The allowBackup property in the AndroidManifest.xml file specifies if the data pertinent
to the apps can be backed up.2
Without setting the android:allowBackup flag to false, the
backup feature is enabled by default. In case an attacker is able to send adb commands
to user-phones, they could get access to all of the stored data from the protected data
folders, inclusive of the VPN configuration data.
Affected File: android/AndroidManifest.xml
As this feature does not require a rooted phone, disallowing backups completely should
be considered. Due to the fact that an absence of the flag will set it to true by default, it is
recommended to explicitly set the allowBackup flag to false within the application tag.
The allowBackup property in the AndroidManifest.xml file specifies if the data pertinent
to the apps can be backed up.2
Without setting the android:allowBackup flag to false, the
backup feature is enabled by default. In case an attacker is able to send adb commands
to user-phones, they could get access to all of the stored data from the protected data
folders, inclusive of the VPN configuration data.
Affected File:
android/AndroidManifest.xmlAs this feature does not require a rooted phone, disallowing backups completely should
be considered. Due to the fact that an absence of the flag will set it to true by default, it is
recommended to explicitly set the allowBackup flag to false within the application tag.
┆Issue is synchronized with this Jira Task
The text was updated successfully, but these errors were encountered: