Enable Seedvault encrypted backups

[PandaCoderPL]

Code of conduct

• [x] I have read and agree to adhere to the Code of Conduct.

In my opinion it would be good idea to let users backup Session application using Seedvault. Here you can see example of how such backup option could be implemented in privacy-respecting way. More details about it here. Thank you in advance.

[hjubb]

I'm not sure if there's currently an ideal way to implement this. The flags to enforce client-side encryption keys in app backups (which would enable backing up to google's servers through this feature) are only available on devices with API level 28 and above and we currently support down to API level 23 which would leave those users unprotected by this solution, as well as enabling cloud backups even if they are encrypted. There might be a possibility to use the seedvault library to manually enable this but would require more effort and consideration. Thanks for the helpful documentation however I'll take a look over it and see how hard it would be to implement to see if I can get it in some time soon! Otherwise PRs would be welcome :)

[PandaCoderPL]

I'm not sure if there's currently an ideal way to implement this.

Is there anything wrong with the method that I sent before? I think it would just backup whole application which is what I would like to do.

The flags to enforce client-side encryption keys in app backups (which would enable backing up to google's servers through this feature) are only available on devices with API level 28 and above and we currently support down to API level 23 which would leave those users unprotected by this solution

So Session would support backup only on devices with Android 9+? I'm not sure Seedvault is on any older devices so I don't see any reason to support older Android versions if they wouldn't have Seedvault anyway.

as well as enabling cloud backups even if they are encrypted. There might be a possibility to use the seedvault library to manually enable this but would require more effort and consideration.

I think that if Seedvault is not good option then Session could have some built-in automatic backup with custom location, it would be better than nothing in this case. If Session would create backup in selected location and I would just backup this folder with Seedvault then I wouldn't have any issues with that to be honest.

Thanks for the helpful documentation however I'll take a look over it and see how hard it would be to implement to see if I can get it in some time soon!

Thanks, I appreciate your response.

Otherwise PRs would be welcome :)

Unfortunately I can't help in this case, hopefully someone else with more experience will do that.

[hjubb]

So Session would support backup only on devices with Android 9+? I'm not sure Seedvault is on any older devices so I don't see any reason to support older Android versions if they wouldn't have Seedvault anyway.

I believe what would happen is enabling the backups even if they are available via seedvault for users who have it configured properly would also enable google cloud backups of the entire app (and on devices lower than API 28 not enforce a client-side encryption) which will be undesirable for an even larger number of users than the number of users that this feature would help out. Will keep this issue around to work off in case I can get some time to work on it

[PandaCoderPL]

I believe what would happen is enabling the backups even if they are available via seedvault for users who have it configured properly would also enable google cloud backups of the entire app (and on devices lower than API 28 not enforce a client-side encryption) which will be undesirable for an even larger number of users than the number of users that this feature would help out.

I think it's enabling backups for entire application but allows only those encrypted ones somehow so on devices lower than API 28 backup would be disabled because the encryption of it wouldn't be supported? I'm not sure if I'm right, it's just my guess.

Will keep this issue around to work off in case I can get some time to work on it

Thank you. If Seedvault wouldn't be right option for Session then please consider implementing some built-in backup option to export everything from within Session.