Android has a built-in backup mechanism that can save and restore application data. When application backup is enabled, local data from your
application can be exported to Google Cloud or to an external device via adb backup. Enabling Android backup exposes your application to
disclosure of sensitive data. It can also lead to corruption of local data when restoration is performed from an untrusted source.
By default application backup is enabled and it includes:
- Shared preferences files
- Files saved in one of the paths returned by
Ask Yourself Whether
- Application backup is enabled and sensitive data is stored in local files, local databases, or shared preferences.
- Your application never validates data from files that are included in backups.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
- Disable application backup unless it is required for your application to work properly.
- Narrow the scope of backed-up files by using either
- backup rules (see
android:fullBackupContent attribute).
- a custom
BackupAgent.
- the dedicated
no_backup folder (see android.content.Context#getNoBackupFilesDir()).
- Do not back up local data containing sensitive information unless they are properly encrypted.
- Make sure that the keys used to encrypt backup data are not included in the backup.
- Validate data from backed-up files. They should be considered untrusted as they could have been restored from an untrusted source.
Sensitive Code Example
<application
android:allowBackup="true"> <!-- Sensitive -->
</application>
Compliant Solution
Disable application backup.
<application
android:allowBackup="false">
</application>
If targeting Android 6.0 or above (API level 23), define files to include/exclude from the application backup.
<application
android:allowBackup="true"
android:fullBackupContent="@xml/backup.xml">
</application>
See
