Paranoid Android Zero-day GAPPS for ROMs

paranoid_androidAs my readers know Android devices can be compromised relatively easily. In many instances hacking Android will involve disabling the bootloader and enable root access (SU) to install a custom software or operating system ROM. The ROM is in simple terms a customised version of Android. A ROM would for example replace the stock/vanilla Android or TouchWiz/Sense UI versions of your Google Nexus, Samsung and HTC devices respectively.

The most popular ROM is CyanogenMod. We use this ROM in our office, mainly for testing. But there is also Paranoid Android, which we have played with a little, but not as much as CyanogenMod. When you load a ROM, you then need to load what is called “GAPPS” (a separate package) which to you and me are Google Apps once the system ROM has loaded. To get these Google Apps back you have to install a separate package which contains the Google apps you are missing. This means the separate package is free from Google’s rule that Google apps cannot be pre-installed in the ROM operating system. It’s one security issue we do think is useful. However there is a notable security issue.

The security issue faced with this type of ROM/package implementation, is that older versions of the GAPPS suite might be loaded instead of the newest version. There is also the issue of these GAPPS suites being buggy, delivering malicious content and potentially they could brick your device. You can though make sure you have the latest (genuine) GAPPS suite by visiting the Play Store though. Paranoid Android (see bootnote) have developed a zero-day GAPPS that offers developers (running on Android 4.3.x ROMs) the opportunity to include a file with the latest Google apps whenever a ROM is loaded and also auto-update OTA.

If you like installing new ROMs (and GAPPS packages) or are just curious, I suggest you visit the XDA Developers forums to learn more.

Safe surfing folks!

Bootnote: Paranoid Android do not modify or change the Google Apps (GAPPS).

This entry was posted in android, malware, mobile, privacy and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *