oandbackup icon indicating copy to clipboard operation
oandbackup copied to clipboard

Published 20 hours ago verified publisher icon jensstein

any app can read the backups

Open TjrGithub opened this issue 6 years ago • 4 comments

Currently, oandbackup backs up to globally-readable storage. Any app can read the backups and leak internal data of other apps.

In an ideal world, only oandbackup and a syncing app (e.g. syncopoli) can read the backups. Perhaps oandbackup itself could be in charge of syncing.

Desktop Ubuntu's Duplicity can make backups automatically, incrementally, encrypted, off-site. Perhaps it can serve as inspiration (it is GPL, not MIT license).

TjrGithub avatar Apr 04 '19 11:04 TjrGithub

I'll have to disagree. Ideally, backups are encrypted with GPG and therefore can't be leaked by any other app that does not have the key. If the backups were in the oandbackup data directory, they would disappear should oandbackup happen to be uninstalled.

fynngodau avatar Apr 13 '19 15:04 fynngodau

Oandbackup does have a menu entry encryption, but it's grayed out and no documentation how to get it going. Fixing that would also resolve this bug.

TjrGithub avatar Apr 13 '19 16:04 TjrGithub

Versions:

  • lineageos-with-microg 15.1 as of 2019-04-10 with addon_root on a Mido
  • xposed 90-beta3 and xprivacylua 1.24 FDroid, don't restrict oandbackup
  • oandbackup 0.3.5-universal Fdroid

TjrGithub avatar Apr 22 '19 12:04 TjrGithub

You need openkeychain you can get it on Android. It's pretty much the bog standard app.used for encryption stuff for foss apps.

pbanj avatar Aug 23 '19 07:08 pbanj