I have an android phone that had some unnecessary apps which i wanted to remove . Today i was reading up on how to remove it and came across shizuku and canta which seemed easy enough so i borrowed my friends phone to use his hotspot (you have to use wireless debugging for shizuku to work and it needs to connect to a hotspot) and connected it and removed my apps . As i was at his place and reading up on all the apps to remove and etc i was connected to his phone for a good 2-3 hours while having usb debugging and wireless debugging and shizuku on .
And now it just hit me that i may have done more damage by doing that than letting the bloat be cause the guy is infamous for having all kinda malware apps and games on his phones and computers and i have seen and jocked about it today too :(. So my question is how much did i mess up ? could his malicious phone and apps have installed or messed up my device while connected ? how much access did that phone have over my device ? The thing is none of the shizuku guides or reddit posts had any warnings about needing to connect to a secure network and me being the idiot i am didn’t think of that .How to check if i messed up and whay should i do ? Also for the next time would a random router be secure to do this on this ? or is a personnel computer/phone necessary ?
UPDATE : Have scanned it with hypatia and extended list and no positives have come up . The smart play would prolly be to wipe the phone but i have too much things on it and have customized it to my liking a lot throughout the years to do it on suspicion . Should i ? a lot of lemmings are saying its a niche attack vendor but i have not yet seen anyone explaining if it was possible and how ? or what all should i do better next time . Do feel free to chip in .
Don’t worry. Nothing will happen. Shizuku establishes adb server on your device not your friends device.
thanks man
Man you always use a condom
I don’t know the details but this feels like such a specific attack vector. Most malware targets the easiest and most common payload delivery mechanism as possible. Having someone connected via hotspot and piggybacking ontop of a specific workflow such as Shizuku just seems super unlikely. Could absolutely be wrong about this though, just my gut feel
Sounds like you need to put your phone in rice overnight.
I wouldn’t stress much. It would take a targeted attack to have actually compromised your phone. It is alright.
thanks man
Just like a pc, you can wipe your phone. Albeit with a couple more steps. When I think I’m dealing with a compromised system, I wipe it and restore the backup.
…you do have a backup, right?
starts sweating
If you reset your phone whose bloat will come back
yea that’s another prob 🥲
Should be fine. Seems like a very specific attack vector. Also it seems that shizuku works by being installed on ur own device then accessing the adb server over lan of the same device its installed on? I would assume the android debugging interface is quite secure to unauthorised access. I just consulted with dr gpt and adb uses a mechanism where each debugging device generates a rsa keypair then sends the public key to the debugged device which it can deny or authorise. It seems that adb is by default unencrypted with no further proof of device so someone with access to the network can intercept/change/spoof adb traffic.
Imao gpt hallucinates a TON to count anything it says as credible
Its right most of the time and i just went and read the docs and it seems its right about this. Also im using a custom uncensored ai agent that can search removed so hallucinations arent really an issue for me.