I've been using Expo for my project and recently ran into something unexpected. Previously, I was able to build and run my project on Android without needing to connect my device before starting the build. However, when using native code modules , I need to have my device connected before initiating the build, which I find a bit strange.
I got it working wirelessly by using the following steps, and I understand the adb usb command exists, but I haven't had much success with it. Here's the wireless setup that worked for me:
In Windows Terminal:
adb tcpip 5555
adb connect 192.xxx.xxx.xxx:5555
*where the xxx is your phone's internal IP address
In WSL Terminal:
npx expo run:android
Now, my question is: Is there a security risk associated with using ADB over TCP/IP for building Android apps wirelessly? I’m new to this setup and want to ensure I’m not exposing my device to security vulnerabilities. Any guidance or best practices would be greatly appreciated!
Thanks!
I've been using Expo for my project and recently ran into something unexpected. Previously, I was able to build and run my project on Android without needing to connect my device before starting the build. However, when using native code modules , I need to have my device connected before initiating the build, which I find a bit strange.
I got it working wirelessly by using the following steps, and I understand the adb usb command exists, but I haven't had much success with it. Here's the wireless setup that worked for me:
In Windows Terminal:
adb tcpip 5555
adb connect 192.xxx.xxx.xxx:5555
*where the xxx is your phone's internal IP address
In WSL Terminal:
npx expo run:android
Now, my question is: Is there a security risk associated with using ADB over TCP/IP for building Android apps wirelessly? I’m new to this setup and want to ensure I’m not exposing my device to security vulnerabilities. Any guidance or best practices would be greatly appreciated!
Thanks!
Share Improve this question asked Jan 18 at 19:14 FeFeFeFe 151 silver badge4 bronze badges 1- adb uses plaintext connections, therefore the transmitted data is insecure, only the RSA key based authentication is secure and prevents misuse (until quantum computers become common). Thus you shouldn't use adb connections only with networks you trust and where you don't expect attackers to be present. – Robert Commented Jan 18 at 21:06
1 Answer
Reset to default 2The risk there would be that if your computer and device are connected to an unsecured or public network, enabling ADB over TCP/IP exposes your device to potential attacks because anyone on the same network could try to connect to your device and gain unauthorized access. So know that when ADB debugging is active, the connected device is more vulnerable to unauthorized data access, command execution, or even malware installation.
So, Always ensure that your device and computer are connected to a trusted and private Wi-Fi network. (Avoid running ADB over TCP/IP in environments like coworking spaces, public Wi-Fi, etc.). After debugging, you can go extra mile by disabling ADB over TCP/IP.