The security of ADB over USB is rather a mystery. Since some Android version (Jelly Bean?), Android needs confirmation of fingerprint of the host when connecting over USB (!). Sure, even authentication of USB host has some merit, which I am not going to discuss right now. However, when enabling network ADB, it always used to warn that it is not secure. I've never dared to enable it. Maybe it was some leftover warning. Maybe it just authenticates without encryption, which might be OK for some limited purposes. Maybe the authentication is missing or insufficient when using network ADB. (For example, authenticating just initial handshake packets might be reasonable for some USB threat model, but it can be hardly reasonable for network threat model.) Unless you find some details that I was unable to find few years ago, I can hardly consider it as secure.
Moreover, this option seems to be missing on Android 6.0.1 on BlackBerry PRIV. Maybe it is removed by Google, maybe it is just disabled by BlackBerry. Rather than ensuring that network ADB is secure enough, it seems to be much simpler to use USB. If the phone resets USB when moved from one VM to another one, there is a workaround od running ADB in the USBVM. This is surely suboptimal for security (risks of compromising USBVM) and convenience, but it works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/308ed035-a5e8-447f-ab55-b2a863d53ae3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
