Aforesaid, USB debugging is the bridge between the computer and your Android smartphone. Once it’s enabled, it lets you access your phone which in turn can receive commands and files from the PC. The reverse transmission is also true — the PC can pull out information from your Android.
These files and commands can be anything from one liner command to scripts used for performance analysis, rooting, installing recoveries, etc. And all of this is possible just through a single flick of a switch on your Android — the USB debugging switch.
The above scenarios were the positive ones so far, now comes the malicious ones. Theoretically, all sensitive data can be stolen if you were to stick your phone even to a charging station, leave alone a laptop or a computer. Hackers can run scripts which can steal your bank information or even your personal pictures — if at all they are stored on your phone.
In a nutshell, it’s similar to leaving the door of your home open — anybody can have access to it in the absence of a door or a guard.
Though Android asks for permission and the RSA key when you plug your phone to a new device, most of us tend to go for the OK button by default. So as to get work done as quickly as possible.
This same behavior can be extended to Android permissions as well, which is altogether a different story.
USB Debugging In Rooted Phones
Keeping the USB debugging mode ON can be even more dangerous for the rooted phones. In the unfortunate incident of a lost phone, thieves can easily wipe the entire phone off the data, re-flash it and install a new ROM.
In case your phone is rooted, do make sure that the Android Device Manager is enabled at the earliest. Not only does it helps to keep track of your Android, it also lets you erase and wipe it, just in case it’s stolen.
All you have to do is go to the Google Settings > Security and enable the following options,