allow backups

[lrvick]

I switch phones frequently for rom development and backups not being enabled is a real pain.

This one tiny change will make my life a lot easier, and presents no added security risk as you must approve on an unlocked device.

[cketti]

Without a backup agent configured the unencrypted account credentials make it into the backup. That's why we don't have this enabled.
I'm not opposed to supporting auto backup. But it needs to be done in a way that ensures account credentials are encrypted (or not part of the backup).

[lrvick]

On modern android the adb backup flow works like:

1. Turn on developer mode
2. Enable adb
3. Plug phone into computer
4. Approve adb connection to that particular computer on phone
5. run "adb backup"
6. Enter password to symmetrically encrypt backup when prompted
7. Symmetrically encrypted backup file is saved to computer

Lets compare this flow to the only cumbersome way I am forced to use to backup k-9 mail today without rooting:

1. Long press account in k-9 mail main window
2. export settings
3. long press account again
4. Account settings > Fetching Mail > Incoming Server
5. Set "Security" to none
6. Set "Server" to ip address of my laptop
7. Run wireshark on my laptop and log password.

The ADB backup flow is strictly better for security and easy of use.

[cketti]

If it was possible to only allow adb backup but not "auto backup" I'd be all for your change. But allowBackup also controls Android's app backup mechanism. See https://developer.android.com/guide/topics/data/autobackup

[gdt]

Thanks for pointing out the autobackup issue. I wonder if the account passwords can be stored in the location specified by getNoBackupFilesDir(), perhaps in a separate sqlite db. That might then back up everything but the passwords. But I realize this might not be compatible with earlier Android versions. And as I read the API docs, if minsdkversion is < 23, there will be no autobackup at all.

[cketti]

Implementing a BackupAgent that uses the settings import/export code is probably the cleanest way to implement the backup functionality.

[lrvick]

Are you talking about google play services backup? While I would not use that personally, they do at least offer encryption/2fa options as good or better than those required to gain access to the phone directly.

If someone is using a totally third party backup tool known to use insecure practices I think that is outside of an app authors responsibility similarly as the user choice to automatically leak the password via a bad password manger or choosing "Security None".

[Valodim]

Agreed about BackupAgent, and it shouldn't be too hard to do, either.

I don't think we can enable backups that automatically store users' passwords in the google cloud.

[cketti]

I created issue #3857 for the BackupAgent solution. Closing this pull request.

[ghost]

Android has now option to enable backups, only if they are encrypted.

Info:
https://github.com/seedvault-app/seedvault/wiki/FAQ

And mentioned example how it was enabled in the Tranportr app:
grote/Transportr@4dc38f4