Today we invite you to join us on what we feel is a step towards delivering a better experience while running CM. On our Github you will see a new application for an account provider named CyanogenMod Account.
This provider is a completely optional account you will be able create to access additional features to complement your CM installation. We’ve been working hard for a few months to create an integrated end-to-end encrypted service to both find your misplaced phone, or in the case of lost phones, securely wipe all data (including your files from your sdcard). This account service will also be leveraged as part of our ongoing project to bring Secure SMS to CyanogenMod, currently being worked on by @moxie, as well as integration with our forums.
This kind of service is something that should be a part of any mobile OS experience, and we are proud to bring this functionality to our users. Being a custom OS shouldn’t mean you are without first class functionality. We will add additional functionality to the CM Account page over time.
There are existing solutions on the market to allow Find/Wipe functionality, but we feel they are inherently insecure, enabling company employees or malevolent attackers to access your location data, or other information, without your permission.
The CM account is optional and free. The service is secure and managed by us. The website client side encryption code is not obfuscated. The application is open sourced and Apache licensed. We highly encourage our contributors to participate in a security and privacy review and understand what sets us apart from other solutions.
Obviously, some of you will have privacy concerns and are sensitive of your data. We have created a privacy policy, terms of use page and general “What is a CyanogenMod Account” page to hopefully answer most of your questions. But even if you choose not to read them, we’ll say it as clearly as possible:
- * We have no interest in selling your data
- * We cannot track you or wipe your device. We designed the protocol in such a way that makes it impossible for anyone but you to do that.
Given that this is a change from the standard features we introduce, we are not going to be shipping this immediately in the nightlies. We want to allow those concerned to build, test, and review the code. The source can be viewed at our Github. We look forward to your feedback.
While we are on the topic of security, we’d also like to touch base on another upcoming change. Many of you may not be aware of Android’s key signing structure, but in essence, it is a core tool used to verify the integrity of a manufacturer’s ROM image, and ensure some level of security against tampering. For the sake of allowing our users to hack the system, we’ve been shipping our releases with what is known as “test_keys”, generic keys that ship with the Android SDK. While this is fantastic for allowing access to modify the system and our zips at will, it is woefully insecure. We have been making changes over the past two months (http://goo.gl/AhQeOH, http://goo.gl/CggzyX) to get us prepared to change the status quo in regards to our signing practices.
In the near future, we will be switching to a dual release practice. There will be a “user” branch, signed with our own private key, thus locking down the system further in line with best practices and Android’s security framework. But so as not to remove the ‘hackability’ that CM is known for, we will release (in parallel) “developer” builds that will continue to be signed with the test_keys. We believe this dual release route is the best for the community, securing most users, while allowing developers an avenue to continue doing what they do best.
More on the dual release in the near future.
-The CyanogenMod Team