[Feolkin]

I'd say this is the biggest issue. I own both a rooted, unlocked Android phone and a locked Samsung tablet. I have no way to know how safe any particular custom ROM is, so there's no way I'm willingly going to use any of the banking-/payment-related apps on my phone. I find it baffling that people put their trust in people who are largely anonymous and have no accountability.

[throwaway9d0291]

Depending on what your goals are, I'd recommend going down the route I chose: run AOSP.

Tagged releases of AOSP are the same base code that all the retail distributions of Android are based on, so should be just as safe.

If you have a Pixel device, the RattlesnakeOS project [0] will allow you to run your own automated AOSP distro, complete with OTAs, on AWS. It also supports adding a few modifications like MicroG.

All but the most recent Pixel devices are also supported by GrapheneOS, which is a security-focused ROM.

Both of these projects support signed builds, so once you flash them to your device, you can lock the bootloader.

[0]: https://github.com/dan-v/rattlesnakeos-stack

[1]: https://grapheneos.org/

[Feolkin]

That's interesting, thanks. It's going to have to wait until I buy a new phone though, since my phone doesn't have anything like this. Which leads to the next problem. I bought my phone because of its crazy long battery life. Going to a Pixel is a significant sacrifice, which again annoys me about the state of Android.