Hello to you all people of XDA, firstly I must state that I've scoured the forums far and wide and have yet to find some valuable info regarding my problem.
So what we're doing is developing (or trying to, as is obvious from this post) a custom rom for the Galaxy S2 which would be used for a single medical application for sensor tracking and the processing and displaying of said data on the SGS2, while at the same time sending it to his/her doctor.
What we need to be able to achieve with this rom is to put it into the hands of the end-user (a chronical patient which will in turn be able to stay at home instead of being hospitalized) and be able to completely lock down the phone for his use (I know, it sounds terrible) so that he loses the phone/sms/games/youtube/internet functionality as we need the phone to run as stable and for as long as possible without any additional battery stress (the constant sending, processing and processing of data seems enough of a problem for now).
I've searched into some custom roms but we eventually came up with the need for a stock Samsung rom which could be modified as we want to.
See this is where the problem begins, we can't seem to get the phone rooted, the ROM customized and then unrooted again so that the phone can't be fiddled with anymore, except when it's completely dead and we need to fix it.
So to cap it all up:
It needs to allow for a custom load and bootscreen (I almost got this to work)
It needs to be completely locked down for the end user.
It has to have full BT, NFC and WiFi functionality
It has to be able to call out and reciev calls, but only to/from specific numbers (911, doctor, etc..)
It has to basically allow for 2-3 programs to be running, while the others simply don't exist on the phone.
I am terribly sorry if anything like this has been asked about before, I swear I put 2 days of me life into researching already.
Any help, any help at all, ideas and solutions, but mostly links are welcome.
Thank you and good day to all.
Just a detail, but the SGS2 doesn't have the NFC functionality. Project seems to be possible, I would look into CyanogenMod sources if I was you.
Sent from my GT-I9100 using XDA App
Why are you afraid of leaving the phone rooted and in hands of the patient?
Is he so uncritical that he can search the web and find means of unrooting a mobile phone and then get around to actually doing it?
LucLucLuc said:
Hello to you all people of XDA, firstly I must state that I've scoured the forums far and wide and have yet to find some valuable info regarding my problem.
So what we're doing is developing (or trying to, as is obvious from this post) a custom rom for the Galaxy S2 which would be used for a single medical application for sensor tracking and the processing and displaying of said data on the SGS2, while at the same time sending it to his/her doctor.
What we need to be able to achieve with this rom is to put it into the hands of the end-user (a chronical patient which will in turn be able to stay at home instead of being hospitalized) and be able to completely lock down the phone for his use (I know, it sounds terrible) so that he loses the phone/sms/games/youtube/internet functionality as we need the phone to run as stable and for as long as possible without any additional battery stress (the constant sending, processing and processing of data seems enough of a problem for now).
I've searched into some custom roms but we eventually came up with the need for a stock Samsung rom which could be modified as we want to.
See this is where the problem begins, we can't seem to get the phone rooted, the ROM customized and then unrooted again so that the phone can't be fiddled with anymore, except when it's completely dead and we need to fix it.
So to cap it all up:
It needs to allow for a custom load and bootscreen (I almost got this to work)
It needs to be completely locked down for the end user.
It has to have full BT, NFC and WiFi functionality
It has to be able to call out and reciev calls, but only to/from specific numbers (911, doctor, etc..)
It has to basically allow for 2-3 programs to be running, while the others simply don't exist on the phone.
I am terribly sorry if anything like this has been asked about before, I swear I put 2 days of me life into researching already.
Any help, any help at all, ideas and solutions, but mostly links are welcome.
Thank you and good day to all.
Click to expand...
Click to collapse
Block all internet access apart from ones you want or you can just setup iptables rules, shouldnt need root apart from when setting it up
As far as removing programs, just delete the apks from the zip, or before you remove root. My sig has a list of all apks in a upto date rom and what they do.
You can use gemini app manager to control autoruns (stop them etc) also to block (hide and disable apps)
As far removing root, your best bet is to once you are done, use adb (from the android sdk) to remove the superuser.apk then flash the stock kernel back, as far as I know without superuser apps cant grain root permisions.
OR
This app will allow you to block any app behind a password
This app will block incoming and outgoing sms and calls on white and blacklists
Custom boot logo (the first screen before the animation)
Custom boot animation need to go into system/media, I am not sure about the format but there are loads around, like this thread has loads, stock kernel should support them.
I hope that helps
Most of that is easily possible.
If you listed the apps needing removed, the apk files just need deleted.
To control calls, you can use a third party app from market for that.
It's possible to have the custom rom unrooted, and easily flashed, regardless of how badly the phone gets rooted
Boot animation is easy anyway... If you can provide it in a zip like other ones (zip containing numbered png's) then it's a piece of cake.
A little bit of clever firewall stuff would prevent any web traffic, in or out, except to your defined server, which is obviously a concern when a phone is handling sensitive medical info.
genieass said:
Why are you afraid of leaving the phone rooted and in hands of the patient?
The phones are going to be used by around 500.000 people in a year, it's not that we want to take anything away from the user, it's more about not having any problems with the firmware - like ever.
Thanks for all the help!
Click to expand...
Click to collapse
genieass said:
Why are you afraid of leaving the phone rooted and in hands of the patient?
The phones are going to be used by around 500.000 people in a year, it's not that we want to take anything away from the user, it's more about not having any problems with the firmware - like ever.
Thanks for all the help!
Click to expand...
Click to collapse
LucLucLuc, not sure where you live, but you're entering the patient confidentiality minefield with big, big boots.
Apart from the legal considerations, your question is definitely OS related and not device related.
I see what you want, but legally - where I live anyway - it's too much of a grey area to get involved with.
I use call recording a lot for referrals and info from other doctors, but I've always asked the other party if they're OK with it. I won't record patient conversations, and I won't accept any files whatsoever that have seen RIS or PACS first - not worth it.
