Shared publicly  - 
 
PSA - ADB Whitelist

As of the Android 4.2.2 update, when you connect your phone to a computer, you are presented with your computer's RSA key fingerprint to open the adb connection. You also have the ability to permanently trust the computer, so you don't have to repeat this step upon every re-connect. 

In order for this to work, you must be on the latest SDK which will grant you an updated 'adb' binary. 

We will not be introducing any functionality to sidestep this default security, so if you don't update, you will lose the ability to access the device using adb

#itsafeaturenotabug  
317
31
Eric Lee's profile photoMaaz Usman's profile photoMario esposti's profile photokeith brian tomo's profile photo
91 comments
 
Always update at the possible expense of breaking usability for some people. It's just the way to go. Keep it up guys :)
 
now I know my adb's, next time wont you flash with me
 
Thanks for not sidestepping this.  It is a great feature.  It does mean I need to update ADB on my PC though
 
Is there by default a sidestep anyway... ??
 
I am on 4.2.2 nightly build and pushing files using adb but it still didn't ask me for any permissions, maybe this security feature isn't merged yet ? 
 
I think that there are certain commands (pushing and pulling files among) that work, and it will work from recovery.

try an adb shell
 
+Fedor von Bock Well ADB actually works for me (I just tried push and pull yet since my phone is currently being restored as I type this comment) and I didn't have to give it any permissions on my phone. I will try adb shell soon as +Scott Miller just mentioned in his comment.
 
+Saurabh Gupta I am pretty sure (from XDA thread) that push and pull work.  These are excluded because you can do them with your PCs file manager

try ADB shell
 
+Scott Miller XDA is wrong. When this is enabled, the protocol is different, and the keys apply to the adb data stream as a whole.
Push and pull do not work, you can't talk to the phone at all unless the keys match. If that doesn't happen, the device will show up as offline.
 
+Ricardo Cerqueira is this true even if you have not updated ADB on your PC? I think that is where this comes from.  happy to be corrected as I have not tried myself
 
+Scott Miller Yes. An old adb will detect the device as offline as well (and lack the ability to negociate keys, so it'll stay offline)
 
+Ricardo Cerqueira then do you have any idea where the reports in the comments above are coming from?  I think there must be some set of variables that allows push and pull because there are two ppl in the comments here and more on XDA reporting this.  I would call it a bug though.  would like to get to the bottom of exactly why this is happening.
 
Cool thanks for the heads up 
 
adb from latest Fedora android-tools-20130123git98d0789-1.fc18.x86_64 package works with android 4.2.2 correctly.
Enjoy Android, enjoy Fedora.
 
Many of us non-devs on Windows systems just copy a few files to get a working ADB setup. If the new SDK setup is generating unique RSA keys for systems, does that mean this method won't work anymore? In other words, will we actually have to run the SDK installer?
 
+Marcus Blough no on Fedora you can simply run yum install android-tools and don't take care on SDK installer . I think windows is not so adb user friendly system as I heard you have to install some drivers on it to work with adb.
 
Stupid question here, but is there anyway to change stock SMS background colour on cm 4,2 black instead of white? (I don't like Go SMS or handcet) stock is real simple & clean :)
 
+CyanogenMod you rock! Got 4.2.2 built and up and running on my tf700t and this Heads Up probably saved me from doubting my build - updated android SDK as well and everything is fine fine fine!
 
So I have to wait for updated adb packages for this to work? I'm on Ubuntu 12.10 and have the native adb and fastboot installed. I have updated the sdk, but my device is still showing as offline. I'm running CM10.1(4.2.2) on a Nexus 4. Does anyone know where I can get the updated adb binaries through a ppa, or do I just have to wait? Thanks!
 
I assume that it makes no difference if using adb via wireless instead of USB? I don't use wired adb anymore since I prefer to keep my usb plugged into a faster 1amp a/c charger vs 0.5amp computer port.
 
+Ryan Houseman you will have to either disable your current adb package and replace it manually or wait. Another reason i manage my android stuff myself lol
 
+Ivan Afonichev you just need to have drivers that match the device ids. You can also force other drivers to install, even though they don't match the actual device id, and that will work too. Generally, if you know how Windows device drivers enumerate and install, you can make things work. The same can be said about Linux, although by its nature Linux forces the user to be more knowledgeable. It also so happens that Linux has a large community of DIYs, so work arounds are in some ways easier to find.
 
+Jason Farrell Howdy ;)  You'll have to plug in once, authorize, then wifi adb works fine.

I have a general question.  I authorized my Nexus 7 (stock rooted) on my desktop at home, then plugged in my 4.2.2 CM10.1 phone to authorize on it, and no authorization prompt, adb just-worked.  Is the authorization/trust purely on the PC side?  I'd assumed it was a shared thing, both phone and PC had components and they had to match.
 
