Closed mid-kid closed 5 months ago
The line "01-24 23:43:45.807 698 747 E keystore2: system/security/keystore2/src/error.rs:180 - system/security/keystore2/src/operation.rs:850: KeystoreOperation::finish" suggests that the app uses keystore.
Keystore data can not be backed-up using NeoBackup due to security reasons.
The restored app is probably crashing because the non-keystore app data that was restored properly is also expecting data in the keystore (which was on the original phone but it is not there on the new phone after the restore), causing the app to crash due to this mis-match invalid state.
That's annoying, nothing I dislike more than software refusing to do its job for "security reasons". Now I've lost all my messages... Is there any app that would allow backing up keystore data? I'm reading that it can't be retrieved from the device (as it's hardware backed), but could there be something to decrypt relevant data?
It's not like NB can backup KeyStore at all. As it stands for now, there's no app able to backup/restore any keys of KeyStore, which means it's doing it's job well, although it's unfortunate for functionality of backup apps (be aware that we already mentioned this in the FAQ with e.g. Signal, which Session is based on, as an example).
I see, I hadn't seen the note in the FAQ. Thanks for pointing that out. I wonder, do you maybe know of any way to force a ROM to use a software keystore, so I can back that up in the future?
Anyway, thanks for answering my question! Sorry if I was a bit rude.
@mid-kid nah, no issue, we all may be frustrated at such situation.
There's noone I know of invested in such hack, for once this would require writting your own accessible provider that hijacks the remote calls, which means AOSP itself should be patched to provide such, plus, the privacy-oriented devs would invest their time in the contrary measures, keeping such data even more secure rather than hacking it.
I don't really think this does much for privacy, but yeah it's definitely a "security thing"... At least signal provides an alternative backup mechanism, which decrypts and re-encrypts all the data... Just wish that could be done for everything. I might look into it once I have the time. Surely there must be something for phones that don't have a hardware keystore?
https://developer.android.com/reference/android/security/keystore/KeyInfo#getSecurityLevel()
Yeah there's definitely a software-backed store already.
I'll stop bothering you now, thanks again.
Description Restoring a backup of this app on a new device does not work.
Steps To Reproduce
Expected behavior No crash
System Information(please complete the following information):
Logcat