We have already seen how the ADB tool can be used to interact with the device and execute certain commands on the device. However, on a normal Android phone, certain locations such as /data/data cannot be accessed. For example, the following shows the command-line output when trying to access /data/data on a normal device:

adb shell
shell@android:/ $ cd /data/data
cd /data/data
shell@android:/data/data $ ls
ls: .: Permission denied

This is because the private data of all of the applications is stored in this folder and so the security is enforced by the Android. Only the root user has access to this location. Hence, on a rooted device, you will be able to see all of the data under this location, as shown in the following command lines:

adb shell
shell@android:/ $ su
shell@android:/ # ls /data/data
android
 com.android.backupconfirm
 com.android.bips
 com.android.bluetooth
 com.android.bluetoothmidiservice
 com.android.calllogbackup
 com.android.camera2
 com.android.captiveportallogin
 com.android.carrierconfig
 com.android.carrierdefaultapp
 com.android.cellbroadcastreceiver
 com.android.certinstaller
 com.android.companiondevicemanager
 com.android.contacts
 com.android.cts.ctsshim
 com.android.cts.priv.ctsshim
 com.android.defcontainer
 com.android.development
 com.android.dialer
 com.android.documentsui
 com.android.dreams.basic
 com.android.dreams.phototable
 com.android.egg
 com.android.email
 com.android.emergency
 com.android.externalstorage
 com.android.facelock
 com.android.gallery3d
...

As shown in the previous code, all of the application's private data can now be seen easily by navigating to the respective folders. Hence, the ADB tool on a rooted device is very powerful and allows an examiner to access all of the data of applications installed on the device, provided the device is not pattern or PIN protected or registered to the machine with an RSA key.