Can't see it's worth your while, but I'd appreciate it if you keep me informed should you decide to work on it.
Big boots indeed
We are from Slovenia, Europe.
I'm actually just a student doing the research and some basic Android programming, thank god I wasn't let into the bigger of the projects
But yes, this project is a colaboration of several european firms and you can read more about it at chiron-project.eu - it's a very very interesting project afaic.
I don't think we'll be swimming with lawyer piranhas soon though, the project uses sensor data (which sorta is a privacy issue) which will be monitored on a tablet running Android (currently testing the Galaxy tab 10.1 - we were lucky to order one before Steve had another one of his fits), proccessed in real time and then stored on the central server, from where it will only be accessible by the patients doctor.
Patient consents are dealt with before we even start talking about mobile hospitalizations.
It's very encouraging to see some actual interest, if anyone wants to know more about anything related to this project contact me at [email protected]
Thanks again for all the help.
After weeks of hard work we (Setmov and uncle Fab) proudly present you the first Una ROM for the galaxy Grand 2 I7102, based on 4.3 XXUANG4.
DISCLAIMER
As usual, your phone your responsability, we won't take any responsability if it flies out of the window or if your girlfriend/boyfriend runs away with it.
PLEASE, DO READ OP COMPLETELY AND CAREFULLY BEFORE ASKING ANY QUESTIONS, ANSWERS TO MOST PROBLEMS ARE THERE
WHAT IS UNA?
Una is a new concept that takes security to a new level.
Are you tired of seeing so much blatant, outrageous and shameless invasion of your privacy and data mining hidden behind nice sentences like "enhanced use experience" or "complete integration with the system"? We decided to develop secure ROMs where privacy means just that – Private!.
It’s free of charge, we are a non profit structure and we are not here to make big bucks
WHAT UNA ISN'T
UNA isn't a way to help you to stealthily buy massive destruction weapons to foment a coup d'etat in your favorite banana republic or to prepare the third world war.
UNA secures what leaves from your phone (ie your personnal data doesn't leak and no app can look over your shoulder to spy your activities), but it can't completely secure what comes into your phone.
Why is that?
Because it's just not possible to fully secure a phone from what comes into it, and anyone claiming to be able to do it is either a liar, or an ignorant, or both.
There are too many attacks, some not well documented, if documented at all, and some unknown to the public, and there are too many ways to hack a phone, especially if the user doesn't use his/her common sense.
If you are the type of person that installs apps from shaddy source and/or warez web sites (sites offering cracked paid apps) chances are that at some point you will unknowingly install a malware or a spyware. The same applies if you click on any link, specially on SMS' and emails, if you let any pop out window appear or if you don't protect your lockscreen with a password/pin/pattern and let anyone get physical access to your phone.
A bit of judgment and common sense can save you a lot of trouble, but there's unfortunately nothing UNA can do about it.
Then, if you use your phone to call through GSM your provider will know where you are. If he didn't you wouldn't be able to make any call, the signal has to find you and there's nothing UNA or anyone can do about it.
The only way to prevent that is to disable the phone functions (but then your phone will turn into a wifi only device) and reenable them when needed, head to the scripts section to learn how to do it.
Last but not least, bear in mind that the agencies have armies of tech savvy henchmen and 10 storeys computers, and tricks we can't even imagine, so think twice and use your brain before you attempt to outsmart them...
UNA IS FOR YOU IF:
. You are willing to learn how to use an unconventional ROM and generally speaking to understand how things work, even if it sometimes requires a little effort to fix this or that little problem (bear in mind that it took us a lot of work to develop Una to where it is now),
. You don't mind a few little occasional bugs here and there that come from all the restrictions the ROM contains,
. You want to take back ownership of your phone from google’s claws.
UNA IS NOT FOR YOU IF:
. All that you care about is the latest gimmick in the latest OS,
. You can't live without the google’s apps,
. You are the kind of person that never reads through the OP and only scroll down to the download section, and then complain that things don't work and/or ask stupid questions that have already been answered in OP.
An example? One guy makes a mod and writes clearly in OP that it's specifically for 4.2.2. Then some people complain: "it doesn't work on 4.4.2"...
ARE WE PARANOID TIN FOIL HATS? OR TERRORISTS? OR CARTEL BOSSES?
Nope, we only are people that don't see why we shouldn't be in control of our phones. Or why our phones can be wiped remotely, why apps or updates or who knows what can be downloaded and installed without asking for our consent, why SMS' can be sent without us to know, why we should pay for the bandwidth used for data mining and unwanted downloads, and why all those activities should deplete our battery and kill our RAM.
You think we are overreacting here?
You don't have to take our word for it, just download and install Network Log from here:
https://f-droid.org/repository/browse/?fdfilter=network+log&fdid=com.googlecode.networklog
Give it root permission, start logging and open some web pages. Come back to Network Log after a few minutes and see for yourself, you'll be surprised (or maybe horrified?) to find out that your android system, your settings, your kernel etc. connect to all sorts of funny IPs, including and foremost google’s.
Now you see what we mean?
It's time to go for Una
UNA'S FEATURES
. Rooted.
. Deodexed.
. Zipaligned.
. Busybox and sqlite installed.
. Init.d support and scripts.
. Auto start disabled for most apps.
. About 120 system apps, 40 framework jars, 30 permissions xmls and 25 libs removed, plus files here and there.
. Very low RAM and CPU consumption, more than 8 hours screen time with the WIFI on, 1% battery decrease every 10-12 hours while in stand by.
. Heavily and extensively modified system, in order to make it secure and prevent it from leaking your data.
. App Settings, Firewall and Xprivacy built-in, and already applied out of the box to make sure you are well protected.
. Xprivacy is a fantastic tool but it has one big limitation, it can't restrict the Android System from accessing your serial numbers and leaking it. For that reason these IDs have been edited as follows:
build.serial (androidboot.serialno), ro.boot.serialno and ro.serialno are both set to "1",
android id is set to "id",
net.hostname is set to "1".
