Is cyanogenmod still the best?

[bennylava]

Hi all. I have a few questions about cyanogenmod. Their forums are somewhat... less popular, so I figured I'd ask here since I'm sure a lot of you guys use it, or have used it. So I'll just number these to make things easier. And no, I won't say what model of phone I have, cause as soon as I do, here comes some mod that thinks he's somehow helping me by moving my thread to the forum dedicated to that phone. I have to say that's the most annoying sh#+ in the world. Soon as that happens, I can kiss any replies goodbye. So forget it, and you might want to think about not doing that in the future. Sorry rant over. But I had to say it, as its happened to me several times here and it completely kills my thread. Very annoying.

Anyway here's the questions:

1. Is cyanogenmod actually more secure than vanilla android? I mean android is open source, so do they just ditch all the spy-code and telemetry stuff and adware and all the crap nobody wants? What does cyanogenmod actually do, to make things more secure for the user? And make android less pushy and spammy?

2. Is cyanogenmod still the "go to" modded OS? Or has another one came along?

3. Do people even really still use cyanogenmod?

4. Will the latest and greatest cyanogenmod, which is based on the latest android, work on older phones? Say phones that are 2 or 3 generations old?

Thanks! Hope the rant wasn't too much, but I had to get that out there. If there is a problem, its best that it be heard.

 

[Hadron]

CM was one of the early AOSP-based(*) custom ROMs, and one of those that's available on a wide range of Android devices, either officially or through people making unofficial builds for devices the CM team don't support themselves. I've never felt it was "the best" for any device I owned (in terms of speed or stability), and haven't used it for several years, but when I last did it worked well enough. The decision to use it or not will depend on how well the build for your device actually works and what else is available for that device.

You'll have gathered from what I wrote that any ROM has to be built for a specific device. Hence there is no "go to" ROM for all android devices: many will have no custom ROMs available for them, some will have a wide range of choices, and what's available for one device will likely not be available for another. For the same reason, the question of whether "the latest" will work on an older phone will depend on whether the CM team have chosen to support that device for that version or someone else has build the latest version for that device, and if so how successful they have been. There is no general answer that can be given for that: look at the CM website to see what versions they support for that device, or look at the device's forum on XDA-developers to see whether a CM build exists for it (and if so which is the latest version and what works/does not work), and while you are there see what other ROMs are available.

As for "security", when I last used CM I felt it was no more or less secure than any other AOSP ROM, but I've not followed them closely since. It doesn't come with Google apps included, but most people add them (e.g. for Play Store access). You can of course remove any you don't want/use, but once you root a phone that's true regardless of what ROM you use - just take a nandroid backup first, in case you remove something important by mistake!

(*) AOSP is the Android Open Source Project. Custom ROMs are usually based either on the manufacturer's ROM or on the open-source Android code, and the latter are what I mean by "AOSP-based". The term "vanilla android" which you use means "AOSP" to most people here, but since you talk of this including "adware" I assume you mean the ROM that came with the device, complete with whatever additions the manufacturer and carrier made (I've never had a phone come with adware installed, but would use root to remove it if it happened).

 

[aysiu]

And no, I won't say what model of phone I have, cause as soon as I do, here comes some mod that thinks he's somehow helping me by moving my thread to the forum dedicated to that phone.

The model of phone may matter, though. I was a big fan of CyanogenMod back in the day (used it for the first three Android phones I got), but then I kept waiting for a good stable rom for the Moto X 2013 to appear... never did. So I ended up getting a different rom entirely for that phone. Rom support really does vary, depending on what phone you have.

1. Is cyanogenmod actually more secure than vanilla android?

No, it's not. And I don't think it really advertises itself that way. It's rooted AOSP with some tweaks, but they're mainly for usability/performance and not for added security.

I mean android is open source, so do they just ditch all the spy-code and telemetry stuff and adware and all the crap nobody wants?

