No, there's a trust-on-first-use procedure where you have to accept the computer's key on your phone.
replyNot only is it TOFU but that comment is doubly wrong because you can't really back up much other than the bulk storage directory without adb root (which requires a custom build, which obviates the issue to begin with).
replyApple has the same thing, but for some reason added Developer Mode which you must enter on the iPhone first. It’s quite involved, with a restart and 3 confirmation dialogs. That had me wondering why they are suddenly so cautious around this.
reply>ADB enabled means an adversary can completely own your device and "back it up" by simply plugging it in.
replyeach adb host has to be individually white-listed by an unlocked device. also the current behavior is that it auto forgets any white listed host that hasn't connected within 7 days.
No it's not. Your computer creates a unique ID and you have to accept that on the unlocked phone the first time (or every time if you choose to).
replySo even when adb is on an attacker can't just plug into your phone and use it. Besides, I just switch it off when I don't use it