search

kontalk / androidclient

Kontalk official Android client
https://www.kontalk.org
GNU General Public License v3.0
571 stars 195 forks source link

Set Android 6 backup policy #565

Open TheLastProject opened 8 years ago

TheLastProject commented 8 years ago

Android 6 includes a new system to back up the app and all its data to Google Drive. Here's a screenshot from Ars Technica:

See anything scary? Yes, "potentially sensitive data such as [...] messages". While I do not use Google Play Services myself, chatting with contacts who would use it would mean all messages would get uploaded to Google, which pretty much erases the privacy part that Kontalk is all about.

It would be good to set a sane backup policy, most likely excluding the following specifically:

I am not sure how close this would be to disabling backups completely.

More information about setting a backup policy can be found on https://developer.android.com/training/backup/autosyncapi.html.

Edit: It seems Kontalk targets API level 22 (if I understood build.gradle correctly), which means it is currently excluded from backups, but this should still be set so that bumping the target API to 23 or higher later will not cause such a privacy breach.

daniele-athome commented 8 years ago

Thanks for the detailed report. Since this should happen only for apps that target SDK 23, this doesn't apply to us for the moment. Besides, targeting SDK 23 means also supporting the new permission model which requires implementation. I'll mark this as pending because I don't know exactly when we will support SDK 23.

relan commented 8 years ago

This article suggests the ways to handle this issue: http://commonsware.com/blog/2015/06/04/random-musings-m-developer-preview-bad-part-two.html

daniele-athome commented 8 years ago

I'm currently looking for a solution to this backup issue. Automatic backup is going to be hard to do because the personal key is stored in the Account Manager and therefore not automatically backed up. I'll see what I can do about this (e.g. saving the personal key to cloud storage as well), however I'm going to disable backup support for the moment (or I'll provide a preference default to false). I'll try to set this to 3.1.4, but no promises. I'll probably split the development in two parts: the first one will be backup completely disabled and unavailable; the second part will implement some sort of backup.