Yeah, I just noticed, the secure ADB  wasn't yet merged, it's in the next nightly changelog for the i717
 
Thanks +Jeremie Long. I need to get more familiar with the way everything works. I'll look into doing it manually. 
 
I think Google implement this feature in a not-truly-useful way.

Computer signature identifies and verifies a computer in a whole, but some rouge software (in the PC side) just use its embedded adb.exe to steal the user information from your phone when you connect it to your PC.

This feature cannot block this behavior totally except you choose to confirm it on every connection, it only protects your phone from connecting to a public computer with roger software. Such a useless feature.
 
+Oasis Feng This feature is to prevent rouge apps while using another pc that isn't trusted. If you install shitty software on YOUR pc then that is on you. Completely useful.
 
I wonder.... is that HARD to update/install to the latest SDK? ... i mean... is it necessary SO MANY COMMENTS about it? o_o
 
+Jeremie Long Most average users were not aware of the rouge apps they've installed on PC.
 
tell me something, isn't it mandatory to enable usb debuging to acces to our phones via ADB? how many people do you think have that option enabled + shitware to steal stuff?
 
+Jeremie Long Image this: An app installer software tries to install app via USB. User confirmed and remembered their computer signature as expected. Since then, a rouge software can steal his contacts silently when the phone is connected. This is a very common scene in my friends.
 
+Oasis Feng again, this isn't most users. If you are sideloading apps, then you should be aware of the risks involved. Most users will get their apps from the play store and never enable adb.
 
+Oasis Feng Imagine this: no security whatsoever just as it is right now, the same app installer installing whatever u want since there's no need to even try to crack/hack the signature that is now requested...

lets just be real here, Google knows MUCH MORE than you about security, so, if it's there, it's for some reason.
 
in fact, u can't even SEE the debug option if u don't know how to enable it, how many users will know, or do it? ...
 
+Gerard Umbert +Jeremie Long Sorry you guys, you just do not understand how perilous the situation is in China.

Because we have no official support of Play store support here, tons of 3rd-party app stores floats here and there, most of which encourage users to use their PC clients, with detailed instruction on "how to enable USB debugging on your phone". At the same time, I see many Chinese PC software bundled with "adb.exe" to dig users' phone data, including "Taobao Wangwang", the second popular IM software in China.
 
china is the home of droid shitware... xD
 
The Google issue in China is neither my expectation, nor my point. But the scene is just a miniature of the potential extreme threats in our world. My point is that Google should have implemented this feature in a more protective manner. Sorry for my annoying comments. Let's just end this conversation.
 
Can I just update from 2/13 to today's nightly when it comes out? Dirty flash? On a mako btw
 
+Omar Morales Luna It sounds to me like this is Google trying to prevent those problems, by ensuring that unless the actual current ADB is in the program it cannot talk to the phone. IE all those rogue apps instantly fail to steal anything.
 
+Jeremie Long or anyone else willing to help I've successfully disabled the adb and fastboot packages, updated the Android SDK, have successfully enabled my computers RSA key fingerprint and am using adb again. Thanks for the tip. I appreciate it.
 
In Hercules, there is an error when upgrading from 10. You cannot sign in using your Google account, and many Google apps are broken and force close. +CyanogenMod 
 
+Jose Romero 10.1 has a different gapps package from 10.0. You'll have to update that at the same time to prevent issues.
 
Hey, guys, I used Nexus S(crespo) CM10.1 last nightlies,when I run the Wechat,I cant turn on usb storage ,I can only restart,Anyone encountered a similar problem?Sorry my English...
 
+Jose Romero , no, is not that, you will NEED to INSTALL the corresponent 10.1 gapps, since you were in CM10, u had the gapps for that CM10 now u're on CM10.1 so you need the new ones http://wiki.cyanogenmod.org/w/Gapps

here u can see wich ones are the correct ones for cm10.1
 
+Gerard Umbert Thanks, but I was talking about if I would have any troubles if I went from one 10.1 nightly to a newer 10.1 nightly.
 
+Jose Romero No, you won't have any trouble upgrading your 10.1 nightly to a newer 10.1 nightly. You don't even have to perform any wipes (cache, dalvik). I just let the built in CMUpdater handle it.
 
+Jose Romero as +Matthew Marshall said, u don't even need to wipe anything now, even if you're going from CM7 to CM10 u don't need to wipe. U will still need to clear clock's cache that gave some trouble and update the gapps, but that's all.

You can even configure the CM updater to notify you about the new nightlies and stuff (settings, about phone, CM updates) and from there download the latest nightly and install it (dont forget to long press the old ones to delete the .zip files if you want to keep ur SD space free)
 
Been running the 2/16 nightly for a solid day now. I dirty flashed several nightlies over the last month and it felt like my phone had become a tad buggy. Probably total placebo effect, but this new nightly is AMAZING! Great job CM Team! +1 and then some!!
 
