Custom ROMs, Security, and Google Wallet

[AdamHLG]

A thought occured to me today that with root access and custom ROMS being circulated on the internet, coupled with the custom Google wallet app that many are using with their VGN to play around or otherwise, that security has to be a concern. So I have a question.

Root access is one thing. Root access and storing your credit card information on an Android open source code rooted phone with a custom ROM is another. So in Google Wallet, is it safer to use the Google Prepaid Card instead of the (one) credit card that can be registered in the app? That way there is only a limited amount of "money" on the phone.

As I type this I thought of another question. By rooting the phone and installing a custom ROM, have we just opened our entire phone filesystem, setting, preferences, and databases onto the internet? Can a custom ROM contain hidden spy software? Should identity theft be a concern with what we keep on our phones?

Or am I typing crazy talk?

 

[fatboy97]

LOL... where to start... should you be concerned... sure you should be, but you have to grant superuser access to any apps that would need superuser rights, so you should know what apps are doing what on your device and why something would need SU access.

Could a custom ROM include some identity theft software... I'm sure it could happen, but other programmers would see that and it would not last very long on any programmer's website like XDA or RootzWiki.

At least that is my take on what you are asking.

 

[digitalslacker]

A thought occured to me today that with root access and custom ROMS being circulated on the internet, coupled with the custom Google wallet app that many are using with their VGN to play around or otherwise, that security has to be a concern. So I have a question.

Root access is one thing. Root access and storing your credit card information on an Android open source code rooted phone with a custom ROM is another. So in Google Wallet, is it safer to use the Google Prepaid Card instead of the (one) credit card that can be registered in the app? That way there is only a limited amount of "money" on the phone.

As I type this I thought of another question. By rooting the phone and installing a custom ROM, have we just opened our entire phone filesystem, setting, preferences, and databases onto the internet? Can a custom ROM contain hidden spy software? Should identity theft be a concern with what we keep on our phones?

Or am I typing crazy talk?

Regarding Wallet, I'd be less concerned about that. As I understand it much of the security around NFC is really at the hardware level. Technically the transmission of NFC data isn't encrypted but the data it's passing is encrypted and tokenized and that's pretty locked down. The security protocols are what made it so hard for people to get Wallet working on hardware like the GNex. I believe that was done without compromising anything.

With respect to the general security risks posed by a custom ROM, sure that could be a problem but to my knowledge it hasn't been yet. I'm personally not that concerned, but if you are just find a good dev that people seem to know and you should be OK.

 

[AdamHLG]

Well I do feel a bit better after seeing these responses. I get bouts of paranoia I guess.