That's certainly a consideration although sometimes the access granted by the debugger is greater. Someone using your phone could read your emails, where as someone with debug access can read your email password - which, if its your gmail password for example, give access to other services. There are only a few cases like this currently that I can think of - email , wifi, passcode (set but not enabled) - and could be worse depending on who you use for your email/wifi etc.
Also consider the 'evil maid' attack (short-term unauthorized access). You leave your device unattended for a short amount of time, someone plugs your phone in to a laptop and uses debugger to dump all your emails and sms messages to peruse later at their leisure. They steal your passwords and social network cookies. This could be done in less that a few minutes and since you didn't lose your device, you would be none-the-wiser. On Sep 15, 2013, at 8:52 AM, Jim Blandy wrote: > On 09/10/2013 10:58 AM, Paul Theriault wrote: >> My proposal makes its more difficult for someone with physical access to a >> phone without a passcode to steal sensitive app data. If we limit which apps >> you can debug as I described above, in order to get access to app data, you >> still need root access to the phone. If we allow access to debug all apps, >> this bar is lowered, so that you can access the app data by enabling >> debugging. > If the phone is stolen and no passcode is set, then I can access app data by > starting the apps, too. I have access to any web accounts those apps might be > tied to, and so on. Aren't the dev tools just a rather painful method of > doing what our UI people are trying to make as easy and as pleasant as > possible via other means? > > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
