New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helium backup is not allowing backups of Signal - no backup possible #4577

Closed
kyanha opened this Issue Nov 17, 2015 · 67 comments

Comments

Projects
None yet
@kyanha

kyanha commented Nov 17, 2015

Helium Backup is not allowing backups of Signal. I assume this is because of the lack of a BackupAgent implementation.

The error message I get from Helium is:

Backup Disallowed
------------------------
Signal has disallowed backup
of application data. Please
leave a comment with the
developer of Signal and ask
them to allow application data
backup.

As far as I can tell, there currently exists no way to backup the Signal text and MMS database.
screenshot_2015-11-17-13-07-19 1

@johanw666

This comment has been minimized.

Show comment
Hide comment
@johanw666

johanw666 Nov 17, 2015

This restriction was added deliberately on Android 6 to prevent sensitive date getting uploaded in a cloudservice (default on Android 6). Use Titanium Backup (requires root) for full backups, but you might have to deregister and re-register after a restore because keys can be out of sync.

That being said, it's really about time the old and removed backup function is fixed and re-added.

johanw666 commented Nov 17, 2015

This restriction was added deliberately on Android 6 to prevent sensitive date getting uploaded in a cloudservice (default on Android 6). Use Titanium Backup (requires root) for full backups, but you might have to deregister and re-register after a restore because keys can be out of sync.

That being said, it's really about time the old and removed backup function is fixed and re-added.

@kyanha

This comment has been minimized.

Show comment
Hide comment
@kyanha

kyanha Nov 18, 2015

This is Android 4.4.4.

Also, rooting a device with unknown and unaccountable binaries just screams "leave a rootkit" to me. I use Signal because I want to improve my security, not undermine it.

kyanha commented Nov 18, 2015

This is Android 4.4.4.

Also, rooting a device with unknown and unaccountable binaries just screams "leave a rootkit" to me. I use Signal because I want to improve my security, not undermine it.

@fajabird

This comment has been minimized.

Show comment
Hide comment
@fajabird

fajabird Nov 28, 2015

Please correct me from wrong - but allowing adb-backups in the apk-manifest without a BackupAgent implementation did not make your data beeing uploaded to google in the past. Android 6 introduces a new feature called "auto backup for apps" which indeed does not need a backupagent anymore - but there are options to customize it via the android:fullBackupContent tag which points to an XML-file containing rules (includes and excludes). This way you could still allow adb Backups (which will not leak data to google on android < 6 because of missing backupagent) and which will not leak data to the new Auto-Backup system on android >=6 because of the proper rules. I admit, that I don't know if adb-backup will work correctly if the rules do not allow any data to be uploaded to google. BTW the new system uses you google-drive account for uploading the backups.

fajabird commented Nov 28, 2015

Please correct me from wrong - but allowing adb-backups in the apk-manifest without a BackupAgent implementation did not make your data beeing uploaded to google in the past. Android 6 introduces a new feature called "auto backup for apps" which indeed does not need a backupagent anymore - but there are options to customize it via the android:fullBackupContent tag which points to an XML-file containing rules (includes and excludes). This way you could still allow adb Backups (which will not leak data to google on android < 6 because of missing backupagent) and which will not leak data to the new Auto-Backup system on android >=6 because of the proper rules. I admit, that I don't know if adb-backup will work correctly if the rules do not allow any data to be uploaded to google. BTW the new system uses you google-drive account for uploading the backups.

@jedie

This comment has been minimized.

Show comment
Hide comment
@jedie

jedie Dec 7, 2015

I have try to backup/restore with oandbackup. But this doesn't work,too.

Is this ticket is the right place?!?

Generally, a full backup/restore function, would be great.

jedie commented Dec 7, 2015

I have try to backup/restore with oandbackup. But this doesn't work,too.

Is this ticket is the right place?!?

Generally, a full backup/restore function, would be great.

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee Dec 16, 2015

Can we get a prioritization call on this? I just tried to restore an adb backup only to find that it didn't include Signal data. So I've lost a couple months of conversations, along with my private key.

There's virtually no way to notice that this is a problem until it's too late. I see this as a data loss issue, so, can we fix it? From what @fajabird said, seems like a simple XML fix.

strugee commented Dec 16, 2015

Can we get a prioritization call on this? I just tried to restore an adb backup only to find that it didn't include Signal data. So I've lost a couple months of conversations, along with my private key.

