Enables Encrypted Backups #8144
Conversation
|
Been testing the version compatibility with Android; Android 5 will ignore the requirement for client encryption (see testing for a different app: https://codeberg.org/Freeyourgadget/Gadgetbridge/pulls/4123#issuecomment-2347840) I've not checked the minimum sdk version for thunderbird/k9 yet; but the "simplest" solution is to ensure minimum of sdk 23/Android 6 and it'll behave as desired. |
|
Thanks for the pull request ❤️ One thing we can't include in backups is OAuth access/refresh tokens. That could lead to multiple devices trying to use the same token. That would most likely be flagged by providers and could lead to the account being locked. I currently don't have a suggestion on how to make backups work with that constraint in mind (other than using a custom |
|
Hmm, where are they stored? If they're all together etc we can probably exclude them in the |
|
@mintsoft Are there any other settings aside from OAuth access/refresh tokens that we should be excluding? I believe all current settings are stored together, so they would need to be separated. How would you be solving that, indeed a custom BackupAgent? |
|
AFAIK its only those tokens. How to separate depends on where they are, if they were in a dedicated file or under a sharedpref tree then you can exclude them in the |
|
We could move OAuth tokens to a separate file when implementing #8417. That will allow us to exclude OAuth tokens without having to write a custom |
Fixes #3857
As discussed it is only enabled in the situation where client side encryption is enabled so the credentials are protected (#3846 (comment))
I don't think it's necessary to implement BackupAgent as the manifest assertions should be sufficient?