Beware of the Custom ROMs - The Case of Officially Pushed Nuke Codes and More

rootyme

Jaadoo
Adept
Welcome to the tale of two custom ROMs. One - Project Elixir, Two - ArrowOS

1. Project Elixir (https://projectelixiros.com/)

This is a case of ROM developers going too far. So far that they included bits of code that would wipe your Internal storage, External Storage as well as your eSIMs "WITHOUT YOUR REQUEST/CONSENT." What's more shocking is the dev team's response to the discovery of these codes by the general public. Read on:

wipe trigger.png


Apparently, the ROM has some "paid" "clock widget customisation" (Custom lockscreen clocks) implemented by the ROM maintainers. As everything with OSS, this hidden-behind-paywall-feature was also bypass-able by various methods known only to those who use this ROM and obviously to the ROM devs.

The devs didn't like this. So they decided to insert a few bits of code to "punish" those who "dared" to bypass the limitation with zips and whatnot.

It's beyond my understanding how anybody can even think of such drastic measures just for "Custom Lockscreen Clocks" but the reality is that this happened. And the devs don't appear to have any regrets.

These are the official responses:
1. https://t.me/Elixir_Updates/3653
2. https://t.me/Elixir_Updates/3660

To sum it up, in my own words, the official response was: "Those who pirated, had their device nuked. Not much problem with that since normal users were unaffected. People are spreading 'misinformation'. People don't want to pay for 'exclusive' features. It takes resources to maintain a project. But don't worry we removed the code. You are free to spread misinformation."

Whatever the case is, this is completely unacceptable. This incident completely undermines the amount of trust people put into the ROM.

2. Arrow OS (https://arrowos.net/)

Here are the screenshots from the official blog of this ROM. Up since Dec, 2022. https://blog.arrowos.net/android/ar...t-of-providing-free-roms-and-monthly-updates/

dh1.png

dh2.png

dh3.png


So the unsuspecting user downloading ROMs from their site is called "****head" by the maintainers/devs themselves.

Whatever the case is, they have no right to be this cheap. No elaboration is needed from my end here, I guess. I've never used this ROM thankfully.

Blocking Ads on their site also makes you a, you guessed it.........

Anyways, have you used either of these ROMs? I have not and will never.
 
Last edited:
These custom ROMs are private projects maintained by a few people, on whose whims and fancies features are implemented. It is the reason Google has aggressively come down on custom ROMs but especially rooted devices, because they can be an easy attack vector (lack of security updates on OEM devices is bad but at least they are not as easy to take over completely with locked bootloader and being rootless).

Even the GrapheneOS developer went a bit loony sometime back before stepping down.

I suppose as far as custom ROMs ago, you can somewhat trust large community projects like Lineage/Omni or those run by non-profit foundations like /e/ os and Calyx. But again, I never use custom ROMs on any device with financial apps on it.
 
I used Elixir rom for 2 yrs or so before my phones battery went bad and I had to buy another phone in a hurry.
Must say their rom was simply awesome compared to other roms out there at least for my device.

Now just like Elixir, there are many roms out their having paid features may be for clocks, wallpapers, custom features as requested by the user or something fancy etc. for which the devs charge a small amount which is just a one-time payment. There also exists such packages like basic, mid, exclusive etc, for which the features as well as the fees/members amount increases.
These devs are 90% college students esp. doing software dev. thing etc. and they do all this only in their free time.
They need funds to maintain an online server and etc. coding resources to keep the project going and this is not only for just one device but 100s out there given that every phone model comes with 2-4 region-wise releases.

They even pin messages that due to exams and preparations etc. there wont be updates for a few months or so and in this period they handover the development to other devs who can work on by the time main dev is back etc.

Now to your query, many smartass users are extracting data from the rom, creating self-signed zips and posting publicly on other channels freely distributing the premium stuff on their names. Sheer cheating and pirating!
This is called robbing the devs and is obviously a frustrating moment for any author.

They have taken such steps to curb the piracy, the way might be unethical but the mechanism they have developed is only going to harm the devices of the ones tampering the system. WHile the user who uses the rom as is without any cruel intentions will not be facing issues unlike the tempering ones.

You also cannot complain to google or any such authority as they are governed by nobody but themselves. Its like you are using their products AT YOUR OWN RISK AND WILL!

Then they also have a disclaimer as well...either live with it or leave it!

Disclaimer: I'm not backing any devs here. You auto-abide by their policies automatically once you flash their rom!
 