There's virtually no way to notice that this is a problem until it's too late. I see this as a data loss issue, so, can we fix it? From what @fajabird said, seems like a simple XML fix.

@2-4601

This comment has been minimized.

Show comment
Hide comment
@2-4601

2-4601 Dec 17, 2015

Contributor

Sorry to hear you lost your conversations.
The backup will probably be restored as soon as someone with a Marshmallow device is willing to test that backups don't go to Google.
An example test:

  • revert 3bec127
  • install the build
  • leave something to back up, e.g. send some messages or check your identity key's fingerprint
  • uninstall
  • install again
  • I guess at this point you would either get a registration screen or see your old key and conversations in the case that everything was backed up to Google
Contributor

2-4601 commented Dec 17, 2015

Sorry to hear you lost your conversations.
The backup will probably be restored as soon as someone with a Marshmallow device is willing to test that backups don't go to Google.
An example test:

  • revert 3bec127
  • install the build
  • leave something to back up, e.g. send some messages or check your identity key's fingerprint
  • uninstall
  • install again
  • I guess at this point you would either get a registration screen or see your old key and conversations in the case that everything was backed up to Google
@fajabird

This comment has been minimized.

Show comment
Hide comment
@fajabird

fajabird Dec 17, 2015

@jedie oandbackup does work for me. If you try to restore on android >=6 you will need to run selinux restore command "restorecon -r ..." on the signal data directory afterwards. There is a unofficial build of oandbackup in the issue tracker which does run the restorecon command automatically here: jensstein/oandbackup#111

Still I would like to see adb back in the backup-game. Helium was for a long time the officially recommended way to backup and restore signal. BTW. Are there plans to finaly implement full export/import in Signal?

fajabird commented Dec 17, 2015

@jedie oandbackup does work for me. If you try to restore on android >=6 you will need to run selinux restore command "restorecon -r ..." on the signal data directory afterwards. There is a unofficial build of oandbackup in the issue tracker which does run the restorecon command automatically here: jensstein/oandbackup#111

Still I would like to see adb back in the backup-game. Helium was for a long time the officially recommended way to backup and restore signal. BTW. Are there plans to finaly implement full export/import in Signal?

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee Dec 18, 2015

@2-4601 thanks, I appreciate it. But mostly I just wanted to highlight the fact that this is a serious issue that can lead to data loss.

strugee commented Dec 18, 2015

@2-4601 thanks, I appreciate it. But mostly I just wanted to highlight the fact that this is a serious issue that can lead to data loss.

@SecUpwN

This comment has been minimized.

Show comment
Hide comment
@SecUpwN

SecUpwN Jan 3, 2016

@fajabird, I've been running into the exact situation you just described: I updated my ROM from Lollipop to Marshmallow using a dirty flash, obviously that did not work and I got boot loops. I then made a nandroid and did a fresh install of the new Android 6 system, trying to restore only the data partition of my nandroid. That does not work either. So I ended up installing a fresh Android 6 system and trying to restore my apps with oandbackup. Seems like it only restores the apps, but no data. And in the specific case of Signal (I am using the websockets version LibreSignal), it seems as if oandbackup cannot restore the data as well - at least I am prompted with a fresh registration screen. But what is this:

If you try to restore on android >=6 you will need to run selinux restore command "restorecon -r ..." on the signal data directory afterwards. There is a unofficial build of oandbackup in the issue tracker which does run the restorecon command automatically here: jensstein/oandbackup#111.

Which build do you mean? Also I need to restore LibreSignal from my nandroid backup, which oandbackup is currently not able to do - therefore I filed jensstein/oandbackup/issues/114. How to solve this?

SecUpwN commented Jan 3, 2016

@fajabird, I've been running into the exact situation you just described: I updated my ROM from Lollipop to Marshmallow using a dirty flash, obviously that did not work and I got boot loops. I then made a nandroid and did a fresh install of the new Android 6 system, trying to restore only the data partition of my nandroid. That does not work either. So I ended up installing a fresh Android 6 system and trying to restore my apps with oandbackup. Seems like it only restores the apps, but no data. And in the specific case of Signal (I am using the websockets version LibreSignal), it seems as if oandbackup cannot restore the data as well - at least I am prompted with a fresh registration screen. But what is this:

If you try to restore on android >=6 you will need to run selinux restore command "restorecon -r ..." on the signal data directory afterwards. There is a unofficial build of oandbackup in the issue tracker which does run the restorecon command automatically here: jensstein/oandbackup#111.

