It's been recently found out that within the code of the custom rom there's a trigger that complete wipes the data off of your phone if you tamper with your device's adb shell. Essentially having the custom rom is giving you malware with the ability of the team to simply meddle with your storage data
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Retrial
Recognized Contributor / Translator / Spam Hunter
yeah, I've read that too yesterday. There is also a reddit post here.It's been recently found out that within the code of the custom rom there's a trigger that complete wipes the data off of your phone if you tamper with your device's adb shell. Essentially having the custom rom is giving you malware with the ability of the team to simply meddle with your storage data
TLDR for those without Twitter: This custom ROM has optional paid customization features. If you attempt to bypass payment through adb it will wipe your internal storage, external storage and eSIMs. Beware.
@Oswald Boelcke @Badger50 for your attention. Perhaps is better to remove links from Project Elixir threads and lock them?
TNSMANI
Senior Moderator / RC-RT Committee
Thanks for the headsup. The issue has already been brought to our attention and we are at it.yeah, I've read that too yesterday. There is also a reddit post here.
TLDR for those without Twitter: This custom ROM has optional paid customization features. If you attempt to bypass payment through adb it will wipe your internal storage, external storage and eSIMs. Beware.@Oswald Boelcke @Badger50 for your attention. Perhaps is better to remove links from Project Elixir threads and lock them?
Retrial
Recognized Contributor / Translator / Spam Hunter
To get the full picture from both sides, here are Telegram posts from the Project Elixir channel (no need to have account to watch them): post #1, post #2, post #3, post #4, post #5. I also attached screenshots.
However, this response it doesn't fit well to my eyes, to open source philosophy and generally the idea to trigger a wipe phone is very very bad from any point of view. The vocabulary they used on their last posts, because they got exposed, is also very bad and shows immature people.
However, this response it doesn't fit well to my eyes, to open source philosophy and generally the idea to trigger a wipe phone is very very bad from any point of view. The vocabulary they used on their last posts, because they got exposed, is also very bad and shows immature people.
Attachments
that's completely illegal in my opinion. like how do they have the authority to do that?!?!within the code of the custom rom there's a trigger that complete wipes the data off of your phone if you tamper with your device's adb shell.
We're currently purging XDA from Project Elixir. However, this might take some time to be completed.that's completely illegal in my opinion. like how do they have the authority to do that?!?!
Regards
Oswald Boelcke
Senior Moderator
You gave them that "authority" by loading the firmware. Any time you flash a device you're potentially playing with fire. You are what you flash...that's completely illegal in my opinion. like how do they have the authority to do that?!?!
PixelPlusUI is from same dev, and AFAIK it also has paid features in its Pixelizer customization tool (correct me if that's not true). It wouldn't be a suprise if there is also similar "feature" implemented there.
Please allow me to request your patience and not yet to report any Project Elixir threads.
Oswald Boelcke
Senior Moderator
We are doing our very best to implement this ban but it might take some time, maybe a few days. Any report that we have to handle in parallel just distracts us. Let's say, if you find any thread in about a week that hasn't be cleaned, we'd appreciate your reports.
We've already discussed that project and that's what our head of the Developer Committee said:PixelPlusUI is from same dev, and AFAIK it also has paid features in its Pixelizer customization tool (correct me if that's not true). It wouldn't be a suprise if there is also similar "feature" implemented there.
RegardsI think Pixel Plus was precursor to Elixir. It's an old ROM so not relevant
Oswald Boelcke
Senior Moderator
Please allow me to request your patience and not yet to report any Project Elixir threads.We are doing our very best to implement this ban but it might take some time, maybe a few days. Any report that we have to handle in parallel just distracts us. Let's say, if you find any thread in about a week that hasn't be cleaned, we'd appreciate your reports.
We've already discussed that project and that's what our head of the Developer Committee said:
Regards
Oswald Boelcke
Senior Moderator
@NOSS8
It's not as illegal as it is immoral. As a developer you're entitled to any features or code within your services, so long as they don't step over legal boundaries.that's completely illegal in my opinion. like how do they have the authority to do that?!?!
Wiping your data is technically not illegal, but because this wasn't publicly discussed at first, on top of the fact that it's a restriction put in a rom that most users will have superuser access to, makes the entire thing look scummy and very inconvenient for those whom used the custom rom.
Elixir devs are EA in human form
@Melomi Thanks for your contribution.It's not as illegal as it is immoral. As a developer you're entitled to any features or code within your services, so long as they don't step over legal boundaries.Wiping your data is technically not illegal, but because this wasn't publicly discussed at first, on top of the fact that it's a restriction put in a rom that most users will have superuser access to, makes the entire thing look scummy and very inconvenient for those whom used the custom rom.
