[guardian-dev] Running third-party ROMs securely

[Hans-Christoph Steiner]

On 09/20/2012 01:36 PM, Abel Luck wrote:
> This might be a dumb question, if so feel free to layabout me with the
> nub-hammer.
> 
> Question: Is there a way to install a third-party ROM and then un-root
> your phone?
> 
> More Words: Rooting is inherently evil IMHO. It breaks the
> security-by-isolation principle. Unfortunately, I would like to run some
> 'cleaner' android builds (AOSP/CM, etc).
> 
> The problem seems to be of course, that even if you don't root your
> phone (all Hail the Sandbox!), the vulnerability still exists, and
> depending on the exploit, you could be rooted by a malicious app or
> malicious USB plug.
> 
> Corollary Question: When you root, and install su binaries and an su
> java app, is the old exploit patched/closed?

Many devices don't try to prevent you from rooting your phone.  In that
situation, the 'exploit' is that you have full access to your file
system from the recovery boot loader.  To fix that, you'll need to write
your own boot loader.

> Corollary Words: This obviously depends on the phone I suppose, but is
> there even a single case of patching/disabling the original exploit?

I'm guessing that CyanogenMod and probably also AOSP actively tries to
include known fixes to exploits.

> Despair: No matter what we do, the root vulnerability exists. So
> refusing to root and use custom ROMS/root apps (Hail the Sandbox!),
> doesn't matter.
> 
> Might as well root + use a custom ROM (Praise the Open!), and live with
> the fact you're rootable regardless?
> 
> ~abel
> 
> PS: in retrospect the subject of this email should s/third-party
> ROMs/Android/


Its very difficult to break the 'physical access == pwnage" formula.
With full disk crypto, there is always the bootloader.  With your
bootloader on your USB key, you might leave that unattended.  Or they
just club you until you give them your password or yubikey.  And I guess
with each step, you asymptotically approach true security ;)

.hc