Multiroms are based on kexec kernel patch. Apart from being used for purposes it was NOT designed for, its implementation on Android creates glaring security holes. In addition, those roms are developed by those who have absolutely no concept of device security and most of the time don't know what they are doing. In some cases multiroms are "developed" by 16 year olds. Not that I have anything against 16 year olds, but you are not going to place teenagers in charge of OS security. To show you how dumb some of those "devs" are, here is an excerpt from boiler plate explanation regarding security:
"All the ROMs are stored in /sdcard/multirom/roms or on an USB drive./external SD card. This folder is unaccessible in Android, to prevent mediascanner from scanning it."
This folder is unaccessible in Android?!. Well, yes, if your Android is on system partition as in regular roms, but your Android is on SD card, the same card you claim is inaccessible. LOL.
Multiroms are based on Kexec, a linux kernel patch, which allows to put another kernel into ram and have a different operating system on your device.
First of, Kexec was created for large systems where rebooting is a lengthy process and big headache, as opposed to 20-40 seconds that is needed to reboot a smartphone. Contrary to popular beliefs, kexec is not designed to have dual boot, such as Windows and Linux on the same system. The standard way is where your drives are partitioned and can have separate and independent operating systems with their own kernels.
Another myth is that kexec can go around locked bootloaders and allow to have custom roms on those devices. Nothing can be further from the truth. Kexec has to be enabled in the original kernel which cannot be modified on locked bootloaders. Nor can you create a module outside of the original kernel that can work. By the way, to have a custom rom on locked bootloaders is possible without multiroms and it was successfully done on several devices including Xperia S and ION: just head for the development thread and see CM10, Slimbean, AOKP and Pacrom all for locked bootloaders. It works without multiroms.
Third and the main one: multiroms run from SD cards, which are wide open on an active device whether encrypted or not. By the way, that is one of the reasons that Google, in whose mind privacy is priority number 100001, has restricted access to SD in Kitkat. Nothing could be easier to get malware on sd card while browsing and out of there, it can take control of the entire system. So, if your rom is running on SD card, you have no security, your device is fully open to the whole world.
A minor point. Since multiroms use TWRP recovery, what is the benefit of having multiroms (even if there was no security threat), as compared to having several roms backed up and restored as needed. For example, I have Dirty Unicorn as my main rom, but I also have Carbon and Beanstalk saved on SD card. If I am tired of Dirty Unicorn, I can go to TWRP and restore Carbon, then Beanstalk, then return to Dirty Unicorn. The time difference is 3 minutes it takes to restore a backed up rom. But unlike multiroms, my roms are reasonably secure.
"All the ROMs are stored in /sdcard/multirom/roms or on an USB drive./external SD card. This folder is unaccessible in Android, to prevent mediascanner from scanning it."
This folder is unaccessible in Android?!. Well, yes, if your Android is on system partition as in regular roms, but your Android is on SD card, the same card you claim is inaccessible. LOL.
Multiroms are based on Kexec, a linux kernel patch, which allows to put another kernel into ram and have a different operating system on your device.
First of, Kexec was created for large systems where rebooting is a lengthy process and big headache, as opposed to 20-40 seconds that is needed to reboot a smartphone. Contrary to popular beliefs, kexec is not designed to have dual boot, such as Windows and Linux on the same system. The standard way is where your drives are partitioned and can have separate and independent operating systems with their own kernels.
Another myth is that kexec can go around locked bootloaders and allow to have custom roms on those devices. Nothing can be further from the truth. Kexec has to be enabled in the original kernel which cannot be modified on locked bootloaders. Nor can you create a module outside of the original kernel that can work. By the way, to have a custom rom on locked bootloaders is possible without multiroms and it was successfully done on several devices including Xperia S and ION: just head for the development thread and see CM10, Slimbean, AOKP and Pacrom all for locked bootloaders. It works without multiroms.
Third and the main one: multiroms run from SD cards, which are wide open on an active device whether encrypted or not. By the way, that is one of the reasons that Google, in whose mind privacy is priority number 100001, has restricted access to SD in Kitkat. Nothing could be easier to get malware on sd card while browsing and out of there, it can take control of the entire system. So, if your rom is running on SD card, you have no security, your device is fully open to the whole world.
A minor point. Since multiroms use TWRP recovery, what is the benefit of having multiroms (even if there was no security threat), as compared to having several roms backed up and restored as needed. For example, I have Dirty Unicorn as my main rom, but I also have Carbon and Beanstalk saved on SD card. If I am tired of Dirty Unicorn, I can go to TWRP and restore Carbon, then Beanstalk, then return to Dirty Unicorn. The time difference is 3 minutes it takes to restore a backed up rom. But unlike multiroms, my roms are reasonably secure.
Aucun commentaire:
Enregistrer un commentaire