Enabling backup when the ClientSideEncryption is enabled

[mintsoft]

We can safely permit WireGuard to be backed up if we enforce the clientSideEncryption requirement and maintain the users privacy on the keys.

[zx2c4]

Is this necessary? Can't these just be conditioned on having the right sdk value? clientSideEncryption, for example, is only available in API 28 and higher.

[mintsoft]

See below, this ensures that client encryption is enforced. Android 5 supports the backup keys, however it doesn't look at the clientSideEncryption setting, so it just ignores it and backs up anyway, which I think is undesirable behaviour.

[zx2c4]

Do we also want the deviceToDeviceTransfer requirement?

[mintsoft]

That would prevent anything seedvault-y (i.e. my nightly backups) from backing up the app; defeating the purpose imo.

[zx2c4]

I left some comments on here. How safe is this clientSideEncryption and deviceToDeviceTransfer business? Can these be abused? Is this something we want on by default?

[mintsoft]

I left some comments on here. How safe is this clientSideEncryption and deviceToDeviceTransfer business? Can these be abused? Is this something we want on by default?

The way this is configured, Android won't backup without clientSideEncryption being enabled, part of the reason for the bumping the SDK version is so you can force android to only provide protected backups (I've got some testing here from a different PR: https://codeberg.org/Freeyourgadget/Gadgetbridge/pulls/4123#issuecomment-2347840).

The deviceToDeviceTransfer only applies in the situation where the user has unlocked 2 android phones, directly connected them and run the device transfer wizard; I've had a look I've not seen situation where this can be abused.

[ignoramous]

Is this something we want on by default?

Au contraire, might want to disable Auto Backup entirely (android:allowBackup=false) as when a backup runs, Android kills (every night?) and restarts the app process in (what they call) restricted mode (no access to content providers or databases etc), or might want to mark the app as supporting backups in the foreground (android:backupInForeground=true) and/or extend the default BackupAgent for better control over the process.

[mintsoft]

might want to mark the app as supporting backups in the foreground and/or extend the default BackupAgent for better control over the process.

AFAIK neither of those are actually ideal behaviour. The backupInForeground permits the backup system to close the application for backing up, even if it is in the foreground and extending the backup agent allows the app to be very selective over which files are backed up, but I do not believe it permits the application to keep running throughout the process.