Comment on Does Shuzku / wireless debugging demand a trusted wifi device?
wyfpm@lemdro.id 3 weeks agoI see, makes sense. Thanks.
Hm, so, even if it is true that Shizuku-pairing directly privileges only the phone itself – that the adb commands never leave the phone – it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.
Unless adb privileges are also identified by the ip address of origin. Unless, the modem could also feign those and multicast them, or something. Could it?
Oh well. This is straying quite far from Android. Thank you regardless.
FooBarrington@lemmy.world 3 weeks ago
I just tested some scenarios:
So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.
wyfpm@lemdro.id 3 weeks ago
That is a lovely analysis for this lowly thread of mine. Thanks again.
Thing is, I don’t trust my modem. Just on principle. It’s nonlibre software.
I’ll reread your posts in a while.
Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that.
And sadly – though that doesn’t seem to be Google’s fault – it still doesn’t seem possible to compile Android apps on Android, so I can’t just get sources, change the manifest, and recompile them and install them myself, to escape that.
But that’s for another thread.