I've recently started researching the ability to SSH into an Android device. From what I've seen, this is a figured out challenge, which makes me wonder how much damage an attacker could do.
Let's say an attacker has managed to physically gain access to the target's cellphone. Let's say this attacker has installed an application secretly that allows him to SSH into the phone while it's connected on WiFi, and has returned the device to the victim covertly.
Now the victim believes he/she has a totally secure device, and uses it freely. The victim's favourite apps are Facebook, Facebook Messenger, Twitter, Gmail, Instagram.
Let's say the attacker's goal is compromise all the social media accounts, and email as well. If the attacker has gone this far, what else does he/she need to do in order to reach the stated objective?
Also, aside from stealing accounts to impersonate identity, what are some other less obvious, but equally dangerous things an attacker can do at this stage?
