DroidForums.net is the original Verizon Android Forum! Registered Users do not see these ads. Please Register - It's Free!
Results 1 to 2 of 2

Thread: Is there a surefire way to verify that a ROM does not contain malicious software?

  1. Senior Droid
    samsonite801's Avatar
    Member #
    76700
    Join Date
    Jun 2010
    Posts
    150
    Phone
    M Droid
    #1

    Is there a surefire way to verify that a ROM does not contain malicious software?

    I run a ROM that seems in every way, shape, and form, to be from a safe, and trusted source, but I still can't shake off this thought that:

    "...What if the developer has installed some kind of key-logging software, or added in bot-client software so it can be part of a bot army for executing malicious denial-of-service attacks (lye dormant until needed), or some other type of software that may otherwise be deemed as not desirable to have installed on your Droid?"

    Because none of us really know the TRUE intentions of our ROM's dev guy we so trust, and may so graciously and religiously 'donate' to. Is it as simple as that? We donate, and he, our trusted dev, just continues to produce a no frills, no gimmicks, no malware, 100% trusted ROM? Or are they burning the candle from both ends of the stick and making $$$ off you the donator, but also selling bot armies, and/or personal information on the other side? No one can honestly say which devs are honest and not, we can only speculate. And not to mention all the apps both from the Market and not, which want this permission, and that permission, and permission to have your right nut before you can install it, without really telling you exactly WHY it needs access to all those things that seem to have little to do with what the app even does in the first place.

    Here's where my complex question comes in...

    I would like to think that I'm somewhat of a moderate Linux user/administrator, as I've been working with Linux based servers for many years. I'm fairly seasoned in using server-side programs and services like apache w/ ssl, mail servers and other such devices, but I have even less understanding of basic virus and malware detection in Linux (other than basic web server security and prevention techniques) since I've never had to worry much about security and viruses with a properly configured and secured Linux server using software that is tried and trusted.

    But recently, I've gotten into this whole Android 'rooting' thing and the problem with ROMs is that YOU, the administrator of the given device, are giving permission to install that ROM, therefore, you are attaching your left nut to it, and signing it with a big fat Sharpee as 'safe'.

    Other than looking at 'top' to see the running processes (and acting like you truly KNOW what each process is for and how much damage they COULD do), are there any other tools or apps (in Market or not), or techniques for scanning through the Android workflow process to try and manually determine that the code I'm installing/installed and don't trust, does not contain any malicious code?

    One method I had used before (somewhat crude but somewhat effective) is to install Wireshark / Ethereal and sniff all WAN traffic for awhile to see what all destinations, my OS is trying to contact out on the WWW, and then adjust iptables accordingly to block the questionable outgoing traffic to any questionable/unknown destinations, and then see if it causes errors in the normal running of any installed/desired app, and continue to monitor this traffic until such time I manually get my iptables firewall all 'tuned-in', and all outgoing traffic patterns are 'understood'. This had proven to be a very lengthy and time consuming task to perform on my home router/web server, as it takes hours to hone in the firewall to effectively sift through every little tidbit and generate a relevant, and human readable iptables log entry whenever it deciphered unauthorized incoming or outgoing packet transfer attempts.

    Also, does anybody know of an equivalent to the linux command ' ntsysv ' to be able to run in order to easily start/stop services from starting in Android? When you use these typical 'Task Manager' type apps from the Android Market, they just don't seem effective in killing and keeping processes killed. These apps basically can kill the pid in question, but then if Android still wants to keep that service running, it will keep restarting it no matter how often you 'kill' it. Is there some common method to kill it at the source? I guess I need to go look, but there must be an init.d directory or similar where I can remove or disable startup scripts to prevent programs from ever running when I don't want them to. I haven't really picked apart the Android OS too much yet, so I don't really know my way around too much at this point.

    Hopefully, there are some users of Droid who have had similar concerns to me regarding these general security measures. I welcome any feedback on this subject.

    THANKS
  2. Senior Droid
    Stretch2m's Avatar
    Member #
    42129
    Join Date
    Feb 2010
    Location
    Rochester, NY
    Posts
    179
    Phone
    Motorola Droid (1)
    #2
    The way I look at it is this: there are a bunch of really smart tech-savvy people out there putting these ROMs through more of a wringer than I ever will. It stands to reason that one of them, somewhere, would be able to tell if his/her ROM dev was up to some shenanigans. At that point, of course, the ROM dev would be called out publicly, and his/her reputation would be permanently destroyed. And I tend to think a driving force behind most of these devs is their reputation - bragging rights.

    I mean, how cool would it be to be able to say, "Yeah, I created Bugless Beast." These ROM cookers are like demigods around these parts. They simply have too much to lose by screwing around, or even being careless for that matter. (Look what happened to Blackdroid.)

    Having said that, I try not to screw around with the ROMs that have the smaller audiences. I stick with the big boys: CM, BB, SS, CVPS. There's safety in numbers, I think: the more people who are using the ROM, the better the chance that I don't need to worry about it.

    Actually, I'm more worried about Market apps than ROMs, as I've read about a handful of apps already that were shown to be up to no good. The big name ROMs - particularly the open source ones (e.g., CM) - are undoubtedly safe.

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. E:cant verify signature??
    By spacemanps in forum Android Hacks and Help
    Replies: 14
    Last Post: 06-26-2012, 10:25 AM
  2. reporting malicious application
    By cloudius in forum Android Tech Support
    Replies: 42
    Last Post: 05-01-2010, 10:44 PM
  3. How to Verify if your phone is back to stock or still ROOTED?
    By movadoevo8 in forum Android General Discussions
    Replies: 7
    Last Post: 03-17-2010, 08:07 PM
  4. Dolphin Browser Malicious?!??
    By Magdroid in forum Android Applications
    Replies: 31
    Last Post: 02-09-2010, 09:26 AM
  5. How to verify root access?
    By injector in forum Android Tech Support
    Replies: 4
    Last Post: 02-02-2010, 09:24 PM

Search tags for this page

android rom malicious

,
can android roms be trusted
,

detection of malicious applications on android os

,

do roms contain viruses

,
ethereal android rom
,
rom contains virus
,
rom does not contain
,
trusted android rom
,

trusted android roms

,
what does rom not usually contain
Click on a term to search our site for related topics.

Tags for this Thread

Find us on Google+