AOSP is the Android Open Source Project, and it is open source. Most roms, including Cyanogen will be based on AOSP. Vanilla Android doesn't really come with spy code or adware, nor does AOSP. If you're one of those people who believes Google is selling your information to the highest bidder, I'd suggest you take another look at their business model or talk to someone who buys Adwords from Google. That said, if you install AOSP and do not add in Google Apps, you won't have any Google Apps installed, so if you hate Google, you don't need to use Gmail, Google Maps, Drive, Chrome, or Play Store.

What does cyanogenmod actually do, to make things more secure for the user?

Nothing.

And make android less pushy and spammy?

I don't find Android pushy and spammy. Can you give an example? There are some apps I've found pushy and spammy, but I just disable notifications for those apps or uninstall them completely.

2. Is cyanogenmod still the "go to" modded OS? Or has another one came along?

I don't think there is a go-to rom. It really depends on what phone you have.

3. Do people even really still use cyanogenmod?

I do think it's dropped a bit in popularity over the years. Back in 2009-2012, it really was the go-to for almost every device. I think once they got in bed with Microsoft last year, their priorities have shifted a bit.

4. Will the latest and greatest cyanogenmod, which is based on the latest android, work on older phones? Say phones that are 2 or 3 generations old?

No, because each Cyanogen rom is built for a specific phone model. I think you'd be hard-pressed to find Marshmallow or Lollipop rom for HTC Magic.

 

[bennylava]

Thanks for the replies. Very informative. I've found adblock browser, that will help with the ads while I'm using the phone to check something online. So that helps. Ditched Dolphin for adblock browser.

However, when it comes to the information gathering, if you're saying cyanogenmod does nothing for this, then I really can't see any reason to install it. Android is still an OS just like windows is, so I wouldn't think it would be too much of a stretch to think they're running some telemetry just like windows does or at least wants to. Take a look at these updates to windows 7 just as an example:

http://www.wilderssecurity.com/threads/list-of-windows-7-telemetry-updates-to-avoid.379151/

And that's just a few. There are a lot more updates to avoid, if you keep reading that thread. Not all of them are geared towards data collection, but certainly enough are that a savvy person may want to just skip those updates. Are yall saying that this doesn't happen with every new version of android?

As for their other services, I don't use Gmail, Drive, or Chrome. I find chrome unneccesary when Firefox exists, I don't know what drive is but I have my own GPS, and if you read the TOS for Gmail, it essentially says that your data is theirs. So I use some off-the-beaten-path email service. I do try to avoid using google's products and services, however I do use some of them. I do use the play store, and I do use android, and I do use google maps and their search engine. And I watch youtube videos. The rest though, I try not to participate in.

 

[Crashdamage]

As was said, ASOP Android has no tracking or information gathering. It's open source, the code is open for examination. If any spycode was there we would know. IMHO worrying about such stuff kinda pointless, but I can't say I blame you for it either. Here's an old rant of mine about tracking, data mining etc:
http://androidforums.com/index.php?posts/6926097

Sorry, but using that off the beaten path email service is likely making little, if any, difference. Your email is still monitored. But you might take a look at this:
http://androidforums.com/index.php?posts/7051405

Android is a pretty secure system by design. Here's some things to consider:

1. Use a password or pattern lock to keep people out.
2. Use a secure browser. For example, Firefox has a Private Browsing mode, a wide selection of blockers, phishing and privacy protectors, etc. AdBlock Plus is very good with Firefox. Some other browsers have special security features.
3. Be very careful where you get software. Use only reliable, trustworthy sources, basically the Play store and Amazon. And be wary of what you get even there. Lotsa stuff to be avoided. See this:
http://forums.androidcentral.com/ge...591608-antivirus-android-not.html#post4752098

4. In Settings > Security > Device administration leave Unknown sources disabled. If you must enable it to do an install don't forget to disable it when done.
5. IMHO antivirus is kinda worthless. Instead of antivirus apps install Common Sense. Use it at all times. That is the most effective protection.
6. Do not root the phone unless you have the knowledge and willingness to do the firewalling and other work necessary to secure a rooted device. Rooting breaks basic Android security features such as user permissions and sandboxed apps.
Of course, this would rule out CM or other ROMs unless you know how to secure a rooted device. See this:
http://androidforums.com/threads/to...pros-and-cons-of-rooting.935413/#post-7050355

7. Pay attention to permissions requested by apps during installation.
8. Use 2-step authentication.
9. Use Android Device Manager or a similar app to locate, remotely ring, lock or wipe data on the phone if lost.

