12
Feb
padlock-icon

Worried about an ADB-savvy thief stealing the precious data off your stolen phone or tablet? Well, Android 4.2.2 makes doing that a little harder now, with the addition of a USB debugging whitelist feature into the OS. The way it works is pretty simple - when you connect your PC to your Android device via USB, Android gets your PC's RSA key (an identifier token). In Android 4.2.2, when you have USB debugging enabled, this now causes a prompt to appear on connection, seen below.

Screenshot_2013-02-12-11-47-41

The prompt asks you to confirm that you wish to allow USB debugging from the connecting PC, and allows you to add it to a whitelist such that the prompt won't ask you to confirm for that computer again. So, if a thief steals your phone (assuming you have a password / gesture / face unlock set), they won't be able to get all fancy with ADB and start dumping your personal data onto a hard drive. And that's good. Here's the message a potential thief would get from ADB upon attempting to list a connected device from an unauthorized PC ('offline'), and the message after that PC has been authorized ('device').

upload

The security aspect of this feature relies on a few prerequisites, though, otherwise it kind of loses its usefulness.

First, you obviously need some kind of barrier to entry to the phone: if the thief gets the prompt, that doesn't do you much good. So, your lockscreen needs a password, gesture, or face unlock set up, so the prompt won't appear. That's easy enough, and something many people already do.

The next part may not exactly appeal to you, the Android-tinkering enthusiast. If your phone is rooted, has an unlocked bootloader, or is running custom firmware (eg, a custom recovery like ClockworkMod Recovery), there's a good chance you've created a potential workaround for this USB debug whitelist, and that a determined data thief could still find a way to your precious information. We won't go into specifics, but suffice to say, if your bootloader isn't locked, the USB debug whitelist can effectively be nullified.

This is just one of a number of changes in Android 4.2.2, and (hopefully) we'll have a list of those changes later today. (And a teardown by Ron later this week.)

David Ruddock
David's phone is whatever is currently sitting on his desk. He is an avid writer, and enjoys playing devil's advocate in editorials, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • Kam Siu

    useful bit to help with security. thumbs up

  • Randy Kelly

    So if my device is unlocked, I can't enable usb debugging? I can't get it to go online

    • Floflo

      No. Even with an unlocked device you should be able to enable USB debugging.

      What the article says is that if your device has an unlocked bootloader, someone could use the bootloader to disable this protection, enable USB debugging anyway and access your data.

      • Randy Kelly

        i understand that, but right now my device is saying offline when i adb devices, I'm not getting that pop up.

        • Hands0n

          Same thing here - since updating to 4.2.2 I don't get prompted when connecting the Mac and seems no way round this at the moment!

          • Mackster88

            The prompt for the RSA key wouldn't pop up for me until I tried an adb push

    • http://www.androidpolice.com/ Artem Russakovskii

      I'm guessing you're hitting the same problem I have. Update your ADB via the SDK Manager first. I'll make a quick PSA post about this later.

      • Randy Kelly

        yeah i'm doing that now

        • http://geniousatplay.blogspot.com/ Bikram Agarwal

          Interesting. Wondering why current ADB will render debug mode offline?

      • Brennan Leathers

        My problem is I can't update my sdk bc I'm on Mac OS X 10.5 which 4.2 sdk does not support. Would really like to turn the white list feature off somehow bc now I can't use adb with my phone :-(

  • Scott

    Yeah if you have an unlocked bootloader...all bets are off as far as security of the data on the device goes.

    • Randy Kelly

      thats ok, with me

    • http://www.androidpolice.com/ Artem Russakovskii

      Indeed. But hey - if you don't lock the door to your house, it's in more danger than if you do too.

    • Matthew Grochowalski

      Wouldn't full device encryption prevent someone accessing your data? Although someone could still flash a trojan.

    • Kavaltheone

      Thank you so much!

      • Kavaltheone

        wanted to reply to Hands0n ^_^ for tip on adb update, he he

  • Chronus719

    So basically useless for a large portion of Nexus users.

    • Bariman43

      Pretty much.

    • http://www.androidpolice.com/ Artem Russakovskii

      It's still a welcomed step in the right direction.