Last edited:
Now to your query, many smartass users are extracting data from the rom, creating self-singed zips and posting publicly on other channels freely distributing the premium stuff.
This is called robbing the devs and is obviously a frustrating moment for any author.
The apt mechanism would've been to show some annoying notification or sth along that. The ones creating these zips are to be blamed not the users. A good deal of the active userbase of such custom ROMs are in the 10-18 age group without jobs. Imagine nuking their data cuz they flashed some zip out of curiosity.
They have taken such steps to curb the piracy, the way might be unethical but the mechanism they have developed is only going to harm the devices of the ones tampering the system.
Not the first thing to have been pirated. None of us are saints and I am sure the devs ain't either. No ROM has ever wiped internals over any reason.
You also cannot complain to google or any such authority as they are governed by nobody but themselves. Its like you are using their own products AT YOUR OWN RISK AND WILL!
The changes have been reverted and the project development has been completely closed indefinitely.
fdfff.png

Then they also have a disclaimer as well...either live with it or leave it!
Never used it.
They need funds to maintain an online server and etc. coding resources to keep the project going and this is not only for just one device but 100s out there given that every phone model comes with 2-4 region-wise releases.
According to their own website, they have their dedicated Patreon page with backers. They also accept donations on UPI, PayPal.
You auto-abide by their policies automatically once you flash their rom!
Comments on Arrow? You don't even need to flash their ROM to be called a *******.
I can see the argument for both sides.
I'm sorry but there is no justification for what they did.
Again, I've never used either of these ROMs.
I suppose as far as custom ROMs ago, you can somewhat trust large community projects like Lineage/Omni or those run by non-profit foundations like /e/ os and Calyx. But again, I never use custom ROMs on any device with financial apps on it.
Yeah.

I think it's better to get Smartphones with 4-5 year support cycle so that flashing ROMs become entirely optional.
 
I think it's better to get Smartphones with 4-5 year support cycle so that flashing ROMs become entirely optional.
Only a small population flashes roms to get those latest OS and security updates on their expired devices to just keep that device Alive!
While someone like me are always on lookout for new features and customizations with tweaks and tricks with tons of add-ons etc.

If you are one of those looking only for updates for a longer period then get an iphone, pixel, samsungs etc phones that too not those sub 20-30k ones but in the 50-60k+ range for a peace of mind for next couple of years.
Custom roms aren't for you guys to just rely on those simple updates and on hopes that oen day your device will get the latest android..they come with their own risks.
 
Last edited:
Looking at their official response, it's likely that the ROM devs are gonna bump into this thread sooner or later. So I'll post this just in case.

I've never downloaded/used any of your ROMs. I will not either. Today was my last visit to the ArrowOS site/blog. This post is specifically meant to serve as a piece of news and what I say is my personal opinion/commentary on the same.
 
Looking at their official response, it's likely that the ROM devs are gonna bump into this thread sooner or later. So I'll post this just in case.

I've never downloaded/used any of your ROMs. I will not either. Today was my last visit to the ArrowOS site/blog. This post is specifically meant to serve as a piece of news and what I say is my personal opinion/commentary on the same.
Life was good before telegram when all this used to happen on XDA. But xda is as dead as yesteryear's erodov..completely eroded as everything about phones have moved to telegram hence no moderation and these dev community/guys can go to any levels do whatever they want. Also, no country moderates TG like Whatsapp. Its an ignored platform.
 
I can't see this sort of monetisation model working, at this point there's not much difference between what the companies are doing and this. Maybe they can try to ask the community to vote on which feature they want developed and organize a fundraiser specific to that feature.
 
It will be till eternity and why not?
You should try to be more creative in your responses, like this:

Hello Heisen,

We donot need your advice. We donot want that a member to advice us.

"Someone like me are always on lookout for
new features and customizations with tweaks
and tricks with tons of add-ons etc."


We donot like member who try to teach us the things, YES we will use custom ROMs in 2024 , SO donot teach us the importance of custom ROMs, Carefully read what we wrote , "We lookout for new features and customization with tweaks and tricks with tons of add-ons" , This message is loud and clear inpite of it you objected the same and above that you are "sighing" for the same , Now for this exercise of your fault we will ban you .
 
Last edited:
Life was good before telegram when all this used to happen on XDA. But xda is as dead as yesteryear's erodov..completely eroded as everything about phones have moved to telegram hence no moderation and these dev community/guys can go to any levels do whatever they want. Also, no country moderates TG like Whatsapp. Its an ignored platform.
True. Xda was actually fun before telegram killed it. There were active members almost like here and responses were also logical. And now its like a barren or say a dead platform.
 
They could've used a stark warning alert or something similar than fully wiping a phone, which makes them totally untrustworthy forever.
These kind of immaturity shows such feeble guys are baits for extortionists to three letter agencies.
Anyways, hope anybody who came across their antics will not touch their products even with a 10feet pole.
 
> Most maintainers are college going kids, what do you expect?

My expectation:

>> Anyways, hope anybody who came across their antics will not touch their products even with a 10feet pole.
For now and for future, since they showed their mettle.
 
custom roms and their support actually used to be good in the past. I still remember getting a Micromax Yureka with it's cyanogen os and going ham with it, these days both roms and their support have gone down the drain with Google actively taking away main parts of android under a closed source license making it harder to reverse engineer stuff. I think very few roms today are worth flashing
 
custom roms and their support actually used to be good in the past. I still remember getting a Micromax Yureka with it's cyanogen os and going ham with it, these days both roms and their support have gone down the drain with Google actively taking away main parts of android under a closed source license making it harder to reverse engineer stuff. I think very few roms today are worth flashing
yup
Back then we were also using our phones more as phone first and a secondary standalone computing device with minimal personal/ sensitive data.

As against today where most of us cannot /should not trust these ROMs unless one has the bandwidth to review their code
 
Back
Top