CyanogenMod rolls out secure device-locating feature

CyanogenMod is a free/open version of the Android operating system. Yesterday, they announced a cool new feature called CM Account, for recovering and/or wiping lost or stolen devices. Unlike traditional device-locating services, which effectively offer a back-door to your phone or tablet that can be exploited by hackers, spies, or unscrupulous insiders, CyanogenMod's version relies on your browser establishing a secure connection to your device, without anyone in the middle having access to the keys and passwords used to hijack the device and get its location or wipe its drive. The service was developed in part by Moxie Marlinspike, a legendary security and privacy hacker, and the code is open and free for audit.

The CM account is optional and free. The service is secure and managed by us. The website client side encryption code is not obfuscated. The application is open sourced and Apache licensed. We highly encourage our contributors to participate in a security and privacy review and understand what sets us apart from other solutions.

Obviously, some of you will have privacy concerns and are sensitive of your data. We have created a privacy policy, terms of use page and general “What is a CyanogenMod Account” page to hopefully answer most of your questions. But even if you choose not to read them, we’ll say it as clearly as possible:

* We have no interest in selling your data

* We cannot track you or wipe your device. We designed the protocol in such a way that makes it impossible for anyone but you to do that.

CyanogenMod Account (via Engadget)