From b47d5a11e9f53804617f43508301d421cd7cb22e Mon Sep 17 00:00:00 2001 From: dschuermann Date: Thu, 9 Oct 2014 06:43:50 -0700 Subject: [PATCH] Updated App Security (markdown) --- App-Security.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/App-Security.md b/App-Security.md index 59b0b48..98abafe 100644 --- a/App-Security.md +++ b/App-Security.md @@ -5,7 +5,8 @@ This page deals with security choices related to the app in relation to the Andr ### Backup * ``AndroidManifest.xml`` has ``android:allowBackup="false"``. From ``./lint --show AllowBackup``: -> This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself. +> This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself. + * Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work * We explicitly do not implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud. * All keys (private and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``