  • http://twitter.com/Jug6ernaut William

    Hello ADB-Over-SSH over the internet.

  • http://www.anivision.org/ Christopher Bailey (Xcom923)

    yeah....but the average (and hell the above average) thief won't even worry about trying to get at your data, usually the value is in the device. Clearing it and reselling it is the objective you'd have to be a very specific target for them to come after your data

    • http://www.androidpolice.com/ David Ruddock

      I agree with this. But in the enterprise world, there actually could be a specific / general target (any person working for a particular company, for example), so I think it's more useful to that group than your Average Joe.

      Honestly, I don't even use a lockscreen security method. I know my data isn't that important or interesting to anyone who would want to steal my phone in the first place.

      • http://www.facebook.com/andresdroid Andres Schmois

        And if you actually have confidential information I'm sure a simple encryption will take care of that. (Many apps will encrypt stuff with a personal password)

        • http://www.androidpolice.com/ David Ruddock

          Yeah, this is just another layer upon existing options that are already out there, for sure.

          • mgamerz

            Doubtful, as a developer I leave ADB on. I know other developers. What's stopping me from plugging their phone in while they go to the bathroom and sideloading a malicious app? Nothing. Not even the keyguard stops adb.

          • http://www.facebook.com/andresdroid Andres Schmois

            Once again, if you truly have confidential information, you'd take care of your phone. For example, usb debugging will never be on (unless you're using it). And if it was, the only way to access the phone with adb (with this new feature) is to use the same computer that accessed it in the first place.

        • Chris

          Or just encrypt the whole phone, then recovery (with or without adb) won't be able to get your data without your passphrase.

      • http://www.anivision.org/ Christopher Bailey (Xcom923)

        yeah, I considered that. But I work in IT and pretty much anyone who has an android device (of any importance) has it linked to their corp. email. It's actually been built in for a while to see any phone that's compromised (if you try to unlock it and fail a bunch of times) and remotely wipe it. Honestly I would never recommend anything be stored on a just the phone. I like to be able to wipe at any time and re-issue the data later.

      • ParAndroid

        Well, even an "Average Joe" wouldn't want to see photos of his girlfriend and/or him (taken during their private moments) somewhere on the Internet... besides, your data may not be of much value, but your identity might. Someone pretending to be you might steal from your friends or family...

      • http://geniousatplay.blogspot.com/ Bikram Agarwal

        If you have a password/PIN lock, the thief is more likely to boot into recovery mode and factory reset. Lookout/Prey/SeekDroid - everything outta window. If it is simply 'swipe to unlock', you have a fair chance of being able to use those tracking software to locate your phone and save your data from being wiped.

        But then there's the possibility of - "if he knows 'recovery mode', he knows to look for tracking apps". It's a catch 22 situation, I guess.

  • Dan r. Maor

    Out of curiosity, can this feature be disabled?

    • http://www.androidpolice.com/ David Ruddock

      I'm sure it could be as part of custom firmware, but I can almost guarantee there is no user-facing way to turn it off.

    • mgamerz

      Tell your device to be less promiscuous.

  • Usuals.

    to be honest, if somebody really jacked my phone i think the last thing they would be doing is setting up ADB to try and steal some information from it.

    useless feature, just like that "press 7 times on build number to reveal developer options" from 4.2.1

    • mgamerz

      If someone jacks your phone you know they're going to try to find ways around your security, and ADB was easy since you could sideload anything.

  • JG

    Any chance those of us not on a Nexus device might be able to somehow add this to our devices in the foreseeable future (ie not waiting 6+months to get the upgrade)? Especially those of us still stuck back in Gingerbread land.... Just because our OEMs abandoned us back at 2.3.4 doesn't mean we don't like keeping our data secure :)

  • http://www.androidpolice.com/ Artem Russakovskii

    Here's the best explanation for the value added by this feature, as suggested by xalbo on reddit:

    "The article talks about threat models where the phone was stolen first, but there's another threat model this fixes. Previously, if you had USB debugging turned on, plugging into any insecure (say, public) computer could lead to the same data leak potential. So it was unsafe to leave USB debugging enabled and charge from an untrusted computer. This seems to fix that. Very nice little fix."

    http://www.reddit.com/r/Android/comments/18edd1/new_security_feature_in_android_422_for_adb/c8e2bzy

    That makes sense.

