Enabling backup when the ClientSideEncryption is enabled #68
Conversation
zx2c4-bot
force-pushed
the
master
branch
3 times, most recently
from
91cdc96 to
57bd0ec
Compare
| <?xml version="1.0" encoding="utf-8"?> | ||
| <full-backup-content> | ||
| <include domain="sharedpref" path="." requireFlags="clientSideEncryption" /> | ||
| <include domain="database" path="." requireFlags="clientSideEncryption" /> |
There was a problem hiding this comment.
I'll check, it was part of my default set for <include />
| @@ -21,7 +21,7 @@ android { | |||
| namespace = pkg | |||
| defaultConfig { | |||
| applicationId = pkg | |||
| minSdk = 21 | |||
| minSdk = 23 | |||
There was a problem hiding this comment.
Is this necessary? Can't these just be conditioned on having the right sdk value? clientSideEncryption, for example, is only available in API 28 and higher.
There was a problem hiding this comment.
See below, this ensures that client encryption is enforced. Android 5 supports the backup keys, however it doesn't look at the clientSideEncryption setting, so it just ignores it and backs up anyway, which I think is undesirable behaviour.
| <full-backup-content> | ||
| <include domain="sharedpref" path="." requireFlags="clientSideEncryption" /> | ||
| <include domain="database" path="." requireFlags="clientSideEncryption" /> | ||
| <include domain="file" path="." requireFlags="clientSideEncryption" /> |
There was a problem hiding this comment.
Do we also want the deviceToDeviceTransfer requirement?
There was a problem hiding this comment.
That would prevent anything seedvault-y (i.e. my nightly backups) from backing up the app; defeating the purpose imo.
| @@ -37,7 +37,8 @@ | |||
|
|
|||
| <application | |||
| android:name=".Application" | |||
| android:allowBackup="false" | |||
| android:allowBackup="true" | |||
| android:fullBackupContent="@xml/backup" | |||
There was a problem hiding this comment.
This only works for API ≤30. For API ≥31, you need android:dataExtractionRules and a different file. See https://developer.android.com/identity/data/autobackup for details.
|
I left some comments on here. How safe is this clientSideEncryption and deviceToDeviceTransfer business? Can these be abused? Is this something we want on by default? |
enforced as Android 5 just ignores it Signed-off-by: Rob Emery <[email protected]>
Signed-off-by: Rob Emery <[email protected]>
The way this is configured, Android won't backup without clientSideEncryption being enabled, part of the reason for the bumping the SDK version is so you can force android to only provide protected backups (I've got some testing here from a different PR: https://codeberg.org/Freeyourgadget/Gadgetbridge/pulls/4123#issuecomment-2347840). The deviceToDeviceTransfer only applies in the situation where the user has unlocked 2 android phones, directly connected them and run the device transfer wizard; I've had a look I've not seen situation where this can be abused. |
We can safely permit WireGuard to be backed up if we enforce the clientSideEncryption requirement and maintain the users privacy on the keys.