. Wlan serial number set to "00000001" (this number identifies you everytime you connect to the internet, and Xprivacy can't do anything about it).
. USB ID (iSerial) set to 1.
. Unreadable cp access.
. Vulnerabilities patched thanks to Master Key Multi Fix.
. ADB disabled (can be re-enabled, see below).
. By default ADB, all google access (including youtube, blogspot and google search), the Live Wallpaper Picker and the Media Storage are disabled. You can re-enable some or all of them, instructions are in the "HOW TO USE THE ROM" section.
. Plenty of under the hood modifications to make the ROM fast and fluid.
. Multi-purpose navigation keys.
. Call button in contacts.
. Because secure doesn't mean ugly, the whole ROM has been themed with a beautiful green color (if there are enough requests other themes will follow), transparency, and Lollipop HD wallpapers.
. Multiwindows have been revamped, they are no longer only static in Samsung style but now they can float and be resized/minimized too, like on a computer.
. All apps can be opened in floating mode.
. KK style quad view multiwindows.
. Heaps of hand picked and carefully scrutinized open source apps.
There are 2 non open source apps (Greenify and Quick Pic) but they are safe, believe me, I have thoroughly examined them. Still, you can always uninstall them if you feel like it.
In time we will develop our own apps, but first we want to see how people respond to the Una concept...
Installed apps/tools
. 920 Editor, to create and edit scripts or text files.
. AF+ Firewall.
. Alarm clock.
. APG, to encrypt messages.
. App Settings, to restrict apps' permissions, change DPI on a per app basis and more.
. Arity, a calcultor.
. Conversations, a secure and encrypted chat, modded by uncle Fab for increased security.
. Fdroid, an alternative to the Play Store, and all the apps are open source!
. Floating stickies, to make small notes on the fly.
. FTP Server, to copy files to/from your phone wirelessly.
. Ghost Commander, a very powerful dual panel root file manager.
. Gravity Box, a theming engine.
. Greenify, to make apps behave by hibernating them when not in use.
. K9 Mail, an email client.
. Kernel Adiutor, if you feel like playing with kernel tweaks (but you have to know what you are doing).
. Lightning, a fast and light weight browser.
. Master Key Multi Fix, a patch to some vulnerabilities.
. Network Log, to check where your apps connect and chase unwanted connections.
. Open Camera.
. Tor (Orbot) for Android, modded by uncle Fab for increased security.
. OS Monitor, to monitor and kill your phone's processes, and more.
. Pale Moon, based on Firefox for Android, for a full desktop experience with Mozilla add-ons preinstalled for enhanced security.
. PDF Reader.
. Preferences Manager, to edit the otherwise difficult to read shared_prefs files in data/data.
. Quick Dic, a good selection of free dictionaries.
. Quick Pic, a Gallery app.
. Rmaps, a maps app where you can download maps from various sources for offline use.
. Search Light, a torch.
. Terminal Emulator, fire up your commands and show your phone who is the boss!
. Text Secure, a secure and encrypted SMS app, modded by uncle Fab for increased security.
. Tint Browser, another fast web browser.
. Urecord, to record sounds with different sample rates.
. USB Mass Storage Enabler, to connect your phone to any computer (note that it only mounts the external SD).
. Viper4Android FX, a powerful sound enhancer.
. Viper4Android XHiFi, some more sound enhancements.
. VLC, a video and music player favourite.
. WI-Fi Privacy Police, to secure your connections even better than they already are.
. Xposed Installer, a great framework that enables apps like App Settings or Xprivacy to work.
. Xprivacy, last but not least, the best privacy app.
WHY DO WE USE A 4.3 ROM AS BASE INSTEAD OF THE LATEST 4.4.2?
Because when it comes to privacy Kit Kat 4.4.x is a complete
disaster, the newer the android version the more buit-in spying there is (and the more difficult it is to remove it), despite google's sweet talk about "enhanced user's experience.
Lollipop seems to be even worse, but that's another story.
INSTALLATION
As usual, make a backup first!
Do backup your contacts and whatever is important because all your apps and data will be erased (your sd card contents won't be deleted though).
Do backup your /system/csc folder, in case you need it for later.
Do backup your efs folder (VERY IMPORTANT).
Open an android terminal from your phone and type:
su
enter, then type:
busybox dd if=/dev/block/mmcblk0p11 of=/sdcard/efs.img
enter, this will create an efs backup caled efs.img in your sd card.
To restore it, first make sure the efs.img is in your internal sd card, then type:
su
enter, then type:
busybox dd if=/sdcard/efs.img of=/dev/block/mmcblk0p11
enter, your efs will be restored in no time.
If that sounds like too much work you can use the scripts provided to backup/restore your efs, instructions are in the scripts section.
To install the ROM you need a Custom Recovery and Philz' comes highly recommended.
We chose Philz since AFAIK it's the only one that allows you to lock you recovery with a password (if your recovery is not password protected it wouldn't take more than 2 minutes for someone to disable your pattern or pin protected lockscreen and access all your personal data on the phone).
I'm not sure whether there's a Philz recovery or not for the Grand 2, if there isn't then CWM or TWRP will do.
Custom recovery installation instructions
You need to have Samsung drivers installed.
Boot your phone into download mode (press volume down and power at the same time).
Open Odin 3.07 and connect your phone.
Click on the PDA slot, navigate to where the Custom Recovery is located and select it.
DOUBLE CHECK AND MAKE SURE THAT "RE-PARTITION" IS UNTICKED (only "Auto Reboot" and "F.Reset Time" should be selected).
Click start and wait while Odin flashes the Recovery.
If everything went well your phone will now auto-reboot into the system. Go into recovery, you should see your brand new Custom Recovery.
If you are still on stock recovery then repeat the above steps, but this time untick “Auto Reboot” in Odin.
