I guess you're talking about XDA here. First, I've been using roms from XDA for three years and I've yet to hear of any rom being a security issue with rogue code or the like. In fact, many of the custom roms are probably more secure than stock roms, as devs will respond and fix issues in a matter of days. And there are enough devs floating about on there that anybody posting suspicious code would soon be caught out.
Yes I am referring to sites like XDA. Assuming the custom ROMs themselves don't contain malicious code, I do agree that the ROMs are quite often more secure than the official ROM posted by the carrier. Unfortunately this is actually a huge negative to Android. Think about it, if you at unwilling to replace your
entire operating system with an unofficial one posted by random people in a forum, you will be forced to live with an inherently insecure operating system, with known security holes that are unplugged.
As someone who deals with high-security government agencies on a daily basis, there are red flags all over that scenario. Imagine if HP refused to patch your Windows installation, and you were forced to either live with security holes, or apply an unofficial Windows patch from a website forum posted by random people. Actually, it's much worse than that. Since HP won't patch your Windows installation you have to replace your entire Windows install with an unofficial one posted by a random person on a website forum.
You shouldn't have to play Catch-22 with security.
I disagree with your contention that there are enough devs to assure there is no malicious code in any of the hundreds of ROMS currently posted on that site. When you consider that rootkits go undetected on Windows machines for months or even years, with paid professionals in charge of their security, I don't think you can make that conclusion.
While I agree there haven't been any publicized outbreaks yet, that does not mean there haven't been any infections, or that there won't be any moving forward.
Got a source for that? Not saying you're wrong, but spouting stuff like this without backing it up is half the problem in the iOS/Android debate.
And let's not pretend Apple's approval process is perfect.
Sure, here's the first one I found, I'm sure there are more:
Malware in Android Market highlights Google's vulnerability
Worse, it exploited security flaws to root the phone, and installed a backdoor application that allows further software to be installed to the handsets.
This is serious. The link you gave on iOS was simply an app doing what the user gave it permission to do. There are many legitimate reasons for uploading contacts (WhatsApp), or photos (Facebook). There are no legitimate reasons for the behavior of the Android Malware I linked to above.
This is more to do with app developers than Android, and is also an issue on iOS (see
here and
here).
I am referring to the default email app on the Android device, this is an Android issue, not a third party developer issue. I would guess that almost everyone on Android has given the default email app their username and password, at least to try it out.
Again, got a source for that?
I was not referring to any specific Android attack, only that this is a danger when your email is compromised. I will give some examples of how this can happen:
- Same password on your email account as your bank account
- The hacker goes to the bank website, clicks "forgot password" and retrieves it from your email.
- The above two examples can be used to find your Amazon account info, or your Paypal info...etc
- http://krebsonsecurity.com/2012/03/hacked-inboxes-lead-to-bank-fraud/
- There may be enough personally identifiable information to open lines of credit in your name. All they need is a social security number and address. Have you ever emailed yourself a copy of your W2? If so a hacker can access it.
There are enough articles online highlighting the dangers of your email being hacked, I don't think I have to get into it here.