What Is "Android:Allowbackup"

What is android:allowBackup?

For this lint warning, as for all other lint warnings, note that you can get a fuller explanation than just what is in the one line error message; you don't have to search the web for more info.

If you are using lint via Eclipse, either open the lint warnings view, where you can select the lint error and see a longer explanation, or invoke the quick fix (Ctrl-1) on the error line, and one of the suggestions is "Explain this issue", which will also pop up a fuller explanation. If you are not using Eclipse, you can generate an HTML report from lint (lint --html <filename>) which includes full explanations next to the warnings, or you can ask lint to explain a particular issue. For example, the issue related to allowBackup has the id AllowBackup (shown at the end of the error message), so the fuller explanation is:

$ ./lint --show AllowBackup
AllowBackup
-----------
Summary: Ensure that allowBackup is explicitly set in the application's
manifest

Priority: 3 / 10
Severity: Warning
Category: Security

The allowBackup attribute determines if an application's data can be backed up and restored, as documented here.

By default, this flag is set to true. When this flag is set to true, application data can be backed up and restored by the user using adb backup and adb restore.

This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.

Setting allowBackup="false" opts an application out of both backup and restore.

To fix this warning, decide whether your application should support backup and explicitly set android:allowBackup=(true|false)

Click here for More information

How to specify to not allow any data backup with android:dataExtractionRules?

Add dataExtractionRules attribute to your AndroidManifest.xml file with a reference to data_extraction_rules.xml file:

<application
    android:allowBackup="false"
    android:fullBackupContent="false"
    android:dataExtractionRules="@xml/data_extraction_rules"
    ...>

Then, exclude all possible domains for cloud backups and d2d transfers, update or create a file app/src/main/res/xml/data_extraction_rules.xml:

<?xml version="1.0" encoding="utf-8"?>
<data-extraction-rules>
    <cloud-backup>
        <exclude domain="root" />
        <exclude domain="file" />
        <exclude domain="database" />
        <exclude domain="sharedpref" />
        <exclude domain="external" />
    </cloud-backup>
    <device-transfer>
        <exclude domain="root" />
        <exclude domain="file" />
        <exclude domain="database" />
        <exclude domain="sharedpref" />
        <exclude domain="external" />
    </device-transfer>
</data-extraction-rules>

The dataExtractionRules attribute is available for API 31 (Android 12) and higher. Keep allowBackup and fullBackupContent attributes for Android versions before API 31.

Note to maybe silence "Attribute dataExtractionRules is only used in API level 31 and higher (current min is 19)" warning, with tools:targetApi="s" attribute as well (because older platforms simply ignore manifest-attributes they don't support, and the warning is useless).

Is android:allowBackup a security risk for android applications

This might be opinion based.

The Data Backup feature does only upload additional application data. It does not upload your APK or source code.

From a security standpoint, uploading user data to an external services is always worse than just leaving it local. If you deal with very sensitive data, you shouldn't upload it.

Android AllowBackup Error

Please use replace in yout manifest

Declare header like this:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.yourpackage"
    xmlns:tools="http://schemas.android.com/tools">

Than add to your application tag the following attribute:

<application
    .
    .
    .
    tools:replace="android:allowBackup" />

Related Topics

Android Studio: Cannot Recover Key

Example: Android Bi-Directional Network Socket Using Asynctask

Custom Seekbar (Thumb Size, Color and Background)

Android Permissions: Phone Calls: Read Phone State and Identity

How to Log Request and Response Body with Retrofit-Android

Sending Data from Nested Fragments to Parent Fragment

How to Write Style to Error Text of Edittext in Android

Redirecting Audio/Creating Alternate Sound Paths in Android

Moving and Vanishing Lines of Code; Trouble with Eclipse's Xml Editor

Decoding Bitmaps in Android with the Right Size

Android - Switch Tabs from Within an Activity Within a Tab

Android Videoview Black Screen

Http Connection Timeout on Android Not Working

Add Custom Font for Complete Android Application

Custom Dialog on Android: How to Center Its Title

Seek Bar, Change Path Color from Yellow to White

Detect Connectivity Change in Android 7 and Above When App Is Killed/In Background

Is Ondestroy Not Always Called


Leave a reply



Submit