When in recovery, if before you reboot you see a text on the screen displaying “yes – disable flash recovery”, select it to avoid stock recovery overwriting the Custom Recovery.
Download Una for Grand 2 from here (click on the menu at the top right and go to the download section):
http://unaos.com
Unzip the ROM and copy it to the backup folder that is inside the clockworkmod folder in your sd card (if there's no backup folder create it by choosing "mkdir" in Ghost Commander).
Boot into recovery.
Go to restore from sdcard, choose 1970-01-01.10.06.02, and go for it!
IMPORTANT!!!
If you are on Kit Kat (4.4.2) you must downgrade first to stock 4.3 before you attempt to install Una ROM, otherwise you may end up with a bricked phone.
Here are 2 threads to assist you in the downgrading process:
http://forum.xda-developers.com/galaxy-grand-2/general/how-to-downgrade-galaxy-grand-2-sm-t2857767
http://forum.xda-developers.com/galaxy-grand-2/help/downgrade-to-4-3-t2857183
If it works please report here so that other people will know, thanks in advance!
Once it's done reboot, congratulations, you have installed Una ROM on your phone!
HOW TO USE THE ROM
. Swipe down to access the applications drawer.
. Swipe up to turn off the screen.
. Go to settings and set a stong password/pin/pattern protected lockscreen (recommended).
. Go in recovery and set a recovery password (recommended).
. Long pressing on the menu key toggles expanded desktop (full screen, no more navigation bar and no more status bar).
. Double pressing the menu key kills and hibernates the current application.
. Long pressing the recent key brings you back to the last application (convenient to switch from one app to another).
. Between the home and the back key there's a supplementary key that can display up to 12 apps (editable in gravity box).
Double pressing that key shows the sound panel, long pressing it shows the reboot menu (note that there's an option to take screenshots in the reboot menu).
. You can open an app in full screen mode by dragging it from the Flash Bar (the side bar), then you can drag and add more windows to the view (up to 4 on the same screen).
Or, you can open apps in resizable and movable floating mode by clicking on them (double tapping the top bar minimizes them into a bubble, double tapping the bubble restores them).
. Go to /system/etc/security/cacerts, check the certificates that are there (you'll find the certificate's name approximately by the middle of the file), and erase the ones you don't need/like.
When you want to transfer files to/from your phone open the USB Mass Storage Enabler app and enable mass storage, that's it. When you are done, don't forget to eject your phone from the computer and to reenable MTP from the app.
. When you install a new application, by default it will be fully restricted in both Xprivacy and the Firewall.
Before you open the newly installed app wait until the Xprivacy icon appears in the status bar, then and only then can you open it.
Most likely the app will crash.
Go to Xprivacy, open its settings and then usage data, you will see what restrictions caused the crash. Re enable some, provided that they are not too invasive.
Many apps require "load.Library" to be allowed in the shell section, that's ok.
Others may need to access the sd card, that's in the storage section and it's ok to allow it for apps that really need to access the storage, like players, cameras or file managers (for other apps try to keep it restricted).
Root apps obviously need "su" and/or 'sh", and sometimes "exec", in the shell section.
Always try to enable as few fields as possible, and bear in mind that data requested by an app is not necessarily needed for that app to work (especially true for identification, internet and mcc/mmc access).
Lastly, give the app internet access in the Firewall if, and only if, it needs it, and restrict some more permissions in App Settings.
If you can't tame the app consider uninstalling it and look for a similar one that has less built-in spyware.
SCRIPTS
. As said above, by default ADB, all google access (including youtube, blogspot and google search), the Live Wallpaper Picker and the Media Storage are disabled.
If you want to re-enable some or all of them, open the script folder located in system/etc.
Click on the desired script and choose edit.
Copy the whole text and paste it into the Android Terminal, voila, the script is automagically executed.
. You will see more scripts to disable/enable the Bluetooth, the FM Radio and the Phone.
If you disable the Phone and later want to re-enable it do as follows:
untick App Settings in Xposed's modules section, re-enable Phone, reboot, then enable App Settings again.
. Some scripts will enable you to backup/restore your efs partition and flash a recovery.img (to restore or flash an .img, make sure it's in your internal sd and execute the script).
. Other scripts can enable/disable am and pm, but don't play with it unless you know what you're doing.
. You can uninstall the Live Wallpaper Picker, the Wallpaper Chooser and the Media Storage if you want, or keep them disabled and resurrect them when needed.
. If you are very privacy concerned you should consider using the "uncle's phone lite" mod because it enables you to call with only the Phone and the Telephony Provider apps (CSC, Contacts, Contacts Storage, Logs Provider and STK are completely de-activated). That's the method I use to make calls, but you have to know that the dialler forces close after you complete the call (not a big deal in my opinion but still, I may look into it one of these days). You'll find the mod in the add-ons section.
ENCRYPTION
If encryption is your thing we have you covered with the following installed apps:
APG, Conversations, K9 Mail and Text Secure.
BUGS
. Quick Dic won't download any dictionary, actually it's not a bug but a Una restriction since Quick Dic downloads from a google owned web site.
If you need to download dictionaries, temporarly enable google by running the "enable_google" script (don't forget to disable it again when you're done). After you've run the script go to the firewall, open its settings, go to "Set custom script" and click "OK" (do the same if you decide to disable again google's stuff).
. For some reason the ADW Launcher doesn't allow transparency in the navigation bars while in portrait, I'm working on that.
. You can't download anything from Lightning and Tint Browser, that's because the Download Manager and the Download UI have been uninstalled. If you need to download something, copy the link and paste it in Pale Moon, it has its own download engine.
. I didn't have time to properly and restrictively set Text Secure (the SMS app), because I don't own this phone and the person I borrowed it from wanted it back ASAP. Sorry about that, you'll have to do it on your own (if you want to make it simple just restrict its internet access).
