does leaving USB debugging enabled cause a security risk

[electricpete]

Some of the functions like dpad require usb debugging enabled.

When I turn it on, Android warns me that this can allow apps to be installed without my knowledge and system logs to be read.

Is this a security risk to leave this enabled permanently?

[Peter Radcliffe]

Yes, it is.

Android 4.2.2 has just introduced something to help with that:
http://www.androidpolice.com/2013/02/12/new-android-4-2-2-feature-usb-debug-whitelist-prevents-adb-savvy-thieves-from-stealing-your-data-in-some-situations/

P.

--
pir

[electricpete]

Thanks for the reply. Over and above the possibility that a tech-savvy thief can break into my phone, I'm concenred about the increased level of access it can give to programs on the phone.  We already ,know that enabling USB allows Tasker/DPAD to simulate human interaction with other programs... which gives pretty far-ranging access.  More examples are Gemini Apps Manager and Titanium backup.. they can freeze / block other programs from auto-starting, but only if USB debugging is enabled. When you check USB debugging in settings, Android issues a warning that it is intended for development purpose only.... it can be used to install applications on your device without notification and read log data.

I'm inclined to leave USB debuggin  off as a security measure.  It is perhaps a personal preference. If anyone has comments (reasons why we should not be concerned about leaving usb debugging on), I'd be interested to hear.