
Privacy Risks on Public USB Chargers - ivanleoncz
https://spreadprivacy.com/privacy-risks-usb-charging/
======
2OEH8eoCRo0
I know that at least the Google Pixel devices only charge when plugged in. The
user has to manually turn on USB data every time they plug in. USB debugging
is also disabled by default.

~~~
ivanleoncz
You're right. My Android smartphone as well asks for my interactions in order
to allow data transfer, but who knows. I wouldn't take the risk. What I'd
recommend, is to have a "USB condom" (charge-only), in order to ensure
physically (besides logically, like you mentioned), that there will be no
chance of juicing my data.

~~~
frosted-flakes
Doesn't cutting the data lines prevent fast charging?

~~~
T3OU-736
USB-C and the fast charging (well, power delivery negotiations) make USB
condoms... tricky.

------
h4waii
LineageOS has a "Trust HAL" [0] for restricting USB gadgets while a device is
locked.

Android (AOSP) also has a "Default USB Configuration" setting deep in the
Developer Options [1] to set a device to MTP, PTP, RNDIS, charging etc...

A device would have to be really misconfigured by either the user or the OEM
to allow plugging in a USB cable to extract system from the userdata partition
_without_ user input or awareness; or someone is just burning 0days on the
general public.

0\. [https://review.lineageos.org/q/topic:%22trust-
usb%22+(status...](https://review.lineageos.org/q/topic:%22trust-
usb%22+\(status:open%20OR%20status:merged\))

1\. [https://developer.android.com/studio/debug/dev-
options](https://developer.android.com/studio/debug/dev-options)

~~~
ThePowerOfFuet
>A device would have to be really misconfigured by [...] the OEM

You're giving Android OEMs, on the whole, way too much credit.

