Updated App Security (markdown)

dschuermann 2014-10-09 06:43:50 -07:00
parent 74ccdcd441
commit b47d5a11e9
1 changed files with 2 additions and 1 deletions

@ -6,6 +6,7 @@ This page deals with security choices related to the app in relation to the Andr
* ``AndroidManifest.xml`` has ``android:allowBackup="false"``.
From ``./lint --show AllowBackup``:
> This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.
* Due to ``android:allowBackup="false"``, apps such as [Helium](https://play.google.com/store/apps/details?id=com.koushikdutta.backup) will **not** work
* We explicitly do not implement a [Backup Agent](http://developer.android.com/guide/topics/data/backup.html), so no keys are transferred to Google's cloud.
* All keys (private and public) are stored inside the app's sqlite database. It resides in ``/data/data/org.sufficientlysecure.keychain/databases/openkeychain.db``