NominallyMusing

Thank you for doing Linux ports!

Kekekeke

Hi, CyanogenMod team, long time fan. My question is: with the recent leaks, what can we look forward to regarding Cyanogenmod/general Android security and privacy?

In my mind, the two critical threats are: apps that ask for unneeded permissions & exploits

Incognito mode for apps is a great option to have, to keep apps in check as to what permissions are allowed. Too many developers overstate their requirements. While many Android fans enjoy moding their phones, I must agree with Steve's recent "Death of Root" g+ post. Root compromises your mobile device security, and there are better ways to do certain things that would normally require root. Now, I don't believe in removal of user choice, that's why I'm on Android...Obviously, for those that "need" root, there is ADB, or countless custom ROMs with security features (like setuid/setgid restrictions) removed.

For the Linux side of things, Google is pushing SELinux. My issue here is that it is "only" an access control model. There are alternative options, like grsecurity (with PaX) that actively restrict attack vectors for kernel level exploits. The biggest hurdle I see is grsec is not included upstream, however I have seen other projects like Guardian Rom implement it. Later Android versions do include some ASLR features, but not to the full extent of what PaX provides.

I'm a Linux sysadmin, but I admit I don't know the specifics of the Android model to know how much would break. However, with the growth of the Android system's popularity around the world, it's obviously a desirable platform to attack. I feel that the more security/privacy features, the better...even if that means I could lose the functionality of xyz.

Thanks for all your work on Android! I hope to try out 10.2 on my S4 soon.