alt Hacker NewsIsn't keeping ADB enabled (most people who do this don't enable it and then promptly disable it) a huge security problem? ADB enabled means an adversary can completely own your device and "back it up" by simply plugging it in.
This is much worse than nagging about "untrusted sources".
Replies
>ADB enabled means an adversary can completely own your device and "back it up" by simply plugging it in.
each adb host has to be individually white-listed by an unlocked device. also the current behavior is that it auto forgets any white listed host that hasn't connected within 7 days.
No it's not. Your computer creates a unique ID and you have to accept that on the unlocked phone the first time (or every time if you choose to).
So even when adb is on an attacker can't just plug into your phone and use it. Besides, I just switch it off when I don't use it
No, there's a trust-on-first-use procedure where you have to accept the computer's key on your phone.