. All the installed apps work, but other apps you install may crash. I call that kind of apps "google’s henchmen", they only work if the play store services or the bla bla app are installed and of course they won't on Una since all that garbage has been removed.
If I install your app, why do you want to force me to install your boss' app too? Forget about those apps and search Fdroid, you'll find what you need...
. Depending the way you use your phone you may have to fine tune Xprivacy and reenable some permissions, I'm sorry for the inconvenience but it's impossible to set Xprivacy for all users since we all have different ways to use our phone.
ADD-ONS
. Sony Xperia Keyboard, flash it in recovery.
Credits KristianCarl for porting it, and unclefab for theming it in green.
It's not open source and that's why it's not included in the rom by default, but it's my every day keyboard because it works fine and because I themed it to make it look nice.
Don't give it internet access in the Firewall.
In Xprivacy, only allow "loadLibrary" in the shell section. You may have to enable a few fields in the contacts section depending your phone's configuration.
In App Settings, restrict "Read_Phone_State" and "Record_Audio".
I removed the Chinese Keyboard, tell me if you want it and I'll readd it.
. Universe Wallpapers
If there are enough users' requests then I'll upload the following:
. Uncle's phone lite (with clipboard and dialer) for hardcore users. It's safer than using the regular phone configuration, but the dialer forces close when you hang up the call. Flash it in recovery, wipe dalvik-cache, reboot.
. Completely disable internet access for the Android System. Lightning and Tint Browser won't connect anymore since they use the same web engine as the Android System, but Pale Moon still works thanks to its build-in web engine. Flash it in recovery, wipe dalvik-cache, reboot.
RECOMMENDED NON OPEN SOURCE APPS
. Pri-fy, from chainfire the root master:
http://forum.xda-developers.com/showthread.php?t=2631512
. Logging Test:
http://androidsecuritytest.com/
UPDATES?
I'm working on some improvements on kernel and system level to make Una even more secure, but I will release them for the Grand 2 if, and only if, there are enough users' feedback for the current version, because it's a lot of work to implement such stuff in a ROM.
No ETA though, you'll have to be patient because now we have to design and release Una for many other phones.
Still, any suggestions/comments/bug reports are welcome, help us to improve Una!
FEATURE REQUESTS
Yeah, sure, we'll see what we can do but we don't promise anything
SCREENSHOTS
I didn't have time to make screenshots since I ran short of time, so the ones you'll see here come from another phone.
They are very similar in shape, layout and color though, and you'll get the idea.
That's all for now, enjoy the ROM!!!
The Una team
CREDITS
Big thanks to:
F-Droid
M66B (Xprivacy)
Rovo89 (Xposed)
Tungstwenty (App Settings, Master Key Multi Fix)
Ukanth (AF+Firewall)
Jecelyin (920 Editor)
Kraigsandroid (Alarm Klock)
Thialfihar (APG)
Arity (Arity calculator)
Siacs (Conversations)
Ppareit (FTP)
Ghost Squared (Ghost Commander File manager)
Mohammad Adib (Floating Stickies)
C3C076(Gravity Box)
Oasisfeng (Greenify)
K-9 Dog Walkers (K9 Mail)
Grarak (Kernel Adiutor)
Anthonycr (Lightning)
Xperiacle (Multiwindows Manager)
Pragmatic Software (Network Log)
Mdwh2(Open Camera)
The Guardian Project (Orbot)
Eolwral (OS Monitor)
Moon Child and Cyansmoker (Pale Moon)
Droidapps (PDF Reader)
Simon Marquis (Preferences Manager)
Thad Hughes (Quick Dic)
Q-Supreme team (Quick Pic)
Robert.Developer (Rmaps)
Search Light (Search Light)
Jackpal (Terminal Emulator)
Anasthase (Tint Browser And Tint Browser Adblock Addon)
Thomasebell (Urecord)
Mohammad Abu-Garbeyyeh (USB Mass Storage Enabler)
Zhuhang (Viper4Android FX and Viper4Android XHiFi)
Videolan.org (VLC)
Brambonne (Wi-Fi Privacy Police)
i dont own a galaxy grand 2 , although i may have to get one , but thank you for sharing your work. i'm not a developer so i can only imagine ( which probably falls way short ) of what this took to build.:thumbsup:
"all i can really do , is stay out of my own way and let the will of heaven be done"
Please do a 4.4.4/4.4.2 version. What about the security? Like anyone can hack into your phone....
salimtn said:
4.3 ?! Not interrested
Sent from my SM-G7102 using Tapatalk
Click to expand...
Click to collapse
Laurisss said:
Please do a 4.4.4/4.4.2 version. What about the security? Like anyone can hack into your phone....
Click to expand...
Click to collapse
Thank you for your useful feedbacks.
PLEASE, DO READ OP COMPLETELY AND CAREFULLY BEFORE ASKING ANY QUESTIONS, ANSWERS TO MOST PROBLEMS ARE THERE
WHY DO WE USE A 4.3 ROM AS BASE INSTEAD OF THE LATEST 4.4.2?
Because when it comes to privacy Kit Kat 4.4.x is a complete disaster, the newer the android version the more buit-in spying there is (and the more difficult it is to remove it), despite google's sweet talk about "enhanced user's experience.
Lollipop seems to be even worse, but that's another story.
And NO, not anyone can hack into your phone, but many can and google already did it!
salimtn said:
4.3 ?! Not interrested
Click to expand...
Click to collapse
Thank you soooooo much to take time to reply and show how much consideration and respect you have for someone that worked about 100 hours to build a rom and share it for free with the community.
It feels sad to know that you won t run Una rom on your phone, and thanks again for informing us that we won t count such a great person like you amongst our users, but maybe next time you should read OP:
UNA IS NOT FOR YOU IF:
. All that you care about is the latest gimmick in the latest OS,
. You can't live without the google’s apps,
. You are the kind of person that never reads through the OP and only scroll down to the download section, and then complain that things don't work and/or ask stupid questions that have already been answered in OP.
