74

Why is ADB debugging over Wi-Fi no longer available on OnePlus devices ?

  1. Manu J. Global Product Operations Manager Staff Member Jul 20, 2018

    Manu J., Jul 20, 2018 :
    Hey everyone,

    We have been hearing a lot of community members ask: Why is ADB debugging over Wi-Fi no longer available on OnePlus devices?

    The network ADB debugging option allows users to debug through a Wi-Fi network. It can send and execute ADB commands without being connected through USB. When network ADB debugging is used in a safe environment such as your home or office Wi-Fi, it shouldn't pose security risks; however, if connected in a public place or through an unsecured Wi-Fi hotspot, hackers could potentially gain access through the network. Malicious programs could then be installed remotely, which poses security risks to private data and accounts. For example, according to a verified report - a large number of 5555 network ADB ports are being monitored:

    Https://doublepulsar.com/root-bridg...ces-now-have-no-security-and-are-b46a68cb0f20

    Here at OnePlus, your security is incredibly important to us. In order to protect the privacy information and account security of our users, we removed the network ADB debugging option to prevent the users' mobile phones from being monitored. As the network security environment has become increasingly severe, other major Android device manufacturers have also opted to remove the network ADB debugging option.

    Tip: If you'd like to continue to use the ADB debugging function, it is recommended to use a USB cable to connect to your computer for ADB debugging.
     

    #1
  2. camohan Marshmallow Moderator Jul 20, 2018

    camohan, Jul 20, 2018 :
    Absolutely clear and nicely written that a layman like me can understand it.
     

    #2
    Paschfire, akst, ramyakmehra and 9 others like this.
  3. DeluxeNoone Ice Cream Sandwich Jul 20, 2018


    #3
    Ravi BINAVAT likes this.
  4. GopalB. Nougat Jul 20, 2018

    GopalB., Jul 20, 2018 :
    Thanks for the information Manu... [​IMG]
     

    #4
  5. the98kid Ice Cream Sandwich Jul 20, 2018


    #5
    Ravi BINAVAT likes this.
  6. the_o2 Marshmallow Jul 20, 2018

    the_o2, Jul 20, 2018 :
    Thanks for the information and clarification :)
     

    #6
  7. Cheetosdust Starting Point Expert Jul 20, 2018

    Cheetosdust, Jul 20, 2018 :
    Nice to read, thank you for the clarification.

    Keep it up! :cool:
     

    #7
  8. GeertBerkers Lollipop Jul 20, 2018

    GeertBerkers, Jul 20, 2018 :
    And I was so happy it was back on the OnePlus 6. Isn't there an option to enable it yourself if you know and understand the risks?!

    This is really a reason to not update my OnePlus 6... I love wireless ADB
     

    #8
  9. _Henric Gingerbread Jul 20, 2018


    #9
    Shalu_yadav and Ravi BINAVAT like this.
  10. meatandy Oreo Jul 20, 2018


    #10
  11. Sam Nakamura Ice Cream Sandwich Jul 20, 2018

    Sam Nakamura, Jul 20, 2018 :
    Maybe you should remove "network capabilities" altogether, there're reports that the vast majority of malware gets on the devices through a active connection with the internet...

    (sarcasm off)

    Thanks for babysitting! I feel much safer now... awesome
     

    #11
  12. Dhiren Velari Gingerbread Jul 20, 2018


    #12
    Ravi BINAVAT likes this.
  13. macemoneta Honeycomb Jul 21, 2018

    macemoneta, Jul 21, 2018 :
    From the linked article:

    "It is completely unauthenticated, meaning anybody can connect to a device running ADB to execute commands. However, to enable it — in theory — you have to physically connect to a device using USB and first enable the Debug Bridge."

    It's not a theory; a certificate exchange has to take place over wired USB before adb can be used over WiFi. The user has to expressly authorize the device to use adb (which can be undone by revoking USB debugging authorization). Attempts to connect to adb over WiFi without the authorized token will be rejected. It's similar to an HTTPS connection with HSTS.

    As a result, it makes no sense to remove wireless adb.

    An example of the authentication dialog that shows that adb is using RSA public/private keys for access authentication.

    [​IMG]
     
    Last edited: Jul 21, 2018

    #13
  14. Shivang Joshi Starting Point Expert Jul 21, 2018


    #14
    Sun90 and the_o2 like this.
  15. rumaank Froyo Jul 21, 2018

    rumaank, Jul 21, 2018 :
    Agreed on the security concerns.
    But,
    Since ADB over WiFi /ADB debugging is disabled by default, Users who'll turn it ON will know what they are doing (at least). So, please provide the toggle switch for wireless adb back. Using cables is such a hassle.
     

    #15
  16. G_Tobias_Schmale_axRm Cupcake Jul 21, 2018

    G_Tobias_Schmale_axRm, Jul 21, 2018 :
    I disagree with the decision of removing wireless adb. Connecting and disconnecting a USB cable often strains the battery therefore wireless adb is much more economical.

    To adress the security concerns I suggest a similar approach to USB Otg which automatically disables when not used.

    Alternatively you could add a whitelist of WiFi Networks in which Wireless adb is allowed.
     
    Last edited: Jul 21, 2018

    #16
  17. macemoneta Honeycomb Jul 21, 2018

    macemoneta, Jul 21, 2018 :
    Actually, you have to "whitelist" and authorize each device that connects to adb with a cryptographic key.
     

    #17
    FighterBoyZ and Nezumi_ like this.
  18. keithnyc Lollipop Moderator Jul 23, 2018

    keithnyc, Jul 23, 2018 :
    smart move.... thanks for explaining
     

    #18
    manuel19 and Sun90 like this.
  19. luxuskamel Lollipop Jul 23, 2018


    #19
    manuel19 likes this.
  20. darkwingz Froyo Jul 25, 2018

    darkwingz, Jul 25, 2018 :
    I do not understand I could connect to op6 by enabling adb over tcpip by enabling it using cable.
    So basically I could connect adb over WiFi without cable.
     

    #20