Custom ROMs are certainly great if your phone’s stock ROM isn’t optimized well or you don’t prefer its user interface. They are usually smoother and bloatware-free compared to the one which came pre-installed on your smartphone. However, they’re by third-party developers. So, the question comes to our mind- how safe are custom ROMs to use?
Nowadays, people even suspect stock ROM of our smartphones for privacy violations or data theft. Chinese smartphones are known to collect data in every other system app. They do provide option to opt-out of these while setting up the device or while using the phone, but not everyone knows about it. However, they do mention that they do not collect sensitive data.
And now since the custom ROMs are by third-party developers, you never know what they are going to do right? Well, not exactly but yeah.
Also make sure to read why decrypted custom ROMs are bad for you!
Are custom ROMs safe?
Well, it depends.
Official ROMs are most certainly safe because they are from verified maintainers. They usually get maintainer-ship after they have proved themselves good. And usually, they only do bug fixes and sometime device specific features. They usually have to take permission to add any feature.
Pretty much every custom ROM is open-source. So, people can verify the source as well as the device specific sources. Hence, there is extremely minor chance that someone would put anything suspicious in an official ROM.
Unofficial ROMs on the other hand could contain data-stealing apps like keylogger. However, again, most maintainers who build unofficial ROM provide their source code. So, you can trust them to an extent as well. Just make sure that the maintainer has provided proper source code or whether he/she is trustworthy or not.
I personally can’t speak for closed sourced ROMs though.
They can still be risky to flash!
As I said, it is usually safe. Custom ROM developers work hard on the source and then maintainers work hard for device specific fixes. And they don’t even ask for money for their work. (Though you can always donate them). So, it is not good to disrespect them.
For the most part, official ROMs should be safe and unofficial ones too should be safe as long as the maintainer have shared the source with you and they are trusted.
Still, there can be custom ROMs with keylogger or something else which could steal your data. The chances are extremely low though.
Here’s something which might be interesting for you.
In April 2021, MIUI EU team found a custom ROM called Mi Novo which was supposed to have phishing issues. And hence they warned everyone to get rid of the ROM and make sure that they change their passwords and keep an eye on their credit/debit card payments for a while. The statement regarding this can be found in their Telegram channel.
The ROM have been there since a while and yet they decided to do something like this. So, it is obvious that others can do the same. It was MIUI EU based custom ROM, so they didn’t shared any source either.
Closed sourced custom ROMs!
And then there are closed sourced ROMs. Nowadays, some custom ROMs developers are closing public access to their source code. According to them, others steal their fixes and improvements without crediting them. One of them is DerpFest which is quite popular.
Their source code is not public, hence only maintainers can have access to it apart from their core-developers. However, since the maintainers have access, they might be able to find if there is anything suspicious. Still, it will be like trusting the maintainers and developers blindly.
Custom ROMs like DerpFest could be trusted though. Considering their popularity, if they do anything suspicious, someone would surely notice it. Still, remember, just in case they’re caught doing anything like that, they might have already stolen your data. So, try to be careful and monitor if there is any unknown data transmission happening.
Pretty sure majority of custom ROMs are safe to use. However, I would still prefer to install Gboard or some trustworthy keyboard app if the ROM is having different keyboard installed. It’s mainly for the unofficial ROMs though, whose developer is not well known.
And the native AOSP keyboard isn’t great when compared to Gboard or its competitors. So, it is better to use something else for better safety and features.
Besides that, I don’t prefer to save my card details on the browser. I would recommend the same to you. You must be having your cards saved in trustworthy sites anyway. So, for others you can simply bring out your card and type the details.
Most importantly, do not flash random custom ROMs which are shared on random places. Flash the ones provided in official groups/XDA Developers page for your device. You will be able to get genuine reviews about the ROM too.
Official Custom ROMs:
It seems that official custom ROMs are like the best way to experience the world of custom ROMs. Well, they’re mostly just as good as unofficial ones. It’s mostly dependent on your maintainer when it comes to how it will perform. However, when it comes to safety, it similar to that of unofficial ROMs.
How so? You might say they are from verified maintainers, so they must be always safe, right? Well, that’s true but not exactly. ROM maintainers don’t have to provide their identify proofs. ROM core-developers just look at their current and past works and based on that, they’re given maintainer-ship.
If the maintainer wants, they can add anything like keylogger or spyware to the official custom ROM. And by the time official team get to know it, the data of many of you would have been stolen. So, you cannot blindly trust official custom ROMs either.
At the end, remember, it’s all about trusting your maintainer. It doesn’t matter whether the ROM is official, unofficial or closed sourced. The maintainer can still steal your data if they want. However, they usually don’t do anything like that. You can see how custom development c0mmunity have grown. It wouldn’t have grown if custom ROMs were stealing data. Personally, I will only use custom ROMs provided in the verified channels of the device.
I will recommend one thing though. Kindly don’t pay for custom ROMs, especially customized MIUI ROMs. There are some people who actually sell MIUI based custom ROMs and this is totally stupid. You should better donate the money to custom ROM developers who provide ROMs for free. It would be helpful for the development community and will stop these stupid people who charge money for custom ROMs, which isn’t even entirely their own work.
If you’re MIUI user and love its features then instead of opting for paid MIUI custom ROMs, better just debloat your phone. It will help your phone to perform better and you won’t be labelled as an idiot. So, a win-win situation.