Want to take this further? In addition to the points above, you can:

1. Encrypt the phone but there are pros and cons to doing it.
2.. To take secure Browsing a step further, use Orbot, which is Tor for Android if you really wanna stay anonymous. Gibberbot is instant messaging on Tor.
3. If not Orbot, use a VPN with a secure browser.
4. Rooting breaks security on the phone somewhat. To secure the phone, install iptables and configure firewalling. This is an excellent, very interesting and informative thread about firewalling and security for rooted devices. A MUST read for those interested. http://androidforums.com/index.php?posts/7050355

5. Use an app locker, password protect files, etc.

There's even more you can do, the list could certainly get longer. You can go crazy on paranoid security stuff. And of course there's the Blackphone, or the ultimate, the Granite phone.

Personally, I don't let paranoia take over my life. I freely use a lot of Google services, cloud storage, etc. I just keep privacy settings under control and go. But do what makes you comfortable.

To keep Google under control go to Google Dashboard:
https://www.google.com/dashboard/

You can control all your Google account settings from there. You can opt out of ads, search history, location tracking, edit your profile information and privacy settings - you don't have to allow Google to keep information about much of anything. You just have to take a little time to go through the options and set things to your liking.

 

[Hadron]

Re. data collection your bigger problem is apps rather than the base OS itself. Of course an unrooted phone running a carrier's version of Android is likely to contain more potentially unwanted apps than an AOSP ROM with few added apps (I've played the game of stripping ROMs down to the bare minimum too), and some manufacturers include stuff that some of us have doubts about (e.g. Samsung have started including code from Cheetah Mobile in some of their phones, which rings all sorts of alarms). So you could argue that a different ROM may contain fewer privacy invading apps than the default, but it won't automatically provide extra protection against privacy invasion by apps you install, which I think is what you hoped (and as noted, you can disable or remove most unwanted apps, even more so if rooted, even without changing ROMs).

That said, there are things you can do. As Crashdamage says, you can install a firewall if rooted, and apps that don't need network access to do their job can be cut off from it. Since 4.3 you've been able to use App Ops to deny certain permissions to installed apps (requires root since 4.4.2), so you can e.g. stop apps accessing your location. Of course some apps may break if you do this, but I've not had problems myself (but I'm somewhat careful what I install anyway). In 6.0 there's a new permission system which gives the user much more control, but I've not tried that yet.

Otherwise it's a matter of finding the right balance for you. I personally root, and hence use firewall, systems wide ad blocker and app ops. But more importantly I check an app's permissions are appropriate for what it does and don't install otherwise. I use the Play Store, very limited traffic on a GMail account (not main account), occasionally Google Maps (more commonly OSM based mapping apps), but uninstall Google Now/Search and do not use wireless network based location (which means weather apps don't know my location but also that I'm not constantly sharing it with Google). I don't install Chrome, but mainly use Ghostery (built in tracker blocking, also available as add on for Firefox) for browsing. Other people will find a different balance suits them better.

P.S. Google Drive is cloud storage, not navigation.

 

[Crashdamage]

Just a note... I did a LOT of editing to my previous post. If you read it a while ago take another look. Thanks!

 

[mikedt]

As for their other services, I don't use Gmail, Drive, or Chrome. I find chrome unneccesary when Firefox exists, I don't know what drive is but I have my own GPS, and if you read the TOS for Gmail, it essentially says that your data is theirs. So I use some off-the-beaten-path email service. I do try to avoid using google's products and services, however I do use some of them. I do use the play store, and I do use android, and I do use google maps and their search engine. And I watch youtube videos. The rest though, I try not to participate in.