Which build do you mean? Also I need to restore LibreSignal from my nandroid backup, which oandbackup is currently not able to do - therefore I filed jensstein/oandbackup/issues/114. How to solve this?

@fajabird

This comment has been minimized.

Show comment
Hide comment
@fajabird

fajabird Jan 3, 2016

Just follow my link and find it near the bottom. Works flawlessly.

fajabird commented Jan 3, 2016

Just follow my link and find it near the bottom. Works flawlessly.

@SecUpwN

This comment has been minimized.

Show comment
Hide comment
@SecUpwN

SecUpwN Jan 3, 2016

Just follow my link and find it near the bottom. Works flawlessly.

Thanks for letting me know, @fajabird. How to restore from my nandroid with it?

SecUpwN commented Jan 3, 2016

Just follow my link and find it near the bottom. Works flawlessly.

Thanks for letting me know, @fajabird. How to restore from my nandroid with it?

@fajabird

This comment has been minimized.

Show comment
Hide comment
@fajabird

fajabird Jan 4, 2016

Does not work with nandroid - for this you could try the pro version of titanium-backup. oandbackup only restores backups created with oandbackup.

fajabird commented Jan 4, 2016

Does not work with nandroid - for this you could try the pro version of titanium-backup. oandbackup only restores backups created with oandbackup.

@SecUpwN

This comment has been minimized.

Show comment
Hide comment
@SecUpwN

SecUpwN Jan 5, 2016

Does not work with nandroid - for this you could try the pro version of titanium-backup.

I have tested that with the PRO version of TitaniumBackup, yet I only get back to the registration screen and when re-registering, the data is still gone. I'm currently trying to solve this with the oandbackup dev.

oandbackup only restores backups created with oandbackup.

Since I filed jensstein/oandbackup#114 chances are good that oandbackup may restore nandroids soon.

SecUpwN commented Jan 5, 2016

Does not work with nandroid - for this you could try the pro version of titanium-backup.

I have tested that with the PRO version of TitaniumBackup, yet I only get back to the registration screen and when re-registering, the data is still gone. I'm currently trying to solve this with the oandbackup dev.

oandbackup only restores backups created with oandbackup.

Since I filed jensstein/oandbackup#114 chances are good that oandbackup may restore nandroids soon.

@atanasi

This comment has been minimized.

Show comment
Hide comment
@atanasi

atanasi Jan 8, 2016

I read bits of the AOSP source, and I think full backup includes and excludes specified in a fullBackupContent file affect also adb backups, so that the specified parts are also included or excluded there.
However, if the application has a backup agent, automatic (Google) backups are not done, unless asked for by fullBackupOnly. So I think the solution to try is to include a dummy backup agent.

atanasi commented Jan 8, 2016

I read bits of the AOSP source, and I think full backup includes and excludes specified in a fullBackupContent file affect also adb backups, so that the specified parts are also included or excluded there.
However, if the application has a backup agent, automatic (Google) backups are not done, unless asked for by fullBackupOnly. So I think the solution to try is to include a dummy backup agent.

@eaon

This comment has been minimized.

Show comment
Hide comment
@eaon

eaon Jan 8, 2016

For those looking for a temporary solution, this is quite dirty and possibly dangerous, but I tried it and it worked for me. I uninstalled Signal 3.9.1 while leaving its data in place (adb uninstall -k org.thoughtcrime.securesms), and installed the last version that allows backups, which is afaik TextSecure 2.28.1 (adb install -r textsecure2.28.1.apk), then pulled a backup also via adb. First installed 2.28.1 on the fresh device, restored the backup, upgraded to the most recent Signal. To make sure push messages work fine I re-registered the number, which reuses the keys.

Looking forward to having adb backup -f … work again! I would hate to have to rejoin the several groups I am part of.

eaon commented Jan 8, 2016

For those looking for a temporary solution, this is quite dirty and possibly dangerous, but I tried it and it worked for me. I uninstalled Signal 3.9.1 while leaving its data in place (adb uninstall -k org.thoughtcrime.securesms), and installed the last version that allows backups, which is afaik TextSecure 2.28.1 (adb install -r textsecure2.28.1.apk), then pulled a backup also via adb. First installed 2.28.1 on the fresh device, restored the backup, upgraded to the most recent Signal. To make sure push messages work fine I re-registered the number, which reuses the keys.

