That is a lovely analysis for this lowly thread of mine. Thanks again.

Thing is, I don’t trust my modem. Just on principle. It’s nonlibre software.

I’ll reread your posts in a while.

Unfortunately Google is hell-bent on restricting the platform instead of opening it up

Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that. “This app is incompatible with your device” – no, you declared that it is.

And sadly – though that doesn’t seem to be Google’s fault – it still doesn’t seem possible to compile Android apps on Android, so I can’t just get sources, change the manifest, and recompile them and install them myself, to escape that.

But that’s for another thread.

I see, makes sense. Thanks.

Hm, so, even if it is true that Shizuku-pairing directly privileges only the phone itself – that the adb commands never leave the phone – it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

Unless adb privileges are also identified by the ip address of origin. Unless, the modem could also feign those and multicast them, or something. Could it?

Oh well. This is straying quite far from Android. Thank you regardless.

In any case, I just wish Android provided networkless self-debugging. On one hand, I oughtn’t complain, for I deliberately didn’t root my phone; but on another, I’d like to have a secure “halfroot” of adb at hand.

(Maybe root operations / grantings should have a pending time of 24 hours. Just to make sure the user / I have thought them through. And yes, I know root shall be able to erase that mechanism. The weakest part of all my setups is myself.)

Though yesterday I figured, it may be a cool idea to have Tor Browser without Tor. Ie. retain all antifingerprinting of it, just remove the actual proxying. I don’t see a reason not to offer that, and it may help for when one has a paid vpn or whatever. Wonder if it’s been made.

Edit: or better yet, permit it per-tab or per-domain.

You mean not only for .onion sites?

Yes.

Of course, I do use a a clearnet browser for sites on which I have profiles, but eg. YouTube works well on TB, better than proxied NewPipe actually.

CloudFlare turnstiles aren’t too bad, and in any case, this is supposed to help with that, I understand:

https://privacypass.github.io/

Perhaps my question had semiconsciously stemmed from this:

Why would Android ask me to authorize a whole network for wireless debugging, if it then proceeds to demand device-permissions anyway?

I understand it is just a second layer of security, or, a relic of times when wifi connections were unencrypted. But if so, then wireless debugging should be just unenablable if elsewhere in Android settings, insecure wifi networks are enabled / if you presently are on one.

(Is adb encrypted anyway, as a protocol itself? If I authorized, say, my laptop, wirelessly, would the modem be able to read my commands? Those aren’t questions for you, btw, just musings. I should probably hit ai / Github for those.)

Alright, sweet. Ty both vm.

I’d think I had tried starting Shizuku up without a connection. Just now, I tried to enable wireless debugging without wifi on, and Android said i must turn it on first, but perhaps I can turn it off afterwards, the way you can be on airplane mode then turn wifi on. (This once helped my online radio app cease to leak my system language / location for some reason.)

Will edit this post with further report.

Fair enough, thanks.

I know it’s the app itself that executes adb commands. I just wonder.

https://shizuku.rikka.app/guide/setup/

It says, allow debugging on this network.

So what you’re saying is, this is somewhat misleading, for this step doesn’t automaticallh grant all devices on the network debug-privileges; and were the modem itself, somehow, applying for them, then it wouldn’t have asked for the code as Shizuku is doing, via a notification?

Any reason Tor browser hasn’t been mentioned yet itt?

Not recommending it, as such, just wondering it ir’s been shown to have any issues, as it’s been my main browser for years.