🛡️ Sentinel: [HIGH] Fix sensitive data exposure in backups#113
Conversation
Update `backup_rules.xml` and `backup_rules_legacy.xml` to explicitly exclude `account_manager.xml` shared preference file from cloud backups and device transfers, preventing the exposure of active account sessions and internal identifiers. Co-authored-by: dlukt <201112286+dlukt@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Pull request overview
This PR tightens Android backup/device-transfer configuration to prevent account_manager.xml (used by AccountSessionManager) from being included in cloud backups or device transfers, reducing the risk of restoring sensitive session/account-tracking state onto other devices.
Changes:
- Exclude
sharedpref/account_manager.xmlfrom cloud backup and device transfer viadata-extraction-rules(backup_rules.xml). - Exclude
sharedpref/account_manager.xmlfrom legacy full-backup rules (backup_rules_legacy.xml).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
mastodon/src/main/res/xml/backup_rules.xml |
Adds account_manager.xml to both <cloud-backup> and <device-transfer> exclude lists. |
mastodon/src/main/res/xml/backup_rules_legacy.xml |
Adds account_manager.xml to legacy <full-backup-content> excludes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
🚨 Severity: HIGH
💡 Vulnerability: The
account_manager.xmlshared preference file (used byAccountSessionManager) was not explicitly excluded from Android cloud backups and device transfers.🎯 Impact: If a user's device is backed up to the cloud or transferred to a new device, sensitive internal account tracking details (like the
lastActiveAccountIDwhich ties the user to a specific instance and account profile) could be exposed or unintentionally restored, leading to confused application state or potential privacy risks.🔧 Fix: Added
<exclude domain="sharedpref" path="account_manager.xml"/>to<cloud-backup>and<device-transfer>sections inbackup_rules.xmland to<full-backup-content>inbackup_rules_legacy.xml.✅ Verification: Code review confirms the new rules mirror the existing security configurations for files like
push.xml. Unit tests execution was attempted but blocked by an environmental SDK issue, but XML manifest configuration changes are safe.PR created automatically by Jules for task 2927939147230840430 started by @dlukt