| But it's even worse than that. People run random operating systems on devices they carry 24/7. Devices with microphones, multiple cameras, access to personal and work email, text messages, passwords, your location. And there are so many places for things to wrong. Any one of the following could be malicious, incompetent, or compromised: * The ROM's maintainer. There are many groups here, for example many ROMs are based on ParanoidAndroid, which is based on Cyanogenmod, which is based on AOSP. * The device maintainer. Typically each brand/model device has its own volunteers to maintain any proprietary blobs or special upgrade process * The hackers who provide special binaries that root each device, unlock the bootloader, etc. * The added packages you typically get separately from the ROM, for example Google Apps. * The build machine, typically just some random box donated semi-anonymously by someone * The web hosting (without TLS, of course) provided by some other random person. I love Android. I compile and run my own ROM. But the current scene scares the shit out of me. |
How much would it cost to buy off, for example, the entire radio hardware/firmware team at a manufacturer in your own country (meaning pretty much either China or South Korea), and on a governmental scale how reasonable or unreasonable is that number?