The real problem on public outlets is with data attacks, not power. If I can set my phone to ignore all the data at the first hardware level, and it is a simple enough level that no attack is viable (that second one being a large "if"), then there is no large problem anymore.
My old no-name Android phone (not USB C) has such an option, and searching around it seems to be a reasonably common feature, although not present on all devices. It looks similar to this (mine has the same typo, "USB fuctions"):
In charge-only mode it doesn't even enumerate as a USB device when plugged into a computer with an active USB controller, so I suspect no attacks (besides physical ones like overvolting as others here have mentioned) are possible in this mode --- the USB controller on the device is completely disabled.
>> If I can set my phone to ignore all the data at the first hardware level, and it is a simple enough level that no attack is viable (that second one being a large "if"), then there is no large problem anymore.
> My old no-name Android phone (not USB C) has such an option, and searching around it seems to be a reasonably common feature, although not present on all devices.
I use one of these. The nice thing about the newer versions is that you can verify the impossibility of a data connection through easy physical inspection.
The problem with that is you also block the pins needed to negotiate power delivery over USB C, so you're limited to 10 W (5 V * 2 A). Laptops that use USB C for charging use C and not micro-B precisely because they need more power than that.
Isn't that the wrong direction? My concern is not so much that my phone will show up to an attacker as a storage device, which can generally be restricted or be set to require pairing - my concern is that the attacker will show up to my phone (or laptop) as an accessory, in particular as a keyboard and mouse and perhaps an external display, at which point they can click through any permission or pairing prompts the OS might try to show.
If my Moto G5+ is locked then it seems that plugging in a keyboard behaves pretty much like plugging a keyboard into a desktop or laptop computer except that it doesn't respond to c-a-del.
I can unlock from the external keyboard by pressing the windows key and then typing my pin number but the multimedia keys and print screen on the keyboard work even with the screen locked.
I would rather that it didn't do any of that until I give permission on the mobile itself.
My old no-name Android phone (not USB C) has such an option, and searching around it seems to be a reasonably common feature, although not present on all devices. It looks similar to this (mine has the same typo, "USB fuctions"):
https://farm8.staticflickr.com/7485/16035739946_51d110ea40.j...
In charge-only mode it doesn't even enumerate as a USB device when plugged into a computer with an active USB controller, so I suspect no attacks (besides physical ones like overvolting as others here have mentioned) are possible in this mode --- the USB controller on the device is completely disabled.