security: disable auto backup, rewrite backup rules as allowlist, harden data extraction rules for Android 12+
This commit is contained in:
parent
403a8c02e2
commit
95ea9ffed5
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
<application
|
||||
android:name=".CloserApp"
|
||||
android:allowBackup="true"
|
||||
android:allowBackup="false"
|
||||
android:dataExtractionRules="@xml/data_extraction_rules"
|
||||
android:fullBackupContent="@xml/backup_rules"
|
||||
android:icon="@mipmap/ic_launcher"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,22 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
BACKUP RULES - ALLOWLIST APPROACH
|
||||
|
||||
The relationship app uses allowlist (whitelist) backup rules for security.
|
||||
Only explicitly listed items may be backed up. Any new storage (databases,
|
||||
shared preferences, DataStore files, etc.) must be manually evaluated and
|
||||
added to this allowlist if backup is safe and desired.
|
||||
|
||||
By default, no app data is backed up. Sensitive items like databases,
|
||||
shared preferences, and DataStore files are excluded.
|
||||
|
||||
To add an item: add a <include> element with appropriate domain/path.
|
||||
To exclude an item: add an <exclude> element with appropriate domain/path.
|
||||
-->
|
||||
<full-backup-content>
|
||||
<exclude domain="sharedpref" path="local_answers" />
|
||||
<!-- No items included by default - sensitive data only -->
|
||||
<!-- Explicit exclusions for clarity (all default storage types) -->
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="file" path="." />
|
||||
</full-backup-content>
|
||||
|
|
|
|||
|
|
@ -1,11 +1,32 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
DATA EXTRACTION RULES - ALLOWLIST APPROACH
|
||||
|
||||
Android 12+ backup/extraction rules for cloud backup and device transfer.
|
||||
Uses allowlist (whitelist) approach for security - only explicitly listed
|
||||
items may be backed up. Any new storage must be manually evaluated and
|
||||
added to this allowlist if backup is safe and desired.
|
||||
|
||||
By default, no app data is backed up. Sensitive items like databases,
|
||||
shared preferences, and DataStore files are excluded.
|
||||
|
||||
To add an item: add a <include> element with appropriate domain/path.
|
||||
To exclude an item: add an <exclude> element with appropriate domain/path.
|
||||
-->
|
||||
<data-extraction-rules>
|
||||
<cloud-backup>
|
||||
<exclude domain="sharedpref" path="local_answers" />
|
||||
<!-- No items included by default - sensitive data only -->
|
||||
<!-- Explicit exclusions for all default storage types -->
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="file" path="." />
|
||||
</cloud-backup>
|
||||
|
||||
<device-transfer>
|
||||
<exclude domain="sharedpref" path="local_answers" />
|
||||
<!-- No items included by default - sensitive data only -->
|
||||
<!-- Explicit exclusions for all default storage types -->
|
||||
<exclude domain="database" path="." />
|
||||
<exclude domain="sharedpref" path="." />
|
||||
<exclude domain="file" path="." />
|
||||
</device-transfer>
|
||||
</data-extraction-rules>
|
||||
|
|
|
|||
Loading…
Reference in New Issue