Since the release of version 4.2, android provides a command line tool -- settings. This tool is used to help debug or shell script to access system settings. In another word, this is a simple command client for SettingsProvider.
Once this tool is executed by adb, Android will face a great threat on system security. Because the uid for adb executor is shell, as we known, shell user owns many shell privileges. At least, shell can modify system/secure settings.
Of course, the root cause for the problem is the privileges of shell user. After all, even if no settings tool (or do not /system/framework/settings.jar file) provided, adb users still can push their own similar binary/script. But the settings tool simplifies it extremely.
These few examples are used to illustrate the possible damage from PC to an Android phone with adb debug tools turned on.
Note: These examples are come from stock Android. If your phones manufactory changes their secure policy, it might be invalidate.
Note: we should turn on adb debug function before we execute the following examples.
1) Silently modify the option whether "Allow installation of apps from unknown sources":
Firstly disable this option in settings. Menu: "settings->security->Unknown sources".
Then execute following command in shell:
$ adb shell settings put secure install_non_market_apps 1
Exit setting and re-enter, we will see the option is "Allowed". Thus, a malicious third-party app might be installed.
2) Silently modify the default SMS app.
From Android 4.4, the app used to send and receive SMS text messages can be specified by user. But a third-part SMS app cannot be specified without a users confirmation. By following commands, adb can specify a third-party messaging app without user confirmation.
Firstly check the default SMS app settings, Menu "Settings->More->default SMS application". By default, it should be "hangout."
Secondly, install a messaging app, for example: GoSMSpro.
Then execute the following command:
$ adb shell settings put secure sms_default_application com.jb.gosms
Exit settings, re-enter, we will found that "the default SMS application" has become a "GO SMS Pro".
![adb modify secure settings]( "adb modify secure settings")
Big thanks to luxi78.
Once this tool is executed by adb, Android will face a great threat on system security. Because the uid for adb executor is shell, as we known, shell user owns many shell privileges. At least, shell can modify system/secure settings.
Of course, the root cause for the problem is the privileges of shell user. After all, even if no settings tool (or do not /system/framework/settings.jar file) provided, adb users still can push their own similar binary/script. But the settings tool simplifies it extremely.
These few examples are used to illustrate the possible damage from PC to an Android phone with adb debug tools turned on.
Note: These examples are come from stock Android. If your phones manufactory changes their secure policy, it might be invalidate.
Note: we should turn on adb debug function before we execute the following examples.
1) Silently modify the option whether "Allow installation of apps from unknown sources":
Firstly disable this option in settings. Menu: "settings->security->Unknown sources".
Then execute following command in shell:
$ adb shell settings put secure install_non_market_apps 1
Exit setting and re-enter, we will see the option is "Allowed". Thus, a malicious third-party app might be installed.
2) Silently modify the default SMS app.
From Android 4.4, the app used to send and receive SMS text messages can be specified by user. But a third-part SMS app cannot be specified without a users confirmation. By following commands, adb can specify a third-party messaging app without user confirmation.
Firstly check the default SMS app settings, Menu "Settings->More->default SMS application". By default, it should be "hangout."
Secondly, install a messaging app, for example: GoSMSpro.
Then execute the following command:
$ adb shell settings put secure sms_default_application com.jb.gosms
Exit settings, re-enter, we will found that "the default SMS application" has become a "GO SMS Pro".
Big thanks to luxi78.