Security? Marshmallow automatically backs up app data (by default)

[fat-tire]

There's an issue for connectbot and I created one for Redphone too, but this seems like a big deal and I didn't see an issue yet created here. Basically, to slightly repeat the gist from the other issue....

Starting w/the Marshmallow preview, a wonderful new feature called Auto Backup For Apps has been introduced:

Automatic backups are enabled for all apps installed on devices running the Android M Preview. The automatic backup feature preserves the data your app creates on a user device by uploading it to the user’s Google Drive account and encrypting it. Automatic backups occur every 24 hours, when the device is idle, charging, and connected to a Wi-Fi network. When these conditions are met, the Backup Manager service uploads all available backup data to the cloud.

So... without any user intervention, up to 25 MB of local app data gets automatically uploaded to the cloud, then encrypted there. This is an opt-out feature, and the responsibility falls on the developer to say "no". Instructions for opting out (set in the AndroidManifest.xml file) are offered in the link above.

For connectbot & vx, my concern is that private ssh keys held on the device will get sent to Google.

The solution is discussed further in those issues so I won't waste space repeating it here.

Cheers, ft