Click to expand...
Click to collapse
You see guys?
It s thanks to that kind of person that so many devs have left, leave, or will leave the forum...
Please do a 4.4.4/4.4.2 version
Click to expand...
Click to collapse
As written in OP there might be updates:
I'm working on some improvements on kernel and system level to make Una even more secure, but I will release them for the Grand 2 if, and only if, there are enough users' feedback for the current version, because it's a lot of work to implement such stuff in a ROM.
Click to expand...
Click to collapse
Well, time will tell, but so far if you were me what would you think/do?
Thanks for your valient efforts.
But most of the phones would have been upgraded
to k.k. and downgrading them to 4.3 is rather risky.
Even I wonder whether I can downgrade to 4.3 add you rightly mentioned
about 4.4 and 5 android versions.
Even then I will try to down grade to 4.3 and also
try this room. I am willing to take the risk for the developer.
salimtn said:
4.3 and a cute dev. ?! Still not interested ...
Click to expand...
Click to collapse
Still not interested?
Such a pity, people like you are every devs' dream and it would have been a real honour to count such a VIP like you amongst our users.
Thanks for letting us know, next time we ll try to do our best to satisfy demanding users like you...
wrishaba said:
Thanks for your valient efforts.
But most of the phones would have been upgraded
to k.k. and downgrading them to 4.3 is rather risky.
Even I wonder whether I can downgrade to 4.3 add you rightly mentioned
about 4.4 and 5 android versions.
Even then I will try to down grade to 4.3 and also
try this room. I am willing to take the risk for the developer.
Click to expand...
Click to collapse
Thank you for your support. With this attitude you are definitely repaying every effort made.
wrishaba said:
But most of the phones would have been upgraded
to k.k. and downgrading them to 4.3 is rather risky.
Even I wonder whether I can downgrade to 4.3 add you rightly mentioned
about 4.4 and 5 android versions.
Even then I will try to down grade to 4.3 and also
try this room. I am willing to take the risk for the developer.
Click to expand...
Click to collapse
I really dislike 4.4 because it s full of spying, but on the other hand I definitely could build a 4.4 rom for the Grand 2 cuz I can understand that not many people want to take the risk to downgrade.
The only problem is that I don t own the phone, and that the person I borrowed it from doesn t want me to install 4.4 on it, because of knox and because 4.3 runs well.
One thing you have to bear in mind is that latest android version doesn t mean best version, and since 4.1 it s actually been quite the opposite.
Google install 2-3 gimmicks to "enhance users' experience" bla bla, and at the same time strengthens its grip on android.
It got particularly bad with 4.4, and I read reports that it went even worse with 5x...
unclefab said:
I really dislike 4.4 because it s full of spying, but on the other hand I definitely could build a 4.4 rom for the Grand 2 cuz I can understand that not many people want to take the risk to downgrade.
The only problem is that I don t own the phone, and that the person I borrowed it from doesn t want me to install 4.4 on it, because of knox and because 4.3 runs well.
One thing you have to bear in mind is that latest android version doesn t mean best version, and since 4.1 it s actually been quite the opposite.
Google install 2-3 gimmicks to "enhance users' experience" bla bla, and at the same time strengthens its grip on android.
It got particularly bad with 4.4, and I read reports that it went even worse with 5x...
Click to expand...
Click to collapse
spying? Meh. 80% of people are on kitkat and a few are on lollipop. No reports of something hack-ish.
Laurisss said:
spying? Meh. 80% of people are on kitkat and a few are on lollipop. No reports of something hack-ish.
Click to expand...
Click to collapse
Most people don t realise they are being spyied.
Do one test.
Download network log from here:
https://f-droid.org/repository/browse/?fdfilter=network+log&fdid=com.googlecode.networklog
Install it, open it, give it root access and start logging by clicking "logging on" on the top.
Then do some browsing, going to this or that site, but don t go to any google related web site (no search, no youtube etc.).
Come back to network log, you will see that your phone connected to many funny addresses, including of course google, and that quite a lot of data has been transfered both inbound and outbound.
That s just a small test, there s actually much more than that but you ll get the idea.
You could make another test with xprivacy, and if you do so you ll see that all apps request various private data like ids and cell towers location.
The thing is that the higher the android version the more difficult it is to prevent that data mining, data mining that is little more than spying by looking over your shoulder.
Una roms have been designed to prevent that, and more (see OP), but it s up to everybody to install it or not.
I really appreciate your Hard work , I can imagine how much hard work you would have done by working on a phone which you do not own , borrowing it again and again , testing the ROM on someone else's phone and the fear of bricking it . But as someone mentioned in the thread many users are on 4.4 . Many here fear bricking there devices while downgrading it. The mere fact that you have to downgrade your device to use the ROM is what cause of lack of users . personally I really liked what your ROM offers. Just to help you for further development H6 is the most stable and without Knox count firmware. Some 60-70 % users who flash custom ROM are on this firmware and even many custom Roms use it as a base . Hope to see this ROM on kk .
Best of luck.
unclefab said:
I really dislike 4.4 because it s full of spying, but on the other hand I definitely could build a 4.4 rom for the Grand 2 cuz I can understand that not many people want to take the risk to downgrade.
The only problem is that I don t own the phone, and that the person I borrowed it from doesn t want me to install 4.4 on it, because of knox and because 4.3 runs well.
One thing you have to bear in mind is that latest android version doesn t mean best version, and since 4.1 it s actually been quite the opposite.
Google install 2-3 gimmicks to "enhance users' experience" bla bla, and at the same time strengthens its grip on android.
It got particularly bad with 4.4, and I read reports that it went even worse with 5x...
Click to expand...
Click to collapse
Definitely I wanna going to try this rom. I never said 4.4. Or 5 is best versions of android.
But the fact is downgrading is some what risky. Eben then I am going to try.
