this post was submitted on 09 Dec 2025
7 points (100.0% liked)

Ask Android

3310 readers
1 users here now

A place to ask your questions and seek help related to your Android device and the Android ecosystem.

Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!

Rules
  1. Be descriptive: Help us help you by providing as many details as you can.
  2. Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
  3. Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
  4. Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
  5. No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
  6. No affiliate/marketing links: Posting affiliate links is not allowed.
  7. No URL shorteners: These can hide the true location of the page and lead people to malicious places.
  8. No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
  9. No cross-posting: Please take the time to make a proper post instead of cross-posting.
Other Communities

founded 2 years ago
MODERATORS
ijeff
ladfrombrad
7
Does Shuzku / wireless debugging demand a trusted wifi device? (self.askandroid)
submitted 5 days ago by wyfpm to c/askandroid
9 comments fedilink hide all child comments
 

Hey.

I need a wireless connection to use it, right?

And I can't use a selfhosted hotspot, right? It must be a second device, like an external hotspot or a modem.

And I authorize that device to adb level, right?

So if my modem is untrustworthy, it could install malware on my phone?

Thank you for clarification.

you are viewing a single comment's thread
view the rest of the comments
[–] Successful_Try543@feddit.org 2 points 5 days ago* (last edited 5 days ago) (9 children)

Shizuku runs locally on your Android device on which you want to do debugging or perform automated tasks. It's just using the ADB wireless interface to gain access to these functions. I.e. your Android device 'thinks' it's connected via wifi to a remote device which does the debugging.

[–] wyfpm 2 points 5 days ago (8 children)

Fair enough, thanks.

I know it's the app itself that executes adb commands. I just wonder.

https://shizuku.rikka.app/guide/setup/

It says, allow debugging on this network.

So what you're saying is, this is somewhat misleading, for this step doesn't automaticallh grant all devices on the network debug-privileges; and were the modem itself, somehow, applying for them, then it wouldn't have asked for the code as Shizuku is doing, via a notification?

[–] FooBarrington@lemmy.world 3 points 5 days ago (6 children)
  1. You don't need to be connected to a network to set Shizuku up. Even while you're not connected to an external network (through Wifi or mobile data), your phone has a "loopback" network that allows applications on your phone to talk to other applications as if they were connected through an external network. So if you're scared of giving access to the wrong thing, just turn off wifi & data.
  2. When Android asks you to approve an external debugging connection, it's approved for the specific device that's connecting. Other devices on the network are not allowed to connect. If I use my computer to connect wirelessly to ADB, only my computer can execute commands, not other devices on my network (they'd show another popup).

Hope this helps!

[–] wyfpm 2 points 5 days ago* (last edited 5 days ago) (1 children)

Perhaps my question had semiconsciously stemmed from this:

Why would Android ask me to authorize a whole network for wireless debugging, if it then proceeds to demand device-permissions anyway?

I understand it is just a second layer of security, or, a relic of times when wifi connections were unencrypted. But if so, then wireless debugging should be just unenablable if elsewhere in Android settings, insecure wifi networks are enabled / if you presently are on one.

(Is adb encrypted anyway, as a protocol itself? If I authorized, say, my laptop, wirelessly, would the modem be able to read my commands? Those aren't questions for you, btw, just musings. I should probably hit ai / Github for those.)

[–] FooBarrington@lemmy.world 2 points 5 days ago (1 children)

Ah, sorry, seems like I was wrong on the whole "no network connection needed", but the reason is the explanation for your question!

The only way for your phone to recognize/authenticate the source of an incoming ADB connection is the MAC address. Basically every device that sends/receives ethernet packets has to have a unique "fingerprint", so everyone knows it's still the same device if it disconnects & reconnects etc. Everything else (IP address etc.) can change at any time, so the MAC address is the only fingerprint available.

But devices can spoof (change) their MAC address. That's a really useful feature in many cases, e.g. phones these days use a random MAC for every new network, so a network provider can't track you moving through multiple different networks. Also there's no way to prevent it with our current network design. But this means that a malicious actor could wait for your trusted device to disconnect, then change their MAC to the one from your trusted device, and thus send malicious ADB commands.

Androids solution is to make you trust both the network and the device. So as long as you don't have malicious actors in your trusted network, you're safe - even if you connect to a different network with malicious actors, they can't send ADB commands.

[–] wyfpm 1 points 5 days ago* (last edited 5 days ago) (1 children)

I see, makes sense. Thanks.

Hm, so, even if it is true that Shizuku-pairing directly privileges only the phone itself -- that the adb commands never leave the phone -- it follows that a malicious wifi modem, knowing all devices' mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn't tell aren't its own.

Unless adb privileges are also identified by the ip address of origin. Unless, the modem could also feign those and multicast them, or something. Could it?

Oh well. This is straying quite far from Android. Thank you regardless.

In any case, I just wish Android provided networkless self-debugging. On one hand, I oughtn't complain, for I deliberately didn't root my phone; but on another, I'd like to have a secure "halfroot" of adb at hand.

(Maybe root operations / grantings should have a pending time of 24 hours. Just to make sure the user / I have thought them through. And yes, I know root shall be able to erase that mechanism. The weakest part of all my setups is myself.)

[–] FooBarrington@lemmy.world 2 points 5 days ago* (last edited 5 days ago) (1 children)

it follows that a malicious wifi modem, knowing all devices’ mac addresses, could, perhaps, feign being the phone, mac-wise. And issue its own commands, which the phone wouldn’t tell aren’t its own.

I just tested some scenarios:

  • I start Shizuku in one wifi network (prompt to trust the network, then I had to enter the pairing code since I hadn't used it before)
  • Then switch wifi networks
    • Shizuku was immediately disconnected
  • When I press "Start" again in Shizuku, I get prompted to trust the network
  • Then I switch back
    • Shizuku stays running
  • Then I disabled Wifi
    • Shizuku stays running
  • Then I disabled mobile data
    • Shizuku stays running
  • Then I stop Shizuku & press "Start" again
    • It asks me to enable wireless debugging, and that enables wifi

So you're safe as long as you don't start Shizuku & trust the network while connected to a potentially malicious network.

In any case, I just wish Android provided networkless self-debugging.

I agree 100%! It's definitely possible to add a better API that would allow Android users to trust specific apps with ADB debugging connections. Unfortunately Google is hell-bent on restricting the platform instead of opening it up :(

[–] wyfpm 1 points 4 days ago* (last edited 4 days ago)

That is a lovely analysis for this lowly thread of mine. Thanks again.

Thing is, I don't trust my modem. Just on principle. It's nonlibre software.

I'll reread your posts in a while.

Unfortunately Google is hell-bent on restricting the platform instead of opening it up

Right. The very thing I want adb for is, among other things, to install apps which Google arbitrarily declared obsolete (the api version declaration, I believe it is). I believe many good apps on F-Droid are uninstallable because of that. "This app is incompatible with your device" -- no, you declared that it is.

And sadly -- though that doesn't seem to be Google's fault -- it still doesn't seem possible to compile Android apps on Android, so I can't just get sources, change the manifest, and recompile them and install them myself, to escape that.

But that's for another thread.

load more comments (4 replies)
load more comments (5 replies)
load more comments (5 replies)