+Jose Romero  you need to flash gapps via recovery (install from zip) and the cache of the clock can be wiped via app info / delete cache (uner the app list listed on settings/apps or similar)
 
I've not used the built in cm updater in a while. There were reported issues months ago that I'm certain are fixed. Tickle me old school, but i prefer manual flashes through recovery. I meant to say in my last comment that i did a clean install of 2/16. That being the placebo effect of the rom feeling faster and many prior bugginess, albeit minor issues i've not seen reported so i figured it was just me, are magically gone. +JoseRomero flash the gapps like the rom file, but you don't need to if you're flashing on top of another nightly. 
 
What is the deal with the clock's cache anyway? O.o
 
The clock fc's after you first 10.1 update until you clear the clock cache. After that smooth sailing!
 
For me, all Google apps force closed 
 
10.1 gapps and 10.1 nightly, it was before though, what I did was reinstall every google app from the Play Store and it worked
 
No need to do all that if you flashed the 121212 gapps. Less hassle mang!
 
Keep in mind that if you connect ADB exclusively through network, it won't show the popup screen. You will have to connect through USB first, to show the screen and then it should start working through network as well. 
 
Looks like CyanogenMod/android_sdk isn't updated yet.  Can this please be fixed, so a build from source will produce a working adb binary in out/host/${arch}/bin/?  Thanks.
 
+Scott Miller, depends on the ADB you had to begin with.  I had a not-current ADB when 4.2.2 was applied to my Nexus 7.  I had last updated ADB (I think near the end of December) in order to get "adb sideload" to work.  And that worked as soon as I OKed it on-screen. 
 
If I need to remove a computer key from the whitelist, where would I find it?
EDIT Found it, it seems they are in /data/misc/adb/adb_keys.
 
I have galaxy tab 2 7.0 p3100 india . Currant v 4.1 jelly bean. I trying to update 4.2.1 but sign error comes pl help me to update


 
So, I need to find where to get the new SDK from. Anybody? Also, is it backward compatible with 4.1.2? Cuz I use 4.1.2 way more, I think Google did some really stupid UI stuff in 4.2.2 (particularly with the notification panel/power widgets). Thanks for any info. 
 
+Scott Sparling, the same place from which you should have gotten your present SDK... http://developer.android.com/sdk/index.html .  However, if you run the program "android" from wherever you installed the SDK, it should show you updates are available for whatever components are out-of-date, and give you option buttons to click in order to download and update the new versions.
 
+Joe Philipps thanks a lot. I installed SDK so long ago I couldn't remember where I got it. I rarely ever use it and had to watch YouTube to figure how to set it up. I only ever use it to occasionally pull a logcat or fastboot flash a recovery. Still curious about the backward compatibility. Thanks so much for the link. I don't have web service on my PC, so selecting android wouldn't have done it for me, so again, thank you. 
 
+Scott Sparling, the problem is, it's not sufficient to download the tar.gz file and unzip/untar it (or whatever you do for your platform; mine happens to be Linux and I don't know for example how it goes on Windows).  You must nonetheless run "android" after doing that to go fetch/install the platform-tools (which IIRC includes fastboot and adb).  So it would behoove you to get that computer connected to the Internet so it may do so.  So in any case, if you do have the android program already, there should be no need to download the new one, I don't think; you can just run the android command and accept/install the updates.
 
I have searched and found nothing, so maybe someone here can help. How do I access adb on recovery? adb shows the device as offline... I have the computer whitelisted on the device.
 
+Moroni Granja, the recovery you use must support it.  The stock recovery does not.  TWRP recovery for example does.  I've used it personally (fastboot boot twrp.img) on my Nexus 7 to do an adb shell and be able to use shell commands to look around the device.  If interested, they're at teamw.in.

Some types of recovery (such as the stock Nexus 7) support it but only for applying update zips using "adb sideload"
 
+Moroni Granja any update with your issue, I have very similar one. My device stuck in booting animation and adb shows it as offline. Unable to perform any operation.  
 
Hello everyone...I just updated my device with cm10.1 nightly build and was trying to connect my phone to pc to restore my data backed up using mobilego. The mobilego asked for accepting the RSA signature of the pc on android although no such popup came on my device. i have updated my sdk and thus my adb. still no popup for authorization. Please help..:(
 
Just curious. Does this ADB RSA key security get handled by the kernel or something else? Some kernels I have flashed, side step the RSA key feature and some do not. Are there other settings to consider?
SY Chen
 
Hi, I am now doing porting of CM, but the device won't boot. I need the adb logcat, but I cannot add my PC to the whitelist. How can I do this?
 
help me guys im on  the update right now and i cant  do anything about it can someone send me a file so i can update it
 
hello there. im pretty new with this sort of awesomeness .  very  coolcool.
 question.... what is a...an adb.  a rsa sdk??
 
If you are allowed Vassallo Ali Rom for your Huawei Ascend D1
Add a comment...