So on a production phone, the adb shell gives you a "shell" user shell. And the shell user has no permissions to read anything under /data (except for /data/local/tmp)
You can use 'adb shell id' to determine which user your adb shell runs under. If you ave a root shell, then you can access anything under /data. Dave Hylands ----- Original Message ----- > From: "Dave Camp" <[email protected]> > To: "Paul Theriault" <[email protected]>, "dev-b2g list" > <[email protected]>, "Alexandre Poirot" > <[email protected]>, [email protected] > Sent: Tuesday, September 10, 2013 6:43:05 PM > Subject: Re: [b2g] Security implications of remote debugging on devices > > On Tue, Sep 10, 2013 at 9:39 AM, Paul Rouget <[email protected]> wrote: > > > > > So your proposal would prevent people to steal password only if: > > the phone doesn't have a code, the phone is not rooted, the > > phone doesn't have an accessible sdcard, passwords are not recoverable > > via email. > > > > And in that case they could just grab the data with adb, right? > > -dave > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