Are you using Google to find your way about or not? Drive is online storage, not maps. Anyway, you're apparently still using more Google services than I do.

 

[bennylava]

Well I don't really think of myself as spinning around in some kind of paranoid delusion. I just want to be as secure as I can be. And in reality, doing that is probably enough. Running a firewall, having avast antivirus, and taking all the necessary steps are likely going to cut out 99% of the crap you don't want to happen. Using Tor browser on your PC probably does the same. That's all I'm really concerned about, just being as secure as I can be.

However, I did install the firewall for the first time. I used one called "Android Firewall". Found it in the play store and watched a youtube vid about it. There's two google services used lol. Anyway, to test it, I left dolphin browser unchecked. It says whitelisted items are to be checked. So I tried to use dolphin browser, and it still works. Shouldn't it be unable to connect?

Lastly, does anyone have a common whitelist for your basic android firewall? Stuff that isn't so obvious. Some things on that list, look kind of like the android system files that you'd see when looking through Titanium Backup. I'd like to know which of those I need to whitelist, so that my phone does function properly.

 

[Hadron]

Are you rooted currently? Most firewalls are ineffective without root.

Since you mention Avast! I believe that has a firewall feature included. I'm currently using AFWall+, and can confirm that works (provided you remember to "apply" rules after ticking the boxes). These days I'm running in "blacklist" mode (with a global default of "no roaming access"), but AFWall+ always prompts me if I install a new app so there's no danger of my forgetting to set a rule for it.

When I used to use a whitelist I never made a particular note of what I whitelisted. I just enabled apps that I thought needed access (web browsers, email apps, Play Store/services, etc), then if something didn't work I included the firewall on my list of basic checks. I don't think there were a lot of system services that actually needed network access, but your usage and mine might differ.

 

[bennylava]

Yeah I rooted. I couldn't install a lot of the programs I wanted to run, unless I had administrator rights.


But if cyanogenmod was never really about security, then what would be the point in installing it? What did it have to offer, that oem android didn't? Just a few added perks and features?

 

[aysiu]

But if cyanogenmod was never really about security, then what would be the point in installing it? What did it have to offer, that oem android didn't? Just a few added perks and features?

For me, it had four major things (this was back in the 2009-2012 days):

1. Latest Android version when OTAs are slow / non-existent.
2. Long-press on the volume keys to skip music tracks.
3. More items in the power menu (including reboot—not just shut down).
4. Easily-switchable themes.

 

[bcrichster]

Yeah I rooted. I couldn't install a lot of the programs I wanted to run, unless I had administrator rights.


But if cyanogenmod was never really about security, then what would be the point in installing it? What did it have to offer, that oem android didn't? Just a few added perks and features?

Also most, if not all Cyanogenmod has OC (OverClocking) capabilities built into the kernel which allows your device to run faster than stock settings and can take out the stutter of graphically intensive games and/or other apps. Which.. Is pretty important to me. Be careful tho cuz the added boost can also cause higher heat generation and no one is responsible for what YOU do with a rooted device, hence the voided warranty accrued with said Rooting. I Root, I OverClock, and I certainly love every second of it. In fact, I quit buying devices without existing Root capabilities.

 

[Hadron]

It may also simply be faster. Most manufacturers add their own features to Android, and some of them (I'm looking at you, Samsung!) can be very heavy. So just being stripped of that stuff (as long as none of it is important to you) may be enough to improve the phone in some people's eyes.

For example, with my M7 I've kinda liked HTC's UI, so I'm still running a custom ROM based on the HTC code but with extra controls and features added (and some stuff removed). It's also based on the M9's software, so contains things that were never released for the M7. But on my previous phone I hated the earlier version of the HTC software, and so replaced that with an AOSP ROM (actually I probably used about 20 different ROMs at one time or another, plus various kernels in addition - there was a lot of development for that handset), giving me both a cleaner interface and a faster phone. Nothing to do with security, just optimising speed, battery life, usability and storage usage (the last being less of an issue these days than it was then). It was also easier to customise the look and feel ("theming") than with the stock software.

