Nov'IT says flashing a new ROM onto your Android phone can make it more secure

Uhuru Mobile is a new ROM derived from Cyanogen that aims to make Android phones more secure

Rooting your Android phone and flashing it with a new ROM -- a different version of the OS -- is usually accompanied by dire warnings from the manufacturer and occasionally even the supplier of the ROM image that it can make your phone less secure. Nov'IT, exhibiting at Mobile World Congress this week, says that its ROM will help keep your data and communications safe from prying eyes.

The ROM is one element of Uhuru Mobile, a security system developed by Nov'IT as part of a larger project to create a new antivirus system, DAVFI, funded by the French government.

Uhuru Mobile consists of a local apps market containing validated apps, a mobile device management system to which smartphones connect via a secure VPN (virtual private network), and the secure ROM, based on CyanogenMod, itself a modification of the Android Open Source Project.

To further harden the CyanogenMod ROM against attacks, Nov'IT says it performs a system integrity check during the startup process, provides dynamic protection against system call hooks, protects the kernel against unknown or malicious code execution, encrypts all user data, and performs VoIP and SMS encryption.

On top of that, according to Valentin Hamon of Nov'IT, the ROM checks the signature of updates, ensuring that it can be replaced only by a more recent version of itself.

Although Nov'IT is already selling the system, don't expect to find it in stores or to download it just yet. The company is targeting big organizations with hundreds or thousands of phones, and with the capability to flash them themselves, said Nov'IT's Philippe Orsier.

The company has received expressions of interest from India and Brazil, he said. Obvious customers closer to home would include France's Ministry of the Interior -- already a fervent proponent of open source systems -- or the Ministry of Defense. In fact, the French defense procurement agency, the DGA, is one of the backers of the DAVFI project that gave rise to Uhuru Mobile, so it could already be a buyer. Orsier would not comment on that.

Delivering validated apps will be a slow process -- Nov'IT says it has audited 450 of the hundreds of thousands available, but it has probably already accounted for the majority of institutional app usage with the validation of email clients compatible with IMAP, POP3 and Exchange 2003/2007 servers; the Firefox browser; an RSS reader, a video player, and readers for Office and PDF documents.

To protect customers from data gathering by apps that use geolocation technologies to push ads or otherwise target users, the Uhuru Mobile ROM can generate fake GPS information to prevent tracking. For businesses that want to be able to track their employees, administrators can disable this option via the MDM system.

Potential buyers can download an evaluation ROM for the Nexus 4, but the company also intends to offer ROMs for popular phones from Samsung Electronics, LG Electronics, and Sony, Orsier said.

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at

Join the CSO newsletter!

Error: Please check your email address.

Tags AndroidmobileantivirusDetection / preventionMWCmobile applicationsintrusionAndroid OSconsumer electronicssecuritymobile securitysmartphonesNov'ITencryption

More about IDGLGLG Electronics AustraliaSamsungSamsung Electronics AustraliaSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Sayer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts