Application Data can be Backed up

astarub / campus_app

Campus App of Ruhr-University Bochum

https://app.asta-bochum.de

GNU Affero General Public License v3.0

13 stars 4 forks source link

Application Data can be Backed up #122

Closed MixColumns closed 10 months ago

MixColumns commented 10 months ago

Currently the [android:allowBackup] flag is missing, it should be set to false. Currently anyone can backup the application data via adb meaning a user who has USB debugging enabled can have their data copied off of the device. Regarding the fact that there is a planned option for authentication/university login maybe even with stored credentials and the semester ticket this flag should be changed to address this issue.

henry-herrmann commented 10 months ago

You are right, if the user's Android version is lower than 12. If it's 12 or higher, D2D transfers cannot be disabled, see: https://developer.android.com/about/versions/12/behavior-changes-12#backup-restore. I'll still set the allowBackup flag to false. Thanks for opening up the issue.

MixColumns commented 9 months ago

@henry-herrmann are you sure you set the flag? afak it is still not set. Maybe i am wrong though can you please recheck?

henry-herrmann commented 9 months ago

Yeah, it's updated in https://github.com/astarub/campus_app/blob/master/android/app/src/main/AndroidManifest.xml.