Looking forward to having adb backup -f … work again! I would hate to have to rejoin the several groups I am part of.

@tsiliakis

This comment has been minimized.

Show comment
Hide comment
@tsiliakis

tsiliakis Feb 8, 2016

Is there any progress on this? Would be great if we could back up Signal as non-root users !

tsiliakis commented Feb 8, 2016

Is there any progress on this? Would be great if we could back up Signal as non-root users !

@SecUpwN

This comment has been minimized.

Show comment
Hide comment
@SecUpwN

SecUpwN Feb 8, 2016

Is there any progress on this? Would be great if we could back up Signal as non-root users !

@tsiliakis, have you guys tried oandbackup yet?

SecUpwN commented Feb 8, 2016

Is there any progress on this? Would be great if we could back up Signal as non-root users !

@tsiliakis, have you guys tried oandbackup yet?

@mhoran

This comment has been minimized.

Show comment
Hide comment
@mhoran

mhoran Feb 9, 2016

A number of users would like a backup solution that doesn't require root (myself, and @tsiliakis included.)

mhoran commented Feb 9, 2016

A number of users would like a backup solution that doesn't require root (myself, and @tsiliakis included.)

@moxie0

This comment has been minimized.

Show comment
Hide comment
Member

moxie0 commented Feb 9, 2016

@fajabird

This comment has been minimized.

Show comment
Hide comment
@fajabird

fajabird Mar 23, 2016

@2-4601: I'm willing to test. Can someone send me an old APK Version with backup enabled? My device is running CM13 nightlies and cloud-backup is disabled in the settings. As oandbackup works for me I can try different things very quickly.

fajabird commented Mar 23, 2016

@2-4601: I'm willing to test. Can someone send me an old APK Version with backup enabled? My device is running CM13 nightlies and cloud-backup is disabled in the settings. As oandbackup works for me I can try different things very quickly.

@2-4601

This comment has been minimized.

Show comment
Hide comment
@2-4601

2-4601 Mar 23, 2016

Contributor
Contributor

2-4601 commented Mar 23, 2016

@pryorda

This comment has been minimized.

Show comment
Hide comment
@pryorda

pryorda Mar 25, 2016

Im not understanding the relevance of disabling the ability to back up the apk and data, but you allow a plain text export?

pryorda commented Mar 25, 2016

Im not understanding the relevance of disabling the ability to back up the apk and data, but you allow a plain text export?

@johanw666

This comment has been minimized.

Show comment
Hide comment
@johanw666

johanw666 Mar 25, 2016

This is done so Android 6 and above does not backup the messages to Android Drive if you have a Google Play account active. This could lead to messages getting obtained by the NSA/FBI/...

johanw666 commented Mar 25, 2016

This is done so Android 6 and above does not backup the messages to Android Drive if you have a Google Play account active. This could lead to messages getting obtained by the NSA/FBI/...

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 5, 2016

Is there a reliable place I can download the latest version that still allowed backups? I can not find it in the play store (only has the latest version) and I don't know any of the sites that show up when I search for it. I want to try the remove-and-install-older-version trick.

ghost commented May 5, 2016

Is there a reliable place I can download the latest version that still allowed backups? I can not find it in the play store (only has the latest version) and I don't know any of the sites that show up when I search for it. I want to try the remove-and-install-older-version trick.

@johanw666

This comment has been minimized.

Show comment
Hide comment
@johanw666

johanw666 May 5, 2016

Removing the old version deletes the stored messages too. And to downgrade an app you need root, in which case there are better options for a backup.

Even then it's probably not going to work, the database format has changed and the old version will probably crash.

However, the backup code is very general: copy just everything from /data/data/org.thoughtcrime.securesms so if you get it installed and it doesn't crash it might work. Fortunately the last version that had encrypted backup (2.0.8) didn't expire or required registration. I put the apk at https://johanw.home.xs4all.nl/TextSecure-2.0.8.apk, please let us know if it works.

johanw666 commented May 5, 2016

Removing the old version deletes the stored messages too. And to downgrade an app you need root, in which case there are better options for a backup.

