Current AAPS functionality enables exporting AAPS settings to file which includes exporting sensitive information like pump connection specs. For this the user is required to enter the AAPS master password (which is not known to AAPS) for encryption.
The AAPS master password protects the (encrypted) settings file from unintended access. This PR is intended to enable automatic settings exports. Think of scheduled settings exports through automaton or after activating pumps like Omnipod EROS/DASH and Metrum.
This PR adds functionality to AAPS to initiate unattended exports from code (that is without need for the user to enter the master password):
Implement a Class interface to securely store secrets like the AAPS master password (locally) on the users phone protecting it from unintended retrieval.
Implement a Class interface for storing and retrieving encrypted password and state.
Integrate the above n AAPS for initiating unattended settings exports.
Implement a new automation for scheduling settings exports using the class interfaces above.
Requirements:
User has a choice to enable/disable unattended exports through the maintenance settings.
When disabled, no password is stored and unattended exports are unavailable.
When enabled:
Password will be securely stored encrypted on the local phone's Android DataStore (1) - so not in AAPS settings.
Encryption key needed for decrypting is generated and protected by the local phone's Android KeyStore (2).
To ensure user needs to "maintain" the master password it will expire after 4 weeks with a grace periode of 1 week (non-configurable)
Stored password will be removed on changing the master password or AAPS password reset.
Importing setting or other functionality that needs entering the master password/PIN/Biometrics are not affected.
Functional short description:
The master password should be entered as usual when manually exporting settings from the AAPS maintenance menu.
When the "unattended exports" option is enabled in maintenance preferences, the entered password is encrypted and securely stored on the user's phone (not in AAPS). Subsequent exports will no longer require the user to enter the master password until it expires or is reset.
When active, the new "Export settings" automation will alert in AAPS overview on exporting and (when relevant) not being enabled or password expiry. The user can (grace period) or is required (expired) to reenter the password executing a manual export.
Ad1) Android DataStore:This system provides a robust and flexible way of storing key-value pairs on the phones storage.
Ad2) Android Keystore:This system allows you to store cryptographic keys in a secure container, making them difficult to extract from the device.
Additional note:
This above is currently under development. PR will follow soon.
It's goal will be to get basic functionality for unattended exports stabalized and get the bugs out.
Suggestions on future functionality (requires additional PR(s)):
a) Logging at the bottom part of Maintenance tab log's similar to Automations.
b) Records in db - user actions (successful/ unsuccessful backup and destination of backup)
c) Dedicated automation for scheduled backups (daily/weekly/monthly/objective completed/new pump paired/....)
d) Export destinations: AAPS folder, Google, MS OneDrive, NS...
Enabling unattended settings export.
Current AAPS functionality enables exporting AAPS settings to file which includes exporting sensitive information like pump connection specs. For this the user is required to enter the AAPS master password (which is not known to AAPS) for encryption.
The AAPS master password protects the (encrypted) settings file from unintended access. This PR is intended to enable automatic settings exports. Think of scheduled settings exports through automaton or after activating pumps like Omnipod EROS/DASH and Metrum.
This PR adds functionality to AAPS to initiate unattended exports from code (that is without need for the user to enter the master password):
Requirements:
When enabled:
Functional short description: The master password should be entered as usual when manually exporting settings from the AAPS maintenance menu. When the "unattended exports" option is enabled in maintenance preferences, the entered password is encrypted and securely stored on the user's phone (not in AAPS). Subsequent exports will no longer require the user to enter the master password until it expires or is reset.
When active, the new "Export settings" automation will alert in AAPS overview on exporting and (when relevant) not being enabled or password expiry. The user can (grace period) or is required (expired) to reenter the password executing a manual export.
Ad1) Android DataStore: This system provides a robust and flexible way of storing key-value pairs on the phones storage.
Ad2) Android Keystore: This system allows you to store cryptographic keys in a secure container, making them difficult to extract from the device.
Additional note:
This above is currently under development. PR will follow soon. It's goal will be to get basic functionality for unattended exports stabalized and get the bugs out.
Suggestions on future functionality (requires additional PR(s)): a) Logging at the bottom part of Maintenance tab log's similar to Automations. b) Records in db - user actions (successful/ unsuccessful backup and destination of backup) c) Dedicated automation for scheduled backups (daily/weekly/monthly/objective completed/new pump paired/....) d) Export destinations: AAPS folder, Google, MS OneDrive, NS...