Can a stolen Android phone with USB debugging enabled have screen lock bypassed?

A sophisticated threat actor could potentially try to exploit the Android Debug Bridge's authorization protocol by switching your phone's storage media to another same model phone with already active ADB/ADBD authorizations (based on HWID like the network chip's MAC address) and maybe some additional tinkering.

From then on, provided he knew how to get there, even an encrypted device might be under threat of full decryption. Depending on multiple factors, like OS version, startup default mode (lockdown or not), ADBD startup policies...

The key factor here is the fact nothing is encrypted and USB Debugging is enabled.

Essentially anyone with slight IT knowledge should be able to access everything in there.

I'm fairly certain your phone will get wiped and sold.


  • No root.
  • No debug.
  • Latest updates.
  • Full device encryption.
  • Disable PIN/Fingerprint/Face unlock (Either completely disabled or lockdown-only disable)
  • Strong password.

*This should take care of the unfortunate event where your phone is not in your possession and not communicating through any channels (e.g. SIM removed, WiFi disabled).


  • Tasker Automations in case you need to remotely wipe your communicating phone.
    • e.g. perform rm -f /storage/emulated/0/ when "X" message is received by text, effectively launching wipes from SMS/GSM instead of Data/WiFi
    • e.g. Launch camera silently to snap the person's face/geolocation
  • Keep an eye on Google's Find My Phone.

Without full-disk encryption, your unencrypted data can be read without recovering the pincode. Enabled USB debugging, definitely, extends the attack surface, but it's not necessary for a determined and skilled thief.

But most likely, they will wipe everything and resell your phone to get the daily dose.

Without the encryption, your data can be trivially read out using a flash adapter such as this one:

USB flash adapter

Removing a flash chip is a 5 minutes job on a hot air rework station.

Of course, this assumes that the thief decides that the data on your phone is worth more than they could get by wiping and reselling it. If you have an old inexpensive phone or it has suffered a lot (cracks on the screen / case, broken buttons, etc.) it makes data theft more likely.