missing-root
So this means the toggles under "Devices-USB" dont actually restrict the connection
The standard Android USB mode controls the type of device the phone acts including MTP, MIDI, webcam, etc. Our toggle controls whether USB peripherals such as mice, keyboards, headsets, etc. can be used.
Thanks for the info, this changes a lot. So it doesnt really matter what mode is used, at least for security?
Both the standard USB mode and our toggle certainly matter. Our toggle substantially reduces USB attack surface by preventing using peripheral drivers but doesn't remove the low-level USB protocol attack surface at the OS or firmware level.
Android's own USB HAL disable toggle also doesn't remove the low-level USB protocol attack surface. That's what's being used for this feature elsewhere. However, the feature ejects devices when it's enabled so they don't actually enable it when the screen is locked but rather have code to detect USB peripherals being attached and then delay enabling it until they're not attached. This is a lot more sketchy than the approach of denying new USB peripherals or controlling the USB gadget mode via the standard toggle which defaults to MTP mode with MTP disabled and the other things like MIDI, ADB, etc. disabled.
We plan to rename our USB toggle to USB access control and extend it by adding modes for disabling lower-level attack surface too. This requires implementing our own approach, not using the USB HAL. We could consider changing the default.
There's also the issue of charging, which uses data lines and is extremely complex. Disabling starting charging while locked doesn't seem usable enough. We could add the option to go that far... but that doesn't seem like something most people would use.
3rd party charging cable without data lanes when connecting to Laptops or random usb ports in Busses
That would only provide slow charging. USB-PD uses a form of data and is a complex protocol, as is a lot of the USB-C functionality.