    • rfond

      yeah, I always worry about that too.
      nice addition to android

  • mgamerz

    About time. I can still grab anyones phone (who has debugging on) and upload something that starts at boot and then reboot their phone. One day they'll get updated... maybe...

  • Dipish

    Will be useful in cases where you use those free public phone chargers in airports and planes.

  • http://codytoombs.wordpress.com/ Cody Toombs

    How is this RSA key stored and can it be wiped/cleared easily? I doubt people will need to revoke access often, but it will come up. Equally, is it possible that this will be shared across Google account services, making it so that all of your devices trust the same computers automatically. I doubt that would happen (since it introduces a security loophole), but it would be interesting.

    Further, can it be cleared too easily, lending itself to being an annoyance for people that flash frequently?

    Just some curiosities...

    • Tony

      Just noticed with Android 4.3 there is now an option to "Revoke USB Debugging authorizations" in the Developer Options settings menu. Horray!

      As for where the RSA keys are stored: for the desktop side "They are typically stored in$HOME/.android as adbkey and adbkey.pub." and on the device "keys are stored in the/data/misc/adb/adb_keys file." See Nikolay's indepth post about it here (http://nelenkov.blogspot.com/2013/02/secure-usb-debugging-in-android-422.html).

  • Rud3boy

    F'*** this update. USB Debugging is not working with MPE. Anyone knows to fix the whitelist?

  • Dysgnat

    Anyone knows where i can find the whitelist to delete?

    • Tony

      Just noticed with Android 4.3 there is now an option to "Revoke USB Debugging authorizations" in the Developer Options settings menu. Horray!

  • Hands0n

    ADB Problem solved! -

    What none of the articles about this 4.2.2 update tell you is that you need to be on a current version of ADB - that is currently 1.0.31 (I was previously on 1.0.29) in order for the RSA key exchange to work. Otherwise you may connect with ADB but cannot interact with the device running Android 4.2.2 - "show devices" comes up with "offline".

    Basically, you need to update your SDK to the latest version to gain access to the ADB and Fastboot apps. XDA have a simple set of instructions here --> http://forum.xda-developers.com/showthread.php?t=1917237

    Having updated I am now able to use ADB with the Nexus 4 again. Happy days :)

    • http://www.facebook.com/people/Mizuki-Oshiro/100001810655569 Mizuki Oshiro

      Fantastic, thank you! I tried a lot of things trying to fix the 'offline' problem. Updating via the SDK manager was the solution.

    • http://twitter.com/modibimal ßimal મોદી

      Thank you so much, I had the same issue. You made my day.

    • Thankful

      just want to say thanks to you. I was just about to give up cause I've wasted half a day trying to get this to work with no luck, tho. Updating the SDK is the answer to anyone having trouble with fastboot and adb.

    • kaefert

      Thanks for mentioning the version number. I already read somewhere that I need to update adb, but the "android" tool from my "adt-bundle-linux-x86_64-20130219" tells me that I have the latest platform-tools installed which are rev. 16.0.2 --> but adb version printed "1.0.26" so I googled for adb linux 1.0.31 and found it here --> https://github.com/mozilla/r2d2b2g/commit/2eefcc05366173ca51635da8f542fd8473ba0fea --> https://ftp.mozilla.org/pub/mozilla.org/labs/r2d2b2g/adb-1.0.31-linux.zip with that binary I finally can use adb on my nexus 7 again.

  • Stefano .

    I have a friend who forgot the lock screen pin of his nexus, updated to 4.2.2 just yesterday. Luckily usb debug was on so, searching the web, we can gain access to the stored pin and clear it. Unfortunately, this new protection stops me to access via adb because I can't see that window with the whitelist request.
    I can't think to any other method to enter his Gnexus!

