February 25, 2014, 1:27 PM — Rooting your Android phone and flashing it with a new ROM -- a different version of the OS -- is usually accompanied by dire warnings from the manufacturer and occasionally even the supplier of the ROM image that it can make your phone less secure. Nov'IT, exhibiting at Mobile World Congress this week, says that its ROM will help keep your data and communications safe from prying eyes.
The ROM is one element of Uhuru Mobile, a security system developed by Nov'IT as part of a larger project to create a new antivirus system, DAVFI, funded by the French government.
Uhuru Mobile consists of a local apps market containing validated apps, a mobile device management system to which smartphones connect via a secure VPN (virtual private network), and the secure ROM, based on CyanogenMod, itself a modification of the Android Open Source Project.
To further harden the CyanogenMod ROM against attacks, Nov'IT says it performs a system integrity check during the startup process, provides dynamic protection against system call hooks, protects the kernel against unknown or malicious code execution, encrypts all user data, and performs VoIP and SMS encryption.
On top of that, according to Valentin Hamon of Nov'IT, the ROM checks the signature of updates, ensuring that it can be replaced only by a more recent version of itself.
Although Nov'IT is already selling the system, don't expect to find it in stores or to download it just yet. The company is targeting big organizations with hundreds or thousands of phones, and with the capability to flash them themselves, said Nov'IT's Philippe Orsier.
The company has received expressions of interest from India and Brazil, he said. Obvious customers closer to home would include France's Ministry of the Interior -- already a fervent proponent of open source systems -- or the Ministry of Defense. In fact, the French defense procurement agency, the DGA, is one of the backers of the DAVFI project that gave rise to Uhuru Mobile, so it could already be a buyer. Orsier would not comment on that.
Delivering validated apps will be a slow process -- Nov'IT says it has audited 450 of the hundreds of thousands available, but it has probably already accounted for the majority of institutional app usage with the validation of email clients compatible with IMAP, POP3 and Exchange 2003/2007 servers; the Firefox browser; an RSS reader, a video player, and readers for Office and PDF documents.
To protect customers from data gathering by apps that use geolocation technologies to push ads or otherwise target users, the Uhuru Mobile ROM can generate fake GPS information to prevent tracking. For businesses that want to be able to track their employees, administrators can disable this option via the MDM system.