|
|
|
|
|
|
by jeroenhd
1906 days ago
|
|
|
I've always been wary of custom Roms that didn't come from somewhat reliable sources like the Lineage team. The response in that Xiaomi.eu thread has seriously damaged the trust I had in the xiaomi.eu ROM. I've heard good stories about the ROM but if the community, even including a developer respond, like that to an issue like that, I don't think I can trust the website anymore, so I've blacklisted it in my pihole. I believe custom ROMs published by what comes down to "a guy in a forum thread" are nice for proof-of-concept stuff, but should be considered insecure. Many of these ROMs disable security measures like selinux because these measures make it harder to get Android running correctly on proprietary hardware, removing one of the best security mechanisms the Android sandbox has for the developer's convenience. I'll never recommend anything other than established brands like Lineage, /e/ or one of the security-focused ROMs to anyone. I mistakenly thought xiaomi.eu was one of the good ones, but it clearly isn't. Do you have any other sources on popular ROMs to avoid? |
|
|
I've avoided Android development as much as I could - it's a mess. Right now I am actively reviewing what my options are for some older hardware that I would hate to toss just because of no updates. So far I unfortunately don't have any other positive suggestions, outside of Lineage and the few software/app developers that have a serious approach to development, such as Magisk for root access.
What I have seen on XDA forums was not inspiring, unfortunately. I regret not being able to suggest anyone else, so I suppose it's the unsatisfactory general "do your own research and be extremely wary" recommendation/warning.
XDA forums even have a sticky post for developers about respecting the GPL, yet most custom ROM builders don't share code nor a build manifest nor a report of what different licensed code / binary is included in their build, thinking that linking to the original GPLd code, such as xiaomi's GNU/Linux kernel github page, is enough.
Is this a satisfactory approach to you? Let us leave out the whole "spirit of the thing" debate, Free Software etc -
knowing what code your application includes, crediting it, listing the different licenses and having a manifest of binary blobs is mandatory if not for the reason of keeping track and having a sane development workflow.
So, if the majority of the ROM developers don't do it, that is an avoid them sign to me.