🆕 Software Suggestion | custom android ROM crdroid #2369

Open
opened 2021-07-09 11:39:22 +00:00 by winterwolf45 · 6 comments
winterwolf45 commented 2021-07-09 11:39:22 +00:00 (Migrated from github.com)

Basic Information

crDroid is a customized fork of Android based on LineageOS.
crDroid:
** Android-based Operating Systems:**
https://crdroid.net/:

Description

They claim increase privacy of our users with top-notch security options

Why I am making the suggestion

because of i think it's better than LineageOS and have support More mobile in list devices

My connection with the software

Just for the sake of mobile support and further security claims

## Basic Information crDroid is a customized fork of Android based on LineageOS. **crDroid:** ** Android-based Operating Systems:** **https://crdroid.net/:** ## Description They claim increase privacy of our users with top-notch security options ## Why I am making the suggestion because of i think it's better than LineageOS and have support More mobile in list devices ## My connection with the software Just for the sake of mobile support and further security claims
t1011 commented 2021-07-10 10:00:48 +00:00 (Migrated from github.com)

List the main advantages of crdroid over Lineage OS. If this ROM is based on Lineage OS, why does it suddenly support more devices?

List the main advantages of crdroid over Lineage OS. If this ROM is based on Lineage OS, why does it suddenly support more devices?
ph00lt0 commented 2021-07-10 17:46:42 +00:00 (Migrated from github.com)

https://stats.crdroid.net/ so they do collect data on their users. There is a mention of a privacy policy but I cannot find it. Stats are not opt-in. Also wonder why they didn't contribute to Lineage-OS instead of creating yet another unofficial build.

https://stats.crdroid.net/ so they do collect data on their users. There is a mention of a privacy policy but I cannot find it. Stats are not opt-in. Also wonder why they didn't contribute to Lineage-OS instead of creating yet another unofficial build.
EIAWsWRm commented 2021-07-12 12:19:37 +00:00 (Migrated from github.com)

I tried out crDroid on an old phone I had lying around in order to compare it to LineageOS (which I've used for about a year now). Here's my two cents on the pros and cons of crDroid, for what it's worth:

PROS:

  • Appears to support more devices than LineageOS, according to their website.
  • The look and feel is very similar to LineageOS, but crDroid has more customization options.

NEUTRAL:

  • Is up-to-date with the latest security patches, just like LineageOS.
  • Analytics are opt-in via an option in Settings, unlike what some other comments in this thread seem to suggest (see image below).
  • Both LineageOS and crDroid break Verified Boot, an important security feature implemented in some phones (most notably Pixel devices). If I had a choice, I wouldn't use either.

CONS:

  • Signature spoofing is enabled as a permission for all apps. While as experienced users we know to NEVER grant any app that permission (except maybe MicroG after you've verified the signatures some other way), less experienced users might accidentally grant that very dangerous permission to a malicious app, which would compromise the integrity of the Android security model. LineageOS does not implement signature spoofing and therefore does not have this problem.
  • Debug mode is enabled, on by default, and allows connections from any computer without a confirmation dialog! This allows anyone with adb and a USB cable to install arbitrary apps, run arbitrary shell commands on your phone, steal photos and other data from internal storage, and maybe even get root access without the need to unlock your phone. Worst of all, there's no way to turn it off unless you do some really hacky things with adb, which the average user would not know how to do. Needless to say, this is a large con in the security and privacy of the software. Unlike crDroid, LineageOS has debug mode off by default to keep your phone secure.
  • Unlike LineageOS, where the privacy policy is under a clearly labelled "Legal" page on the website, the privacy policy on crDroid's website is either nonexistent or extremely difficult to find, which does not bode well for them. Those interested could always email the developers, however.
  • Not sure if it's just my device getting older, but crDroid seems a bit slower than LineageOS when freshly flashed onto my phone.

Not to mean any offense (as I'm sure you have your reasons for submitting this software), but I fail to see the advantages that crDroid offers over LineageOS in regards to privacy and security. To be honest, most of the cons revolve around privacy and security, and the pros aren't particularly important for experienced users. For example, power users could just compile LineageOS from source if their device wasn't officially supported and apply customizations to their device through Xposed or Masigk.

1921df71-1d26-43d7-bbdc-a74d0d53260a

I tried out crDroid on an old phone I had lying around in order to compare it to LineageOS (which I've used for about a year now). Here's my two cents on the pros and cons of crDroid, for what it's worth: PROS: - Appears to support more devices than LineageOS, according to their website. - The look and feel is very similar to LineageOS, but crDroid has more customization options. NEUTRAL: - Is up-to-date with the latest security patches, just like LineageOS. - Analytics are opt-in via an option in Settings, unlike what some other comments in this thread seem to suggest (see image below). - Both LineageOS and crDroid break Verified Boot, an important security feature implemented in some phones (most notably Pixel devices). If I had a choice, I wouldn't use either. CONS: - Signature spoofing is enabled as a permission for all apps. While as experienced users we know to NEVER grant any app that permission (except maybe MicroG after you've verified the signatures some other way), less experienced users might accidentally grant that very dangerous permission to a malicious app, which would compromise the integrity of the Android security model. LineageOS does not implement signature spoofing and therefore does not have this problem. - Debug mode is enabled, on by default, and allows connections from **any** computer without a confirmation dialog! This allows anyone with adb and a USB cable to install arbitrary apps, run arbitrary shell commands on your phone, steal photos and other data from internal storage, and maybe even get root access **without the need to unlock your phone.** Worst of all, there's no way to turn it off unless you do some really hacky things with adb, which the average user would not know how to do. Needless to say, this is a large con in the security and privacy of the software. Unlike crDroid, LineageOS has debug mode off by default to keep your phone secure. - Unlike LineageOS, where the privacy policy is under a clearly labelled "Legal" page on the website, the privacy policy on crDroid's website is either nonexistent or extremely difficult to find, which does not bode well for them. Those interested could always email the developers, however. - Not sure if it's just my device getting older, but crDroid seems a bit slower than LineageOS when freshly flashed onto my phone. Not to mean any offense (as I'm sure you have your reasons for submitting this software), but I fail to see the advantages that crDroid offers over LineageOS in regards to privacy and security. To be honest, most of the cons revolve around privacy and security, and the pros aren't particularly important for experienced users. For example, power users could just compile LineageOS from source if their device wasn't officially supported and apply customizations to their device through Xposed or Masigk. ![1921df71-1d26-43d7-bbdc-a74d0d53260a](https://user-images.githubusercontent.com/55813911/125286368-b8c35b00-e2e9-11eb-97bc-d16d4a4f2900.jpg)
ph00lt0 commented 2021-07-12 12:42:09 +00:00 (Migrated from github.com)

Glad to see stats are opt-in unlike described in the legal section. I have high doubts about the trustworthiness of this ROM. The security problems described by @EIAWsWRm are huge. A ROM like that should not be used by an average user.

Glad to see stats are opt-in unlike described in the legal section. I have high doubts about the trustworthiness of this ROM. The security problems described by @EIAWsWRm are huge. A ROM like that should not be used by an average user.
gwolf2u commented 2021-09-13 03:12:51 +00:00 (Migrated from github.com)
Policy FYI https://crdroid.net/legal.php
atonement87 commented 2021-09-13 03:53:11 +00:00 (Migrated from github.com)

I don't remember if USB Debugging comes enabled out of the box or not but there's always a confirmation dialog. Also once the permission been granted it still asks for confirmation after a while.
I settled on crDroid for my primary device about 2 years ago and I haven't needed to try out any other ROM.

I don't remember if USB Debugging comes enabled out of the box or not but there's always a confirmation dialog. Also once the permission been granted it still asks for confirmation after a while. I settled on crDroid for my primary device about 2 years ago and I haven't needed to try out any other ROM.
This repo is archived. You cannot comment on issues.
No Milestone
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#2369
No description provided.