smartphone, custom-romsOne concern with "cooked" ROMs that originate from xda developers and other sources is the possibility that the author of the ROM may have maliciously included back door access or data collection functionality that sends sensitive information (i.e. email passwords, banking info) to unauthorized entities. In theory this could happen, even though most everyone on the xda forums will tell you it's not likely. Also, I realize with ROMs which include published source code or a "kitchen" package you could review the code yourself... but this is not ideal or realistic for most gadget owners.
Does a tool exists that could do a security scan before flashing a custom ROM to your device? If not, what process or techniques can be used to verify as much as possible that the custom ROM is safe to use?
The nice thing about most ROMs (at least the Android ones), is that most of the ROMs are built by multiple developers on public, open source repositories. This allows anyone to go in and look at their code. I would suggest always sticking to developers that use this practice.
All content is licensed under CC BY-SA 3.0.