it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

I just tested some scenarios:

• I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn’t used it before)
• Then switch wifi networks
  • Shizuku was immediately disconnected
• When I press “Start” again in Shizuku, I get prompted to trust the network
• Then I switch back
  • Shizuku stays running
• Then I disabled Wifi
  • Shizuku stays running
• Then I disabled mobile data
  • Shizuku stays running
• Then I stop Shizuku & press “Start” again
  • It asks me to enable wireless debugging, and that enables wifi

So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.