tranquvis / SimpleSmsRemote

Android app for remotely controlling a phone through sms messages
MIT License
134 stars 37 forks source link

Remotely backup and delete app data #35

Open ghost opened 5 years ago

ghost commented 5 years ago

Hello. Usually, in addition to the mobile phone itself, there are also apps that contain sensitive or personal information, and, in case of loss or theft of the mobile phone, they are also those that a person would like to recover and / or put in safety. I would therefore ask, if possible, to enable the reading, writing and deletion of the data of these apps (all open source and available on F-Droid):

to recover any Bitcoins:

to recover any personal information, passwords, important reminders, etc. (these apps I list do not need internet):

P.S: I have no programming experience nor am I very experienced in the subject .. if I have written stupid or unattainable things I apologize.

tranquvis commented 5 years ago

No need to apologize. Everybody is welcome here. 😄

I can imagine your scenario. The problem is, that accessing data of other apps is not really possible. Only external storage can be accessed. Most data is stored in the apps internal storage, which cannot be accessed. Especially sensitive data is stored in internal storage, exactly because it should not be accessed by other apps. So I think we are out of luck here. We could only access some things in the external storage like images.

ghost commented 5 years ago

I understood. However, if it is not a problem I would still like to keep this issue open, in case a miracle happens or something similar

sudomain commented 4 years ago

Some apps might be configured to utilize the shared / external storage instead of the private storage. For the apps that allow this, we can use a tool like Termux (also on F-Droid) to tar/gzip the data then transfer it with scp, rsync, or another tool (all of which are packages available in Termux). Termux even has some hooks which could execute a bash script that does all this. @tranquvis would it be possible for SimpleSmsRemote to do either of the following:

  1. share a file or URL to Termux so that it can execute a script
  2. reply to the sender with the exit status of that script
tranquvis commented 4 years ago

After some research, I noticed that interacting with Termux is not possible so far. (without a plugin) See:

So, we have the following options:

I would suggest to find an alternative.

sudomain commented 4 years ago

Not something I'm personally vested in since I no longer use simpleSMSRemote, but Termux has "extended its api" (not refering to the Termux:API app) with the v0.95 release. Details here

It doesn't change apps using their private storage instead of shared storage. For apps that can be configured to use a path in the shared storage though, I imagine someone could use SimpleSMSremote to trigger a Termux script that does a rsync/scp to another device and/or encrypt files with gpg. Such scripts could probably be abused and cause more damage to users' files so this app should probably utilize an authentication scheme (shared secret? 2FA?) in addition to what is currently done (iirc just whitelisting of phone numbers (which can be spoofed?)).