Hey.

I need a wireless connection to use it, right?

And I can’t use a selfhosted hotspot, right? It must be a second device, like an external hotspot or a modem.

And I authorize that device to adb level, right?

So if my modem is untrustworthy, it could install malware on my phone?

Thank you for clarification.

  • FooBarrington@lemmy.worldEnglish
    2·
    1 day ago

    it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

    I just tested some scenarios:

    • I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn’t used it before)
    • Then switch wifi networks
      • Shizuku was immediately disconnected
    • When I press “Start” again in Shizuku, I get prompted to trust the network
    • Then I switch back
      • Shizuku stays running
    • Then I disabled Wifi
      • Shizuku stays running
    • Then I disabled mobile data
      • Shizuku stays running
    • Then I stop Shizuku & press “Start” again
      • It asks me to enable wireless debugging, and that enables wifi

    So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.

    In any case, I just wish Android provided networkless self-debugging.

    I agree 100%! It’s definitely possible to add a better API that would allow Android users to trust specific apps with ADB debugging connections. Unfortunately Google is hell-bent on restricting the platform instead of opening it up :(

    • wyfpm@lemdro.idOPEnglish
      1·
      1 day ago

      That is a lovely analysis for this lowly thread of mine. Thanks again.

      Thing is, I don’t trust my modem. Just on principle. It’s nonlibre software.

      I’ll reread your posts in a while.

      Unfortunately Google is hell-bent on restricting the platform instead of opening it up

      Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that. “This app is incompatible with your device” – no, you declared that it is.

      And sadly – though that doesn’t seem to be Google’s fault – it still doesn’t seem possible to compile Android apps on Android, so I can’t just get sources, change the manifest, and recompile them and install them myself, to escape that.

      But that’s for another thread.