No need to pay me for taking sweet.
wrishaba said:
Definitely I wanna going to try this rom. I never said 4.4. Or 5 is best versions of android.
But the fact is downgrading is some what risky. Eben then I am going to try.
No need to pay me for taking sweet.
Click to expand...
Click to collapse
I didn t read everything about the downgrade procedure, but of what I have read you have to odin flash a specific KK version first, and then a specific 4.3.
Anyway, if it s really that risky maybe you shouldn t try and wait until we manage to release a 4.4 Una rom.
The problem is that the person that owns that phone uses it for business purposes, so I have to be very careful not to loose all the whatsapp, bbm etc. contacts and settings, and if it was ok to backup her rom, work on making una during nights and then restoring her original rom in the early morning, it would be a different story to switch from 4.3 to 4.4 to again 4.3 every night...
Let s see if I can convince her to use 4.4 as her daily rom, but I can t lie and tell her that 4.4 is better than 4.3, and I don t think she will accept to sacrifice her phone.
I meet her again next month and I ll keep you informed in case she accepts.
For now what you can do if you want to make your phone more private and secure is to follow what I explain in my security thread (check my signature "how to secure your phone").
unclefab said:
I didn t read everything about the downgrade procedure, but of what I have read you have to odin flash a specific KK version first, and then a specific 4.3.
Anyway, if it s really that risky maybe you shouldn t try and wait until we manage to release a 4.4 Una rom.
The problem is that the person that owns that phone uses it for business purposes, so I have to be very careful not to loose all the whatsapp, bbm etc. contacts and settings, and if it was ok to backup her rom, work on making una during nights and then restoring her original rom in the early morning, it would be a different story to switch from 4.3 to 4.4 to again 4.3 every night...
Let s see if I can convince her to use 4.4 as her daily rom, but I can t lie and tell her that 4.4 is better than 4.3, and I don t think she will accept to sacrifice her phone.
I meet her again next month and I ll keep you informed in case she accepts.
For now what you can do if you want to make your phone more private and secure is to follow what I explain in my security thread (check my signature "how to secure your phone").
Click to expand...
Click to collapse
All builds prior to NK1 are without KNOX.
NH6 is good and speedy.
I'm a dev too, and I don't recommend the over-VIP experience you're using to grab customers. I ain't sure, but it looks humiliating to you to give picky users a VIP experience.
Just tell them to get the hell off the thread if they hate the idea (I really like it and would've upgraded if I was a TW user. I use AOSP CM).
Also, the screenshots are from a Grand 1, and our device is SM-G7102, not I7102. You mixed up with the Grand 1 i9082.
Oah you know, customers is maybe not the right word, unless they pay which is not the case!
Then I don t know if that can be called a vip experience, but I understand your point, maybe sometimes I m too nice, what to do...
For the screenshots, I didn t mix 'em, I explained in OP that I didn't have time to make any since I ran short of time, and that the ones I put here come from another phone.
A galaxy grand i9082, yep, well done, you have a sharp eye!
They are very similar in shape, layout and color (apart from the cascade icon to minimize windows that Samsung has removed after 4.2.2, a big mistake to my opinion), so people can get the idea.
WaseemAlkurdi said:
I'm a dev too, and I don't recommend the over-VIP experience you're using to grab customers. I ain't sure, but it looks humiliating to you to give picky users a VIP experience.
Just tell them to get the hell off the thread if they hate the idea (I really like it and would've upgraded if I was a TW user. I use AOSP CM).
Click to expand...
Click to collapse
In some ways you are right, but we think that being professional is not a bad thing, despite the fact that the forum is full of picky users, ready to make bad comments even without trying the product. Of course, we can and we will also give a VIP experience, but it is reserved for the ones that will earn it.
In any case we appreciate your support. Thank you
WaseemAlkurdi said:
All builds prior to NK1 are without KNOX.
NH6 is good and speedy.
I'm a dev too, and I don't recommend the over-VIP experience you're using to grab customers. I ain't sure, but it looks humiliating to you to give picky users a VIP experience.
Just tell them to get the hell off the thread if they hate the idea (I really like it and would've upgraded if I was a TW user. I use AOSP CM).
Also, the screenshots are from a Grand 1, and our device is SM-G7102, not I7102. You mixed up with the Grand 1 i9082.
Click to expand...
Click to collapse
When downgrade strucked at boot logo "samsung".
Thai version. 4.3. What to do wasim? Any idea.
Odin flash failed. Again flashed NH6. Again boot loop.
Pllllzzzzz download link
Sent from my SM-G7102 using XDA Free mobile app
wrishaba said:
When downgrade strucked at boot logo "samsung".
Thai version. 4.3. What to do wasim? Any idea.
Odin flash failed. Again flashed NH6. Again boot loop.
Click to expand...
Click to collapse
As I recall, wiping (data/cache/Dalvik cache) from recovery worked.
You're lucky you ain't in a hard brick
Note that you need ClockWorkMod Recovery to wipe Dalvik.
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
phoenix79802 said:
Hi, I really need some advice and help, please!
Someone hacked my galaxy note 8 (latest update of OS) using Bluetooth. Thereafter when I had Bluetooth turned off all the time I would sometimes found it had turned on again and at times a pic would randomly appear in my camera roll folder. I was targeted by a group of people and having recalled looking back I was encouraged to message through WhatsApp and I believe that chrome and Andoid webview extension were involved. They also got into my gmail and tried to delete my contacts and wipe my phone and whatsapp history. Aftert this I saw that a Linux device had been attached to my gmail account.
I then went to an iphone and received a whatsapp from someone and a pic appeared again in my camera roll. I believe they were trying to do the same again and not sure how effective it is on iOS.
