Be wary of rooting your phone
**Warning 1: Not starting flame war, give the post its due credence, before bashing me or locking/deleting thread, thanks!**
**Warning 2: somewhat lengthy post**
I was just reading the 2.1 update thread which was started yesterday. I kept seeing posts from 2 groups:
The rooters - Extolling the virtues of their rooted droids
The unrooted - Extolling the virtues of their unrooted droids
This back and forth banter between the two groups made me smile and begin to reflect upon my 15+ years in computing and the lessons that I have learned.
//begin boring-you can skip this//
Firstly, some background on me. I am 28 years young and started out on PCs just as they began booming in the early nineties. I became a full-out geek pretty much from the get-go. I had a 486 PC with Windows 3.11/DOS with maybe a 100mb HD, can't remember. Shortly thereafter, the AOL boom hit. Anyone remember "punters" and "server rooms". No? Not surprising. I was a geek even on AOL.
Only a few years later, I installed my first Linux distro, Suse. Since then, I have not looked back at Windows, installing various distros from year to year, eventually settling back to OpenSuse (my current distro). I have become the goto-guy for fixing all of my friends' and families computers. During these years, I have learned quite a bit about not only PCs in general but the software that is installed in them, ESPECIALLY the Windows crapware (ie virii, trojans, adware, spam, etc).
//end boring//
It is with this bolded sentence on which I wish to make my point. You spend a great deal of your time holding an incredible device. A device that has wifi capabilities, GPS location, email, web-surfing, and so much more. It is precisely because of these capabilities that your phone can be exploited oh so easily.
Not to take anything away from these fine coders who are releasing these custom roms. But I have to ask you, how well do you really know them? Do you know them well enough, that you don't mind if your keys are logged and emailed to a remote server? How about letting them borrow your credit card? Or letting them know your whereabouts via GPS at any given time?
For my part, I say nay. I would need to know someone lifelong to be that trusting. I want to make it VERY CLEAR to whomever is reading this:
I am NOT advocating that any custom ROMs are rigged against you. I only wish to make you aware how you open yourself up to a potential fifteen year old coder who wants to make a name for himself in the "L337" underground.
Be a bit more cautious in what you install on your phone. The Android OS is linux-based. Meaning, you need root privileges in order to make certain changes. That is one of the strongest security points for Linux over Windows. But wait! Conveniently, these Roms root for you! How novel!
If you are a coder, and you can open up these ROMs and pinpoint exactly what is happening inside of them, kudos for you. You should be the ONLY ones who feel completely safe and smug running these. To those that can't, be wary, always. That is all and I hope I didn't anger too many with this. Twas not my intent.
Woof.
**Warning 1: Not starting flame war, give the post its due credence, before bashing me or locking/deleting thread, thanks!**
**Warning 2: somewhat lengthy post**
I was just reading the 2.1 update thread which was started yesterday. I kept seeing posts from 2 groups:
The rooters - Extolling the virtues of their rooted droids
The unrooted - Extolling the virtues of their unrooted droids
This back and forth banter between the two groups made me smile and begin to reflect upon my 15+ years in computing and the lessons that I have learned.
//begin boring-you can skip this//
Firstly, some background on me. I am 28 years young and started out on PCs just as they began booming in the early nineties. I became a full-out geek pretty much from the get-go. I had a 486 PC with Windows 3.11/DOS with maybe a 100mb HD, can't remember. Shortly thereafter, the AOL boom hit. Anyone remember "punters" and "server rooms". No? Not surprising. I was a geek even on AOL.
Only a few years later, I installed my first Linux distro, Suse. Since then, I have not looked back at Windows, installing various distros from year to year, eventually settling back to OpenSuse (my current distro). I have become the goto-guy for fixing all of my friends' and families computers. During these years, I have learned quite a bit about not only PCs in general but the software that is installed in them, ESPECIALLY the Windows crapware (ie virii, trojans, adware, spam, etc).
//end boring//
It is with this bolded sentence on which I wish to make my point. You spend a great deal of your time holding an incredible device. A device that has wifi capabilities, GPS location, email, web-surfing, and so much more. It is precisely because of these capabilities that your phone can be exploited oh so easily.
Not to take anything away from these fine coders who are releasing these custom roms. But I have to ask you, how well do you really know them? Do you know them well enough, that you don't mind if your keys are logged and emailed to a remote server? How about letting them borrow your credit card? Or letting them know your whereabouts via GPS at any given time?
For my part, I say nay. I would need to know someone lifelong to be that trusting. I want to make it VERY CLEAR to whomever is reading this:
I am NOT advocating that any custom ROMs are rigged against you. I only wish to make you aware how you open yourself up to a potential fifteen year old coder who wants to make a name for himself in the "L337" underground.
Be a bit more cautious in what you install on your phone. The Android OS is linux-based. Meaning, you need root privileges in order to make certain changes. That is one of the strongest security points for Linux over Windows. But wait! Conveniently, these Roms root for you! How novel!
If you are a coder, and you can open up these ROMs and pinpoint exactly what is happening inside of them, kudos for you. You should be the ONLY ones who feel completely safe and smug running these. To those that can't, be wary, always. That is all and I hope I didn't anger too many with this. Twas not my intent.
Woof.
Last edited:
