zlacker

[parent] [thread] 2 comments
1. yjftsj+(OP)[view] [source] 2025-01-04 06:29:41
> so I think many of the custom ROMs possibly have some security rookie mistakes and quite a bit security bugs due to mishmash of drivers

I would easily believe that many Android systems have vulnerabilities owing to the horrific mess that is their kernel situation. That said, I personally doubt that aftermarket ROMs are worse than stock, as official ROMs are also running hacked up kernels.

replies(1): >>ignora+84
2. ignora+84[view] [source] 2025-01-04 07:32:22
>>yjftsj+(OP)
> ...owing to the horrific mess that is their kernel situation.

Do you mean OEM drivers or the Android Kernel, specifically?

Google invests quite a bit on hardening the (Android Commons) Kernel including compile-time/link-time & runtime mitigations (both in hardware & software).

Ex: https://android-developers.googleblog.com/2018/10/control-fl...

replies(1): >>yjftsj+8i1
◧◩
3. yjftsj+8i1[view] [source] [discussion] 2025-01-04 21:38:56
>>ignora+84
The drivers; last I heard, literally every Android device on the market was using a forked kernel in order to support its hardware. And Google keeps trying things to improve that situation, but... https://lwn.net/Articles/680109/ was ~9 years ago and since then not even Google themselves have managed to ship a device running a mainline kernel. Supposedly it should get better with their latest attempt to just put drivers and user space, but 1. I haven't heard of any devices actually shipping with an unmodified kernel, probably because 2. AIUI that doesn't cover all drivers anyways.
[go to top]