With all of the angst some device owners have over recent incidents of government agencies tapping into user computer data via carriers and major industry players, along with general distrust of what corporations may be doing with user data, the CyanogenMod team is readying some changes and apps to help users be a little more secure. The first change, CyanogenMod Account, has been submitted to the CM Github so developers can review the code and provide some feedback before it is submitted to the nightlies.
It may seem odd that in an announcement about services intended to help secure user privacy and security, the first item out of the gate is a system for setting up an account with CyanogenMod. Koushik Dutta provides some technical details in a Google+ posting about how the password keys are generated and exchanged between the server and the device. The bottom line is the encrypted key cannot be read by the server, which means the server cannot be compromised, even by government agencies as part of an effort to track a user down.
The new CyanogenMod Account will be used for a variety of services planned for upcoming release. First, CM is planning to release their own CyanogenMod Device Finder app that will function in a manner similar to the Android Device Manager in helping a user either locate a lost device or wipe it remotely. CyanogenMod also plans to release a Secure SMS solution.
At a more basic level, CyanogenMod is also working on a new scheme for the release of their builds, with some intended for users while parallel releases will be intended for developers. As the CyanogenMod team indicates, the current system relies on generic keys from the Android SDK which is “woefully insecure.” More details about this effort will be released in the near future.
sources: CyanogenMod Blog, +Koushik Dutta
Come comment on this article: CyanogenMod readying Device Finder app, general security improvements for CM builds
Powered by WPeMatico