2023-05-25 14:18:12 +02:00
|
|
|
Android has a built-in backup mechanism that can save and restore application
|
|
|
|
|
data. When application backup is enabled, local data from your application can
|
|
|
|
|
be exported to Google Cloud or to an external device via ``++adb backup++``.
|
|
|
|
|
Enabling Android backup exposes your application to disclosure of sensitive
|
|
|
|
|
data. It can also lead to corruption of local data when restoration is performed
|
|
|
|
|
from an untrusted source.
|
2021-10-14 16:51:37 +02:00
|
|
|
|
2023-05-25 14:18:12 +02:00
|
|
|
By default application backup is enabled and it includes:
|
|
|
|
|
|
|
|
|
|
* Shared preferences files
|
|
|
|
|
* Files saved in one of the paths returned by
|
|
|
|
|
** https://developer.android.com/reference/android/content/Context#getDatabasePath(java.lang.String)[getDatabasePath(String)]
|
|
|
|
|
** https://developer.android.com/reference/android/content/Context#getFilesDir()[getFilesDir()]
|
|
|
|
|
** https://developer.android.com/reference/android/content/Context#getDir(java.lang.String,%20int)[getDir(String, int)]
|
|
|
|
|
** https://developer.android.com/reference/android/content/Context#getExternalFilesDir(java.lang.String)[getExternalFilesDir(String)]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Ask Yourself Whether
|
|
|
|
|
|
|
|
|
|
* Application backup is enabled and sensitive data is stored in local files, local databases, or shared preferences.
|
|
|
|
|
* Your application never validates data from files that are included in backups.
|
|
|
|
|
|
|
|
|
|
There is a risk if you answered yes to any of those questions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Recommended Secure Coding Practices
|
|
|
|
|
|
|
|
|
|
* Disable application backup unless it is required for your application to work properly.
|
|
|
|
|
* Narrow the scope of backed-up files by using either
|
|
|
|
|
** backup rules (see ``++android:fullBackupContent++`` attribute).
|
|
|
|
|
** a custom ``++BackupAgent++``.
|
|
|
|
|
** the dedicated `no_backup` folder (see ``++android.content.Context#getNoBackupFilesDir()++``).
|
|
|
|
|
* Do not back up local data containing sensitive information unless they are properly encrypted.
|
|
|
|
|
* Make sure that the keys used to encrypt backup data are not included in the backup.
|
|
|
|
|
* Validate data from backed-up files. They should be considered untrusted as they could have been restored from an untrusted source.
|
2021-10-14 16:51:37 +02:00
|
|
|
|
|
|
|
|
|
2023-05-03 11:06:20 +02:00
|
|
|
== Sensitive Code Example
|
2021-10-14 16:51:37 +02:00
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,xml]
|
2021-10-14 16:51:37 +02:00
|
|
|
----
|
|
|
|
|
<application
|
|
|
|
|
android:allowBackup="true"> <!-- Sensitive -->
|
|
|
|
|
</application>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
Disable application backup.
|
2023-01-09 15:29:41 +01:00
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,xml]
|
2021-10-14 16:51:37 +02:00
|
|
|
----
|
|
|
|
|
<application
|
|
|
|
|
android:allowBackup="false">
|
|
|
|
|
</application>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
If targeting Android 6.0 or above (API level 23), define files to include/exclude from the application backup.
|
2023-01-09 15:29:41 +01:00
|
|
|
|
|
|
|
|
[source,xml]
|
|
|
|
|
----
|
2021-10-14 16:51:37 +02:00
|
|
|
<application
|
|
|
|
|
android:allowBackup="true"
|
|
|
|
|
android:fullBackupContent="@xml/backup.xml">
|
|
|
|
|
</application>
|
2023-01-09 15:29:41 +01:00
|
|
|
----
|
2021-10-14 16:51:37 +02:00
|
|
|
|
2023-05-25 14:18:12 +02:00
|
|
|
== See
|
|
|
|
|
|
|
|
|
|
* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control
|
|
|
|
|
* https://developer.android.com/guide/topics/data/autobackup[Back up user data with Auto Backup]
|
|
|
|
|
* https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements
|
|
|
|
|
* https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper platform usage
|
|
|
|
|
* https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage
|
|
|
|
|
* https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
|
|
|
* https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html[OWASP Top 10 2017 Category A6] - Security Misconfiguration
|
|
|
|
|
* https://cwe.mitre.org/data/definitions/312[MITRE, CWE-922] - Insecure Storage of Sensitive Information
|
|
|
|
|
|
2021-10-14 16:51:37 +02:00
|
|
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
2023-05-25 14:18:12 +02:00
|
|
|
=== Message
|
|
|
|
|
|
|
|
|
|
Make sure backup of application data is safe here.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== Highlighting
|
|
|
|
|
|
|
|
|
|
The opening <application> tag
|
2021-10-14 16:51:37 +02:00
|
|
|
|
2023-01-09 15:29:41 +01:00
|
|
|
endif::env-github,rspecator-view[]
|
