[muppetman]

Can you link me to a custom ROM on XDA that was shown to have Malware?

[IncRnd]

That's a poor argument. That's like saying you didn't read this page's article, because the malware being discussed wasn't already known to you. Absence of evidence is not evidence of absence. Formally, this is called an argument from ignorance.

[Bnshsysjab]

This seems like a pretty weak argument, are you sure you want to trust a bunch of hobbiest devs with the security of your (probably) most valuable computer?

Just because something doesn’t have any know issues, doesn’t mean it’s not wise to avoid it because it flat out smells.

[devenblake]

I trust hobbiests more than I trust Google or Apple to handle my security.

[Bnshsysjab]

That really depends on your threat model, are Apple and google going to use marketing data against you? Probably.

Are they going to plant malware which steals your banking details? Probably less likely than a random binary package you found on some forum.