The security of ADB over USB is rather a mystery. Since some Android version
(Jelly Bean?), Android needs confirmation of fingerprint of the host when
connecting over USB (!). Sure, even authentication of USB host has some merit,
which I am not going to discuss right now. However, when enabling network ADB,
it always used to warn that it is not secure. I've never dared to enable it.
Maybe it was some leftover warning. Maybe it just authenticates without
encryption, which might be OK for some limited purposes. Maybe the
authentication is missing or insufficient when using network ADB. (For example,
authenticating just initial handshake packets might be reasonable for some USB
threat model, but it can be hardly reasonable for network threat model.) Unless
you find some details that I was unable to find few years ago, I can hardly
consider it as secure.
Moreover, this option seems to be missing on Android 6.0.1 on BlackBerry PRIV.
Maybe it is removed by Google, maybe it is just disabled by BlackBerry.
Rather than ensuring that network ADB is secure enough, it seems to be much
simpler to use USB. If the phone resets USB when moved from one VM to another
one, there is a workaround od running ADB in the USBVM. This is surely
suboptimal for security (risks of compromising USBVM) and convenience, but it
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.