Comment on Does Shuzku / wireless debugging demand a trusted wifi device?
FooBarrington@lemmy.world 3 weeks agoit follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.
I just tested some scenarios:
- I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn’t used it before)
- Then switch wifi networks
- Shizuku was immediately disconnected
- When I press “Start” again in Shizuku, I get prompted to trust the network
- Then I switch back
- Shizuku stays running
- Then I disabled Wifi
- Shizuku stays running
- Then I disabled mobile data
- Shizuku stays running
- Then I stop Shizuku & press “Start” again
- It asks me to enable wireless debugging, and that enables wifi
So you’re safe as long as you don’t start Shizuku & trust the network while connected to a potentially malicious network.
wyfpm@lemdro.id 3 weeks ago
That is a lovely analysis for this lowly thread of mine. Thanks again.
Thing is, I don’t trust my modem. Just on principle. It’s nonlibre software.
I’ll reread your posts in a while.
Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that.
And sadly – though that doesn’t seem to be Google’s fault – it still doesn’t seem possible to compile Android apps on Android, so I can’t just get sources, change the manifest, and recompile them and install them myself, to escape that.
But that’s for another thread.