    • http://codytoombs.wordpress.com/ Cody Toombs

      Until an exploit is discovered, there aren't really any good solutions. If there is a custom recovery (or the bootloader is unlocked so a custom recovery can be installed via fastboot), there are a couple of things to try. First off, it might be possible to flash something that disables the lock screen or resets the PIN. If something like this doesn't exist yet, I'm confident it will turn up very soon. If there's no way to get back into the phone properly, the next option involves creating a full Nandroid backup from recovery, doing a wipe of the phone, and then using an app that can read that format to restore app data as desired.

      Without an unlocked bootloader or custom recovery, the only thing left to do is wipe the device from stock recovery and start fresh. I've never used a stock wipe from recovery, so I'm not sure if it'll wipe photos and videos.

      • http://codytoombs.wordpress.com/ Cody Toombs

        Oh, just thought of a 3rd option, albeit a definite last ditch effort (prior to just wiping the device completely). It still relies on an being able to flash a rom though. You could always try flashing a pre-4.2.2 ROM to the device. Definitely clear the caches (regular and dalvik), but don't wipe the user data. Assuming it doesn't go completely haywire when the OS boots up, it should be possible to hook up through adb to issue an unlock command. Chances are, the phone will be really unstable and prone to crashing, but it would possibly be good enough to run a backup app, a file manager or to recover anything else that you need before doing a wipe.

        • Stefano .

          I was able to fastboot and flash twrp recovery. From here I did a data backup (just in case), then trying to factory reset (yeah! no pin) and restoring data... pin request still there!

          What type of unlock command could I send through adb? Definitely only with pre-4.2.2 rom..

          • http://codytoombs.wordpress.com/ Cody Toombs

            Are you saying you restored the nandroid backup from twrp? That will restore everything, including the PIN lock.

            In this scenario, you are wiping your device, letting it start up completely, then using an app like Titanium Backup or ROM Toolbox to extract data from the nandroid backup. Keep in mind, you don't want to restore everything, just app data and obvious stuff like SMS and call history. Restoring other system stuff could cause instability or put the PIN lock back in place.

          • Stefano .

            Cody I found a solution that is both simple and clean:
            in twrp recovery I used its file explorer to navigate to /data/system and simply delete the file password.key. Reboot and here I come, no pin lock!!!
            In the same path you could find the gesture.key file, used for gesture lock.

            So basically:
            - start in fastboot
            - use galaxy nexus toolkit to boot twrp recovery without permanently flash it (option 10)
            - in twrp, use file explorer and navigate to /data/system and delete password.key and/or gesture.key
            - reboot.

            that's all!
            Thanks for your support!
            Maybe this it the 'exploit' you refer to :-)

          • http://codytoombs.wordpress.com/ Cody Toombs

            Huh, I always thought that the PIN/password was stored in the encrypted Android settings space, not as a separate file. Cheers for getting it working without having to go through restoring everything manually.

            ...And another life is saved by an unlocked bootloader ;)

  • Sdluzzi

    Can anyone please tell me when exactly this new security message pops up? I connected my updated nexus 7 (4.2.2) and enabled usb debugging before connecting it to the pc but no pop up here... Does it only pops up when entering an adb command?? Or should it appears as soon as I connect my nexus with usb debugging on to the pc??
    Thanks in advance for the help!

    • Stefano .

      the message pops up when you issue an adb command, e.g. the instant when you press 'enter' after the "adb devices"

      • Sdluzzi

        Ohhhh ok, thanks a lot for the answer! So, only when typing adb commands it pops out, but not when I plug in the nexus even if the usb debugging is on, but not adb commands are typed.. Am I right? Thanks a lot for your help!

        • Stefano .

          yes, it's right!

          • Sdluzzi

            Awesome!! Thanks a lot for all your help!! :-D

  • Josh

    How can i enable this feature? Sorry, i just got the nexus 4 and i'm new to android.

  • Tony

    Is there a way to view the whitelist of computers? Or a way to remove or reset the list? Can't seem to find it.

    • Tony

      If anyone stumbles around here with the same questions, there is now an answer:

      Just noticed with Android 4.3 there is now an option to "Revoke USB Debugging authorizations" in the Developer Options settings menu. Horray!

  • Stephen

    Get a iPhone

  • Shannon Barrera

    my phone is sky.. but it have password attemp i need to open