So there can be many reasons. And of course if you take a nandroid backup of your current setup (a backup made with a custom recovery) it's quite simple to install a different ROM and if you don't like it just restore the backup. I would say though that the first time you try that it's best to give it a couple of days: if you are used to something the first thing you notice with a new ROM is likely to be all the drawbacks - things that aren't there, or things that are done "wrong" (i.e. differently from what you are used to) - and it can take a little longer to appreciate the positives and make a balanced decision.

 

[Crashdamage]

I've said this many times, but once more...I used to root every phone as soon as I got it out of the box, if possible. Now I find Android and the better mid to high end phones are so good I just don't need to. I still putz around with rooting a spare Nexus a little just to keep a hand in it, but I don't need to. The hardware doesn't need overclocking. I don't need features that stock Android doesn't supply or I need root to add. I leave my daily driver Nexus phone bone stock except for, of course, Nova launcher and my usual collection of favorite apps.

Again, I refer you to this excellent thread where some statements by Cyanogenmod's Kondik are discussed and Early Mon educates us on proper security for rooted devices. My Marshmallow-powered Nexus 4 is secure. Are you rooters secure?

http://androidforums.com/index.php?posts/7050355

 

[bcrichster]

Never Root/ROM a device before connecting to your Carrier unless it's just a tablet without phone capabilities cuz some Rooting methods corrupt certain files that enable Carrier connection, as well as custom ROMs not having the Carriers hidden menus and dialer codes some Carriers require for activation. Connect 1st then Root/ROM. [emoji41]

 

[Hadron]

I think you are assuming a CDMA network there: if you are using a GSM handset there is no need for the carrier to activate the phone, just stick your SIM in it (as long as it's not locked to another carrier) and that's the job done .

However, I would certainly give the phone a few days to make sure everything is working properly before rooting - if I have to return it because of a manufacturing fault I don't want to have rooted it first, because I don't want them to try to claim it's my fault.

 

[bcrichster]

I think you are assuming a CDMA network there: if you are using a GSM handset there is no need for the carrier to activate the phone, just stick your SIM in it (as long as it's not locked to another carrier) and that's the job done .

However, I would certainly give the phone a few days to make sure everything is working properly before rooting - if I have to return it because of a manufacturing fault I don't want to have rooted it first, because I don't want them to try to claim it's my fault.

I figured it would be a good precaution for all devices, regardless of Carrier

 

[bennylava]

Is there pretty much a different method of installing a new ROM, on each phone? I have the Samsung Galaxy S4, and I'll have it for a couple more years. I keep a phone for about 4 years because its just too expensive to upgrade to the latest and greatest every year. I hope they'll be on the S7, or the Note 5 when its finally time for me to upgrade. Usually the phone is pretty well worn out by the time I finally upgrade. Doesn't bother me one bit. Plus it makes upgrading really nice, as several generations have gone by and the difference is awesome.

So what would be the easiest method of installing a good custom ROM on my Samsung Galaxy S4? I'd like a somewhat stripped down ROM, so that the phone will run as fast as it can. Maybe not totally stripped down, but as samsung and ATT are both known for bloating up a phone, it would be nice to ditch all of that and start anew.

 

[Crashdamage]

I've never owned a Samsung so I can't say specifics to your S4 but I can offer some general guidelines...

The method to root a phone varies and for a popular phone like the S4 there's very likely more than one way to do it. There's also going to be a choice of ROMs, recoveries, etc. IMHO I would look for an ASOP Marshmallow ROM (that's nothing but pure, unadulterated plain vanilla Android, the best kind) and a Gapps package to match so you have the Play store. For me a custom recovery is mandatory. Clockworkmod and TWRP are both good but I'm a TWRP guy. Don't forget to install SuperSU and any other utilities you want. A little looking around in the S4 section of the forum, in XDA Developers or just Googling will find what you need.

Finally, don't forget that using a rooted phone you're responsible for securing it. Please read the link provided in post #15 and follow Early Mon's good advice.