privacytools.io icon indicating copy to clipboard operation
privacytools.io copied to clipboard

Published 20 hours ago • verified publisher icon privacytools

🆕 Software Suggestion | custom android ROM crdroid

Open winterwolf45 opened this issue 3 years ago • 6 comments

Basic Information

crDroid is a customized fork of Android based on LineageOS. crDroid: ** Android-based Operating Systems:** https://crdroid.net/:

Description

They claim increase privacy of our users with top-notch security options

Why I am making the suggestion

because of i think it's better than LineageOS and have support More mobile in list devices

My connection with the software

Just for the sake of mobile support and further security claims

winterwolf45 avatar Jul 09 '21 11:07 winterwolf45

List the main advantages of crdroid over Lineage OS. If this ROM is based on Lineage OS, why does it suddenly support more devices?

t1011 avatar Jul 10 '21 10:07 t1011

https://stats.crdroid.net/ so they do collect data on their users. There is a mention of a privacy policy but I cannot find it. Stats are not opt-in. Also wonder why they didn't contribute to Lineage-OS instead of creating yet another unofficial build.

ph00lt0 avatar Jul 10 '21 17:07 ph00lt0

I tried out crDroid on an old phone I had lying around in order to compare it to LineageOS (which I've used for about a year now). Here's my two cents on the pros and cons of crDroid, for what it's worth:

PROS:

  • Appears to support more devices than LineageOS, according to their website.
  • The look and feel is very similar to LineageOS, but crDroid has more customization options.

NEUTRAL:

  • Is up-to-date with the latest security patches, just like LineageOS.
  • Analytics are opt-in via an option in Settings, unlike what some other comments in this thread seem to suggest (see image below).
  • Both LineageOS and crDroid break Verified Boot, an important security feature implemented in some phones (most notably Pixel devices). If I had a choice, I wouldn't use either.

CONS:

  • Signature spoofing is enabled as a permission for all apps. While as experienced users we know to NEVER grant any app that permission (except maybe MicroG after you've verified the signatures some other way), less experienced users might accidentally grant that very dangerous permission to a malicious app, which would compromise the integrity of the Android security model. LineageOS does not implement signature spoofing and therefore does not have this problem.
  • Debug mode is enabled, on by default, and allows connections from any computer without a confirmation dialog! This allows anyone with adb and a USB cable to install arbitrary apps, run arbitrary shell commands on your phone, steal photos and other data from internal storage, and maybe even get root access without the need to unlock your phone. Worst of all, there's no way to turn it off unless you do some really hacky things with adb, which the average user would not know how to do. Needless to say, this is a large con in the security and privacy of the software. Unlike crDroid, LineageOS has debug mode off by default to keep your phone secure.
  • Unlike LineageOS, where the privacy policy is under a clearly labelled "Legal" page on the website, the privacy policy on crDroid's website is either nonexistent or extremely difficult to find, which does not bode well for them. Those interested could always email the developers, however.
  • Not sure if it's just my device getting older, but crDroid seems a bit slower than LineageOS when freshly flashed onto my phone.

Not to mean any offense (as I'm sure you have your reasons for submitting this software), but I fail to see the advantages that crDroid offers over LineageOS in regards to privacy and security. To be honest, most of the cons revolve around privacy and security, and the pros aren't particularly important for experienced users. For example, power users could just compile LineageOS from source if their device wasn't officially supported and apply customizations to their device through Xposed or Masigk.

1921df71-1d26-43d7-bbdc-a74d0d53260a

EIAWsWRm avatar Jul 12 '21 12:07 EIAWsWRm

Glad to see stats are opt-in unlike described in the legal section. I have high doubts about the trustworthiness of this ROM. The security problems described by @EIAWsWRm are huge. A ROM like that should not be used by an average user.

ph00lt0 avatar Jul 12 '21 12:07 ph00lt0

Policy FYI https://crdroid.net/legal.php

gwolf2u avatar Sep 13 '21 03:09 gwolf2u

I don't remember if USB Debugging comes enabled out of the box or not but there's always a confirmation dialog. Also once the permission been granted it still asks for confirmation after a while. I settled on crDroid for my primary device about 2 years ago and I haven't needed to try out any other ROM.

atonement87 avatar Sep 13 '21 03:09 atonement87