But now I have a new galaxy note 8 and someone has sent me a pic and video. I don't know that they are involved and I think I'm being overly cautious, but I need to understand what they did before and what I can do to check if they have hacked my new phone and doing the same thing again, and what I can do now to ensure they don't do it. I'm worried now that if they have got into my new phone and WhatsApp, will they have been able to get my IMEI and is my new phone now permanently susceptible to attack?
If I wipe my phone back to factory settings and reinstall everything again and start a new whatsapp with a new number, will that work?
My MS surface has also been acting up and I'd like to know if there's an easy sign to check on there too.
Thanks so much in advance!
Click to expand...
Click to collapse
I do strongly advice you to do a full factory reset or go to the nearest technician if you don't know how to do it, to flash the phone from scratch inmediatly. Also try the best security app for android once you setup your device again. That's enough.
Enviado desde mi SM-G550T1 mediante Tapatalk
---------- Post added at 12:58 PM ---------- Previous post was at 12:52 PM ----------
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Enviado desde mi SM-G550T1 mediante Tapatalk
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
davidzam said:
I would also report the issue to the tech support of WhatsApp, if there's any. Also, change every passwords on your Google devices with more secure passwords, Google, banking, social. And do place a secure password to block your device. Good luck.
Click to expand...
Click to collapse
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure.
As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it.
For example
I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH
now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH
mix it up with some upper case and lower case (names)=1h4dwniH&Ilh
you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH]
now you have a random easy to remember password. This password is the basis for all the security on android (at the current time) so even if you use a code it still unlocks with this and encrypts.
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Thanks for clarifying that fact for me.
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Zep0th said:
This is why I dislike Touchwiz, it's so outdated and vulnerable.
Just reflash your whole system, you can find guides on YouTube on how to flash a new firmware.
I would also recommend changing to a custom ROM with up to date security patches.
Edit: You should also change all your passwords to something very difficult like 'nJfi8t%Nc178c'
If you have difficulties remembering there's a lot of apps out there that can help, I personally use last pass, you should check it out.
Click to expand...
Click to collapse
Applied Protocol said:
If you were conned into downloading a webextension then this has nothing to do with whatsapp it has to do with the user. Conntact google security to change your account. In general if they hacked a phone the phone only is the problem but if they have access to all your info then it can always be a problem. About bluetooth always have at least a code between the devices (some BT keyboards do not even have this). Also look at the security update on the device if it is not the latest then swith to one of the custom roms here which are always secure. As for passwords think of a sentence and use the first letters of each word incorperate numbers capital letters and a symbol this helps you to remember it. For example I Have A Dog Who Name Is Henry And I Love Him=IHADWNIHAILH now change A for the & symbol one I for 1 and A for 4=1H4DWNIH&ILH mix it up with some upper case and lower case (names)=1h4dwniH&Ilh you can now add in other symbols or spell words such as [email protected] (too big so we will use only part @m )add ! after Henry and [] around &Ilh [email protected]![&ILH] now you have a random easy to remember password.
Click to expand...
Click to collapse
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
phoenix79802 said:
Just another question regarding Knox Secure Folder.
If I were to install and run everything through the secure folder and I were to be compromised again through a web extension, would that then all hackers to view everything on my phone again regardless of whether it's in the knox environment or outside? Would a backdoor like that work into the secure environment as it did in my normal android system?
Thanks again!
Click to expand...
Click to collapse
If your knox is still working and not tripped then that would be a good idea. However understand that the way to get in and out of knox still relies on encryption methods see CVE-2016-1919 as well as the kernel level security CVE-2016-6584 see also https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html, this means that if the key or encryption method is faulty you can get around it and the kernel is more complicated but will also do the same thing. The last way is to access a shared resource such as a clipboard that has access to both places a example of this is CVE-2016-3996. And CVE-2018-9142. Granted most of these are 2017 and 2018 and a quick look at the samsung CVA at https://www.cvedetails.com/vulnerability-list/vendor_id-822/Samsung.html does not have anything for Oreo this can be since until recently only the 9s' had it. But their is a recurring theme that the CVAs' are repeated out of the last 5 4 are repeated and some are simple mistakes (look at Googles project zero above in KALSAR). The question is is this enough and the answer is probably but a security orientated Rom might be a better bet. (I know this is not fair since they do not have CVAs). But a full wipe and fresh install should be enough. Add in a firewall too if you did not have that already.
phoenix79802 said:
Thanks so much! Would a custom firmware allow me to keep the use of knox? I'm thinking to flash it back to factory and only install and use everything from within knox.
Click to expand...
Click to collapse
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Zep0th said:
Sorry for the late reply, but Knox, in my opinion is super vulnerable, new android versions are safe enough.
And no, using a custom ROM would not have Touchwiz integrated nor Knox. Why? Because it will most likely be running stock android vanilla.
More secure than Samsung's Touchwiz, recommend something like LineageOS.
Click to expand...
Click to collapse
Look this depends on your perspective
FACT: knox is a hardware based security system which is unique to Samsung
FACT: Samsung phones are the most sold
FACT: The maker of the hardware has the resources to secure it better
Therefore Samsung knox is more secure and yes more users using the phone make it more advantageous to crack it. However Samsung to their credit does try to increase security in other ways such as using the TrustZone more and SEAndroid policy strengthening. Lineage is a great choice however knox which will be tripped and ever if not it needs custom software to run AFAIK. Also samsung is DoD approved see DoD list and news article. This is not necessarily a good indication of overall security but it dos put things in a good perspective (DoD do not patch themselves rather rely on the developers and stay on top of things) Really high security Android OS such as copperhead also have such improvements as Knox (way better if you look carefully) but they are limited on what phones it will work on. Also Android 8 is a lot more secure but fact of the matter is the best party that can secure a Samsung phone is Samsung but I am not saying they do. I would recommend Stock Samsung but if you need a custom rom lineage is a good choice this is true also in terms of power (used to be snapdragon charging on a rooted phone is only up to 80% but I think there is a fix) but in versatility a custom rom always wins and power saver settings can be better than the original.