I have an android phone that had some unnecessary apps which i wanted to remove . Today i was reading up on how to remove it and came across shizuku and canta which seemed easy enough so i borrowed my friends phone to use his hotspot (you have to use wireless debugging for shizuku to work and it needs to connect to a hotspot) and connected it and removed my apps . As i was at his place and reading up on all the apps to remove and etc i was connected to his phone for a good 2-3 hours while having usb debugging and wireless debugging and shizuku on .
And now it just hit me that i may have done more damage by doing that than letting the bloat be cause the guy is infamous for having all kinda malware apps and games on his phones and computers and i have seen and jocked about it today too :(. So my question is how much did i mess up ? could his malicious phone and apps have installed or messed up my device while connected ? how much access did that phone have over my device ? The thing is none of the shizuku guides or reddit posts had any warnings about needing to connect to a secure network and me being the idiot i am didn’t think of that .How to check if i messed up and whay should i do ? Also for the next time would a random router be secure to do this on this ? or is a personnel computer/phone necessary ?
I don’t know the details but this feels like such a specific attack vector. Most malware targets the easiest and most common payload delivery mechanism as possible. Having someone connected via hotspot and piggybacking ontop of a specific workflow such as Shizuku just seems super unlikely. Could absolutely be wrong about this though, just my gut feel
Sounds like you need to put your phone in rice overnight.
I wouldn’t stress much. It would take a targeted attack to have actually compromised your phone. It is alright.
Should be fine. Seems like a very specific attack vector. Also it seems that shizuku works by being installed on ur own device then accessing the adb server over lan of the same device its installed on? I would assume the android debugging interface is quite secure to unauthorised access. I just consulted with dr gpt and adb uses a mechanism where each debugging device generates a rsa keypair then sends the public key to the debugged device which it can deny or authorise. It seems that adb is by default unencrypted with no further proof of device so someone with access to the network can intercept/change/spoof adb traffic.
