ADB over TCP, but also for Legacy Devices. Emulators in The Server

Featured image

Newly released Android Studio Bumblebee introduced device pairing over Wi-Fi. Sounds pretty cool, but it requires Android 11+ (API Level 30).

This functionality is available on legacy devices too.
Most user-friendly way to enable it is “ADB over network” setting in “Developer options”

Developer options -> ADB over network

Once it is enabled on the device, connect to it from your computer by using adb connect, where is the device IP. Device will show a dialog with the computer’s RSA key fingerprint. Accept it and pairing will be done.

Alternative options

Not all devices have the “ADB over network” setting in “Developer options”. There are multiple apps providing this “enablement” functionality, but they all require root access level.

Fortunately it can be enabled through the ADB itself.

Connect the device by USB and run adb tcpip 5555. Default port number is 5555. USB can be unplugged, adb connect will work now.

Security and Battery Implications

ADB is privileged access to the device. Accepting a fingerprint on the device means giving access rights to the fingerprint owner (in this case - computer). Obtaining or leaking (autogenerated) ADB keys from the computer implies obtaining or leaking access to the device. This also applies to ADB over USB, but regular USB requires physical access to device, to plug the cable in. ADB over network is more lax in this regard, attacker is only limited by TCP firewalls.

ADB also prevents the device from deep sleep. This applies to ADB over USB too, but USB also charges the battery. ADB over network will discharge the battery. Disconnect by running adb disconnect when done debugging.

Emulators in The Server

Emulators on different computers can also be reached. Arm images are not accelerated on x86 hypervisors, but are accelerated on M1 Macs. Useful to cover more ABIs under emulators before running tests on more expensive real devices.

Emulator opens two TCP ports, 5554 is for emulator management, 5555 is for ADB. Multiple emulators running at the same time will use subsequent ports - 5556 for management, 5557 for ADB, …, 5559 for ADB and so on.

Both ports are opened on, this means they are not accessible from outside the computer. No option to specify network interface on which to bind.

A “SOcket CAT” can help. socat tcp4-listen:5555,fork,reuseaddr,bind= tcp4:localhost:5555, where is the interface, on which the port should be exported. Use proper firewall to filter access.

Hint - adbfs - ADB File System

ADB allows file transfer - adb push and adb pull. This allows mounting the filesystem of the device on the computer.

There are multiple adbfs implementations/forks, most of them work over FUSE (Filesystem in USErspace), which means no root is needed on the computer. Only a hint. A decision on which implementation to use is left for the reader.