I have an android phone that had some unnecessary apps which i wanted to remove . Today i was reading up on how to remove it and came across shizuku and canta which seemed easy enough so i borrowed my friends phone to use his hotspot (you have to use wireless debugging for shizuku to work and it needs to connect to a hotspot) and connected it and removed my apps . As i was at his place and reading up on all the apps to remove and etc i was connected to his phone for a good 2-3 hours while having usb debugging and wireless debugging and shizuku on .
And now it just hit me that i may have done more damage by doing that than letting the bloat be cause the guy is infamous for having all kinda malware apps and games on his phones and computers and i have seen and jocked about it today too :(. So my question is how much did i mess up ? could his malicious phone and apps have installed or messed up my device while connected ? how much access did that phone have over my device ? The thing is none of the shizuku guides or reddit posts had any warnings about needing to connect to a secure network and me being the idiot i am didn’t think of that .How to check if i messed up and whay should i do ? Also for the next time would a random router be secure to do this on this ? or is a personnel computer/phone necessary ?
UPDATE : Have scanned it with hypatia and extended list and no positives have come up . The smart play would prolly be to wipe the phone but i have too much things on it and have customized it to my liking a lot throughout the years to do it on suspicion . Should i ? a lot of lemmings are saying its a niche attack vendor but i have not yet seen anyone explaining if it was possible and how ? or what all should i do better next time . Do feel free to chip in .
Should be fine. Seems like a very specific attack vector. Also it seems that shizuku works by being installed on ur own device then accessing the adb server over lan of the same device its installed on? I would assume the android debugging interface is quite secure to unauthorised access. I just consulted with dr gpt and adb uses a mechanism where each debugging device generates a rsa keypair then sends the public key to the debugged device which it can deny or authorise. It seems that adb is by default unencrypted with no further proof of device so someone with access to the network can intercept/change/spoof adb traffic.
Imao gpt hallucinates a TON to count anything it says as credible
Its right most of the time and i just went and read the docs and it seems its right about this. Also im using a custom uncensored ai agent that can search removed so hallucinations arent really an issue for me.