kernel / root in the OS without an IOMMU set up...
1
... and that's exactly how Wi-Fi is set up on the vast majority of Android devices. Those firmware security updates for Wi-Fi / Bluetooth are crucial, as are ones for the GPU, audio/video decode and other components. Not sure how you can ignore the drivers/kernel either. *shrug*