CMBig news from the CyanogenMod team this evening. They are introducing a CyanogenMod Account service to help track and remotely wipe lost or stolen phones, and to help on the security front they will be moving to a dual-release of stable ROMs.

The first bit is pretty self-explanatory. They are building their own service that offers the device tracking and remote wipe we see from Google in the new Android Device Manager service. They state the existing services are not secure because company employees or "malevolent attackers" can access your location data without your permission. The optional (and free) service will be maintained by CyanogenMod, and they will be putting up privacy policy and users can learn more about the service on their What is a CyanogenMod Account page.

The second bit is interesting as well. Previously, CM ROMs were signed with "test" keys — generic keys that ship with the Android SDK. In the near future, they will be moving to a dual-release where a User branch is signed with private keys, locking down the system and bringing it in line with the Android security model. For folks who will want to build themes and edit apps, the test key releases will continue as they are now. This should allow users who want a secure setting to have it, and users who want to modify and tinker still can do so.

These changes are coming soon, but won't be included as part of the nightly builds. For more information, visit the official source below.

Source: CyanogenMod


Reader comments

CM team to offer CyanogenMod account to track your lost phone, new dual-releases planned


With all due respect to CyanogenMod, there is no way that I'm opening an account and tracking my phone through CyanogenMod.

How do we know that they can be trusted? I don't even trust Google or the US Govt 100%... let alone a private entity that is dedicated on unlocking/cracking/modifying phones...

The whole point of the way they implemented this is that their servers act only as tunnels. They can't read the data, because it get encrypted on both sides, and they don't have access to the keys. It's actually the most secure and tamper-proof implementation out there.

Koush basically explained in a G+ post that the whole point of the way this is designed is to deal with exactly that. (I'd give a link but the forum then flags it as spam.)

It's open source so you can see how it works - and the way it works is encryption is between your phone and browser using a public key system so the server can't access they plain text of anything. Even if the server was compromised the attackers wouldn't have access to anything more than if they sniffed the connection.

So Jerry, do you approve? You love open source and love CM one day, and hate it the next. Please enlighten .

I love open-source when it's done correctly and not used as a bullet point for more sales.

Whether or not I approve of this makes no difference.

The question is, can the phone still be tracked after a hard reset?

Via Android Central App from a Galaxy Note 2

My question as well. I use the Avast app for security on my phone primarily because it offers hard reset protection. I'm sure it's overkill, but you never know.

Posted via Android Central App

One thing I noticed is that it mentioned the ability to wipe /sdcard. I think Android Device Manager just wiped /data. Am I wrong?