this post was submitted on 15 Dec 2024
18 points (72.5% liked)

Privacy

32424 readers
515 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I have an android phone that had some unnecessary apps which i wanted to remove . Today i was reading up on how to remove it and came across shizuku and canta which seemed easy enough so i borrowed my friends phone to use his hotspot (you have to use wireless debugging for shizuku to work and it needs to connect to a hotspot) and connected it and removed my apps . As i was at his place and reading up on all the apps to remove and etc i was connected to his phone for a good 2-3 hours while having usb debugging and wireless debugging and shizuku on .

And now it just hit me that i may have done more damage by doing that than letting the bloat be cause the guy is infamous for having all kinda malware apps and games on his phones and computers and i have seen and jocked about it today too :(. So my question is how much did i mess up ? could his malicious phone and apps have installed or messed up my device while connected ? how much access did that phone have over my device ? The thing is none of the shizuku guides or reddit posts had any warnings about needing to connect to a secure network and me being the idiot i am didn't think of that .How to check if i messed up and whay should i do ? Also for the next time would a random router be secure to do this on this ? or is a personnel computer/phone necessary ?

UPDATE : Have scanned it with hypatia and extended list and no positives have come up . The smart play would prolly be to wipe the phone but i have too much things on it and have customized it to my liking a lot throughout the years to do it on suspicion . Should i ? a lot of lemmings are saying its a niche attack vendor but i have not yet seen anyone explaining if it was possible and how ? or what all should i do better next time . Do feel free to chip in .

top 14 comments
sorted by: hot top controversial new old
[–] DWin@feddit.uk 30 points 6 days ago

I don't know the details but this feels like such a specific attack vector. Most malware targets the easiest and most common payload delivery mechanism as possible. Having someone connected via hotspot and piggybacking ontop of a specific workflow such as Shizuku just seems super unlikely. Could absolutely be wrong about this though, just my gut feel

[–] remer@lemmy.world 17 points 6 days ago

Sounds like you need to put your phone in rice overnight.

[–] Stomata@sh.itjust.works 8 points 6 days ago (1 children)

Don't worry. Nothing will happen. Shizuku establishes adb server on your device not your friends device.

[–] agent47@sh.itjust.works 2 points 6 days ago
[–] Aussiemandeus@aussie.zone 3 points 5 days ago

Man you always use a condom

[–] Boomkop3@reddthat.com 6 points 6 days ago* (last edited 6 days ago) (1 children)

Just like a pc, you can wipe your phone. Albeit with a couple more steps. When I think I'm dealing with a compromised system, I wipe it and restore the backup.

...you do have a backup, right?

[–] agent47@sh.itjust.works 3 points 6 days ago (1 children)
[–] Stomata@sh.itjust.works 4 points 6 days ago (1 children)

If you reset your phone whose bloat will come back

[–] agent47@sh.itjust.works 2 points 6 days ago

yea that's another prob 🥲

[–] Neptr@lemmy.blahaj.zone 7 points 6 days ago (1 children)

I wouldn't stress much. It would take a targeted attack to have actually compromised your phone. It is alright.

[–] agent47@sh.itjust.works 1 points 6 days ago
[–] muntedcrocodile@lemm.ee -2 points 6 days ago (1 children)

Should be fine. Seems like a very specific attack vector. Also it seems that shizuku works by being installed on ur own device then accessing the adb server over lan of the same device its installed on? I would assume the android debugging interface is quite secure to unauthorised access. I just consulted with dr gpt and adb uses a mechanism where each debugging device generates a rsa keypair then sends the public key to the debugged device which it can deny or authorise. It seems that adb is by default unencrypted with no further proof of device so someone with access to the network can intercept/change/spoof adb traffic.

[–] agent47@sh.itjust.works 2 points 6 days ago (1 children)

Imao gpt hallucinates a TON to count anything it says as credible

[–] muntedcrocodile@lemm.ee 1 points 5 days ago

Its right most of the time and i just went and read the docs and it seems its right about this. Also im using a custom uncensored ai agent that can search shit so hallucinations arent really an issue for me.