Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enables Encrypted Backups #8144

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

mintsoft
Copy link

Fixes #3857

As discussed it is only enabled in the situation where client side encryption is enabled so the credentials are protected (#3846 (comment))

I don't think it's necessary to implement BackupAgent as the manifest assertions should be sufficient?

@mintsoft
Copy link
Author

Been testing the version compatibility with Android; Android 5 will ignore the requirement for client encryption (see testing for a different app: https://codeberg.org/Freeyourgadget/Gadgetbridge/pulls/4123#issuecomment-2347840)

I've not checked the minimum sdk version for thunderbird/k9 yet; but the "simplest" solution is to ensure minimum of sdk 23/Android 6 and it'll behave as desired.

@cketti
Copy link
Member

cketti commented Oct 15, 2024

Thanks for the pull request ❤️

One thing we can't include in backups is OAuth access/refresh tokens. That could lead to multiple devices trying to use the same token. That would most likely be flagged by providers and could lead to the account being locked.

I currently don't have a suggestion on how to make backups work with that constraint in mind (other than using a custom BackupAgent). Do you have an idea?

@mintsoft
Copy link
Author

Hmm, where are they stored? If they're all together etc we can probably exclude them in the backup.xml et voila.

@kewisch
Copy link
Member

kewisch commented Nov 18, 2024

@mintsoft Are there any other settings aside from OAuth access/refresh tokens that we should be excluding? I believe all current settings are stored together, so they would need to be separated. How would you be solving that, indeed a custom BackupAgent?

@mintsoft
Copy link
Author

AFAIK its only those tokens. How to separate depends on where they are, if they were in a dedicated file or under a sharedpref tree then you can exclude them in the backup.xml if it's not easily separable then yes, a BackupAgent is the only real option.

@cketti
Copy link
Member

cketti commented Jan 7, 2025

We could move OAuth tokens to a separate file when implementing #8417. That will allow us to exclude OAuth tokens without having to write a custom BackupAgent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add support for Android's backup mechanism
3 participants