Hey.

I need a wireless connection to use it, right?

And I can’t use a selfhosted hotspot, right? It must be a second device, like an external hotspot or a modem.

And I authorize that device to adb level, right?

So if my modem is untrustworthy, it could install malware on my phone?

Thank you for clarification.

  • wyfpm@lemdro.idOPEnglish
    1·
    2 days ago

    I see, makes sense. Thanks.

    Hm, so, even if it is true that Shizuku-pairing directly privileges only the phone itself – that the adb commands never leave the phone – it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

    Unless adb privileges are also identified by the ip address of origin. Unless, the modem could also feign those and multicast them, or something. Could it?

    Oh well. This is straying quite far from Android. Thank you regardless.

    In any case, I just wish Android provided networkless self-debugging. On one hand, I oughtn’t complain, for I deliberately didn’t root my phone; but on another, I’d like to have a secure “halfroot” of adb at hand.

    (Maybe root operations / grantings should have a pending time of 24 hours. Just to make sure the user / I have thought them through. And yes, I know root shall be able to erase that mechanism. The weakest part of all my setups is myself.)

    • FooBarrington@lemmy.worldEnglish
      2·
      2 days ago

      it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

      I just tested some scenarios:

      • I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn’t used it before)
      • Then switch wifi networks
        • Shizuku was immediately disconnected
      • When I press “Start” again in Shizuku, I get prompted to trust the network
      • Then I switch back
        • Shizuku stays running
      • Then I disabled Wifi
        • Shizuku stays running
      • Then I disabled mobile data
        • Shizuku stays running
      • Then I stop Shizuku & press “Start” again
        • It asks me to enable wireless debugging, and that enables wifi

      So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.

      In any case, I just wish Android provided networkless self-debugging.

      I agree 100%! It’s definitely possible to add a better API that would allow Android users to trust specific apps with ADB debugging connections. Unfortunately Google is hell-bent on restricting the platform instead of opening it up :(

      • wyfpm@lemdro.idOPEnglish
        1·
        2 days ago

        That is a lovely analysis for this lowly thread of mine. Thanks again.

        Thing is, I don’t trust my modem. Just on principle. It’s nonlibre software.

        I’ll reread your posts in a while.

        Unfortunately Google is hell-bent on restricting the platform instead of opening it up

        Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that. “This app is incompatible with your device” – no, you declared that it is.

        And sadly – though that doesn’t seem to be Google’s fault – it still doesn’t seem possible to compile Android apps on Android, so I can’t just get sources, change the manifest, and recompile them and install them myself, to escape that.

        But that’s for another thread.