The question for this private website is not if anything is "illegal" or "immoral" but if code published via our website complies with our stance.
Please contact me privately if you think a further discussion is necessary.
Regards
Oswald Boelcke
Senior Moderator
There was some discussion about EU's data protection laws. Since the product or service available in public front, for free (in this case, custom rom) gets your data deleted without your consent.Wiping your data is technically not illegal,
But i'm not a lawyer, i'm spewing bs and who cares about any of that stuff anyway. I just wouldn't want any such code on my device.
There is a very fragile line of trust between a rom developer and his users and stuff like this makes us all look in a bad light
We're currently purging XDA from Project Elixir. However, this might take some time to be completed.Regards
Oswald Boelcke
Senior Moderator
Strange that this has remained under the radar for so long. However you look at it, ultimately this software was also available through XDA, making the administrators essentially liable for facilitating and distributing dangerous malware to all users.
Just like Meta and Google get fined for dangerous content being on Facebook and YouTube. There is no difference. I think XDA should be punished very harshly for this. They wouldn't get away with this in the EU.
Retrial
Recognized Contributor / Translator / Spam Hunter
Well, deleting user data, I wouldn't say its a "feature".It's not as illegal as it is immoral. As a developer you're entitled to any features or code within your services, so long as they don't step over legal boundaries.Wiping your data is technically not illegal, but because this wasn't publicly discussed at first, on top of the fact that it's a restriction put in a rom that most users will have superuser access to, makes the entire thing look scummy and very inconvenient for those whom used the custom rom.
It wasn't discussed publicly because if it was, probably none would use that ROM with the fear of their data, sdcard, esim being deleted.
It is just wrong, there is no excuses for such things...Tbh they destroyed themselves with that thing.
Retrial
Recognized Contributor / Translator / Spam Hunter
Ok if you want XDA to be punished, lets punish and Google for search results, lets punish Telegram and so on. The difference tho, between these companies you mentioned and XDA is, XDA (mods) actually care and take quick actions when something like that happens.Strange that this has remained under the radar for so long. However you look at it, ultimately this software was also available through XDA, making the administrators essentially liable for facilitating and distributing dangerous malware to all users.Just like Meta and Google get fined for dangerous content being on Facebook and YouTube. There is no difference. I think XDA should be punished very harshly for this. They wouldn't get away with this in the EU.
That code wasn't there from the start of this project and obviously moderators & admins are not robocops, can't monitor all these ROMs sources all the time.
I am glad someone look at it and exposed them, then moderators handled it with no hesitation.
I don't understand why you want XDA to be punished. If you go right now and do something bad to someone, XDA should be punished for your action?
Last edited:
The way i see it, if you look really into what's disturbing about this (since some people don't get it)
Is the fact that they remind you (threaten almost) that they CAN erase your data just by triggering that flag they set to whatever they want. Ofc rom developers have full control over their users device if you think about it, but you're not supposed to imply it. That killswitch just by existing takes away from the power a device owner has over their property
Is the fact that they remind you (threaten almost) that they CAN erase your data just by triggering that flag they set to whatever they want. Ofc rom developers have full control over their users device if you think about it, but you're not supposed to imply it. That killswitch just by existing takes away from the power a device owner has over their property
That's aggressive data protection. Similar things can happen with any encrypted device.Well, deleting user data, I wouldn't say its a "feature".
It wasn't discussed publicly because if it was, probably none would use that ROM with the fear of their data, sdcard, esim being deleted.
It is just wrong, there is no excuses for such things...Tbh they destroyed themselves with that thing.
With all computers redundant critical data backup is mandatory. You may lose a day, a week, a month etc of critical data but not all your data if properly properly backed up.
Almost every day there's a new post on data lose/recovery here. It's largely preventable if you just redundantly do backups. After the fact is most times too late.
Last edited:
Retrial
Recognized Contributor / Translator / Spam Hunter
Yeap, data backup is important anyway but I would say that's different from what we have here. Let's separate the data encryption for security reasons and such things which the code was there to act as malicious if triggered.That's aggressive data protection. Similar things can happen with any encrypted device.
With all computers redundant critical data backup is mandatory. You may lose a day, a week, a month etc of critical data but not all your data if properly properly backed up.Almost every day there's a new post on data lose/recovery here. It's largely preventable if just redundantly do backups. After the fact is most times too late.
Similar threads
