What is android:allowBackup?
For this lint warning, as for all other lint warnings, note that you can get a fuller explanation than just what is in the one line error message; you don't have to search the web for more info.
If you are using lint via Eclipse, either open the lint warnings view, where you can select the lint error and see a longer explanation, or invoke the quick fix (Ctrl-1) on the error line, and one of the suggestions is "Explain this issue", which will also pop up a fuller explanation. If you are not using Eclipse, you can generate an HTML report from lint (lint --html <filename>
) which includes full explanations next to the warnings, or you can ask lint to explain a particular issue. For example, the issue related to allowBackup
has the id AllowBackup
(shown at the end of the error message), so the fuller explanation is:
$ ./lint --show AllowBackup
AllowBackup
-----------
Summary: Ensure that allowBackup is explicitly set in the application's
manifest
Priority: 3 / 10
Severity: Warning
Category: Security
The allowBackup
attribute determines if an application's data can be backed up and restored, as documented here.
By default, this flag is set to
true
. When this flag is set totrue
, application data can be backed up and restored by the user usingadb backup
andadb restore
.This may have security consequences for an application.
adb backup
allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user.adb restore
allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.Setting
allowBackup="false"
opts an application out of both backup and restore.To fix this warning, decide whether your application should support backup and explicitly set
android:allowBackup=(true|false)
Click here for More information
How to specify to not allow any data backup with android:dataExtractionRules?
Add dataExtractionRules
attribute to your AndroidManifest.xml file with a reference to data_extraction_rules.xml file:
<application
android:allowBackup="false"
android:fullBackupContent="false"
android:dataExtractionRules="@xml/data_extraction_rules"
...>
Then, exclude all possible domains for cloud backups and d2d transfers, update or create a file app/src/main/res/xml/data_extraction_rules.xml:
<?xml version="1.0" encoding="utf-8"?>
<data-extraction-rules>
<cloud-backup>
<exclude domain="root" />
<exclude domain="file" />
<exclude domain="database" />
<exclude domain="sharedpref" />
<exclude domain="external" />
</cloud-backup>
<device-transfer>
<exclude domain="root" />
<exclude domain="file" />
<exclude domain="database" />
<exclude domain="sharedpref" />
<exclude domain="external" />
</device-transfer>
</data-extraction-rules>
The dataExtractionRules
attribute is available for API 31 (Android 12) and higher. Keep allowBackup
and fullBackupContent
attributes for Android versions before API 31.
Note to maybe silence "
Attribute dataExtractionRules is only used in API level 31 and higher (current min is 19)
" warning, withtools:targetApi="s"
attribute as well (because older platforms simply ignore manifest-attributes they don't support, and the warning is useless).
Is android:allowBackup a security risk for android applications
This might be opinion based.
The Data Backup feature does only upload additional application data. It does not upload your APK or source code.
From a security standpoint, uploading user data to an external services is always worse than just leaving it local. If you deal with very sensitive data, you shouldn't upload it.
Android AllowBackup Error
Please use replace in yout manifest
Declare header like this:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.yourpackage"
xmlns:tools="http://schemas.android.com/tools">
Than add to your application tag the following attribute:
<application
.
.
.
tools:replace="android:allowBackup" />
Related Topics
Android Studio: Cannot Recover Key
Example: Android Bi-Directional Network Socket Using Asynctask
Custom Seekbar (Thumb Size, Color and Background)
Android Permissions: Phone Calls: Read Phone State and Identity
How to Log Request and Response Body with Retrofit-Android
Sending Data from Nested Fragments to Parent Fragment
How to Write Style to Error Text of Edittext in Android
Redirecting Audio/Creating Alternate Sound Paths in Android
Moving and Vanishing Lines of Code; Trouble with Eclipse's Xml Editor
Decoding Bitmaps in Android with the Right Size
Android - Switch Tabs from Within an Activity Within a Tab
Android Videoview Black Screen
Http Connection Timeout on Android Not Working
Add Custom Font for Complete Android Application
Custom Dialog on Android: How to Center Its Title
Seek Bar, Change Path Color from Yellow to White
Detect Connectivity Change in Android 7 and Above When App Is Killed/In Background