New ADB Debug Whitelist Feature in Android 4.2.2

nexusae0 Screenshot 2013 02 12 11 47 41 thumb

While we are all still digging through all the changes in Android 4.2.2, we’ve found one new change that relates to security. In Android 4.2.2 there is a new featured called USB Debugging whitelist. It’s a pretty simple feature, but very necessary. Now basically when you connect your Android device (Nexus in this case) to your computer via USB, Android gets your PC’s RSA key, which is an unique identifier token. Now in Android 4.2.2, that brings up the screen shown above when USB debugging is enabled. So now you can allow debugging for that connection, or disallow. You can also tap the checkbox to always allow it.

This prompt allows you to add the device to the whitelist so that you won’t be asked again. Now if someone steals your phone or tablet, they won’t be able to use ADB and grab all your personal data and put it on a hard drive. Which is always a good thing. If a thief tried to use ADB for anything, with an unauthorized PC, they’d get an ‘offline’ message rather than ‘device’ that you normally get.

Of coursethis relies on a few prerequisites to actually work right. First, you’ll need to had some kind or barrier to enter the phone or tablet. If the thief gets the prompt, it doesn’t do much good without a password, gesture, or pin to unlock the device. Which is pretty easy, and something that all of us should be doing. In fact that should be part of setting up your device.

Next, you’ll also need to do some tinkering. If your device is rooted, has an unlocked bootloader, or is running custom firmware (like TWRP or CWM recovery), you’ve probably created a nice workaround for a potential thief for this USB debugging whitelist feature. Just about any thief that’s determined to get into your device or access your data will definitely be able to get around it. Basically, to put into terms for everyone to understand, if your bootloader is unlocked the USB debug whitelist feature is basically a waste. As it won’t work at all.

So that’s just one of the new features in Android 4.2.2. We’ll keep looking for more, as we know there are plenty more in this 45mb update.