This document discusses security issues with custom Android ROMs. It begins by introducing custom ROMs and why they warrant security reviews. It then analyzes several practices in custom ROMs that could compromise security, such as enabling USB debugging, running ADB in root mode, loose permissions on the system partition, and allowing installation from unknown sources. The document demonstrates a proof-of-concept data theft tool and recommends users be wary of development processes and ask questions when using custom ROMs. It concludes with contact information for the author.