1

Have there been any instances of malware or spyware packaged in custom ROMs, for example a malicious email app pre-installed that records your server IMAP username and password and forwards it to a 3rd part? Or part of the kernel that takes periodic photos? With regard to custom ROMs, I mean official and unofficial releases such as Cyanogenmod, AOKP, LiquidSmooth, etc.

Chloe
  • 1,708
  • 3
  • 16
  • 30
  • 1
    It's at least very possible, but I can't confirm this so far. – Lucas Kauffman Oct 15 '13 at 06:05
  • 1
    Do [OEM ROMs with Carrier IQ](http://security.stackexchange.com/questions/9416/what-risk-does-carrier-iq-pose-exactly) count? Not intended as malware originally (it was meant to collect usage statistics and debugging data, and not to send any private or identifying data off the device), but it ended up exposing a lot on some devices. – Gilles 'SO- stop being evil' Oct 16 '13 at 18:07
  • I have since discovered all ROMs have malware because NSA. – Chloe Jan 03 '14 at 19:44

1 Answers1

4

Not in any of the popular ones as far as I've heard. But you're free to build one yourself, which would then mean that it has happened.

tylerl
  • 82,665
  • 26
  • 149
  • 230