Even then it's probably not going to work, the database format has changed and the old version will probably crash.

However, the backup code is very general: copy just everything from /data/data/org.thoughtcrime.securesms so if you get it installed and it doesn't crash it might work. Fortunately the last version that had encrypted backup (2.0.8) didn't expire or required registration. I put the apk at https://johanw.home.xs4all.nl/TextSecure-2.0.8.apk, please let us know if it works.

@perguth

This comment has been minimized.

Show comment
Hide comment
@perguth

perguth Aug 26, 2016

I experienced a problem applying the backup solution summarized by @eosrei:

I did two backups in a row. device A -> device B -> device C. On Device C I could no longer send messages (always just the bouncing dotts) and I could not link to desktop signal (the camera for scanning didn't activate at all).

To solve this I had to go back to the original backup from device A and use that.

perguth commented Aug 26, 2016

I experienced a problem applying the backup solution summarized by @eosrei:

I did two backups in a row. device A -> device B -> device C. On Device C I could no longer send messages (always just the bouncing dotts) and I could not link to desktop signal (the camera for scanning didn't activate at all).

To solve this I had to go back to the original backup from device A and use that.

@tvidas

This comment has been minimized.

Show comment
Hide comment
@tvidas

tvidas Nov 15, 2016

When performing the workaround listed by @eosrei, you need to ensure that Signal is not currently running when trying to install the downgraded version on the old device (step 4). This error condition might be indicated by [INSTALL_FAILED_VERSION_DOWNGRADE] in logcat.

tvidas commented Nov 15, 2016

When performing the workaround listed by @eosrei, you need to ensure that Signal is not currently running when trying to install the downgraded version on the old device (step 4). This error condition might be indicated by [INSTALL_FAILED_VERSION_DOWNGRADE] in logcat.

@perguth

This comment has been minimized.

Show comment
Hide comment
@perguth

perguth Feb 20, 2017

The workaround does no longer work for me - all messages are missing on the new device. Using Android 7.1.1, Signal 3.29.6, ADB 1.0.36.

Signal keeps my messages safe. So safe I have to let them go when switching devices. Yay.

perguth commented Feb 20, 2017

The workaround does no longer work for me - all messages are missing on the new device. Using Android 7.1.1, Signal 3.29.6, ADB 1.0.36.

Signal keeps my messages safe. So safe I have to let them go when switching devices. Yay.

@spaletta

This comment has been minimized.

Show comment
Hide comment
@spaletta

spaletta Feb 20, 2017

@pguth – to be fair, you can take the messages by making a plaintext backup and restoring from it. You just can’t keep your key/identity.

spaletta commented Feb 20, 2017

@pguth – to be fair, you can take the messages by making a plaintext backup and restoring from it. You just can’t keep your key/identity.

@perguth

This comment has been minimized.

Show comment
Hide comment
@perguth

perguth Feb 20, 2017

@KillerDiller We use Signal to capture moments of our life in pictures and audio snippets don't we?

perguth commented Feb 20, 2017

@KillerDiller We use Signal to capture moments of our life in pictures and audio snippets don't we?

@sicofante

This comment has been minimized.

Show comment
Hide comment
@sicofante

sicofante Feb 20, 2017

Maybe it's OK for a secure messaging app not to allow backups, but I think it should be stated with big bold letters for new users to see.

Maybe Signal is great for spies or people being oppressed by their governments. For ordinary people willing to preserve moments of our lives -like Per Guth just pointed out-, it's near useless.

Wake me up when the devs understand the needs of ordinary people and provide a solid, secure backup system allowing us to upgrade phones without destroying our memories.

sicofante commented Feb 20, 2017

Maybe it's OK for a secure messaging app not to allow backups, but I think it should be stated with big bold letters for new users to see.

Maybe Signal is great for spies or people being oppressed by their governments. For ordinary people willing to preserve moments of our lives -like Per Guth just pointed out-, it's near useless.

Wake me up when the devs understand the needs of ordinary people and provide a solid, secure backup system allowing us to upgrade phones without destroying our memories.

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee Feb 20, 2017

@sicofante the Signal developers don't have unlimited time or money. Remember that WhisperSystems is a non-profit.

If you want to help solve this, see #4577 (comment).

strugee commented Feb 20, 2017

@sicofante the Signal developers don't have unlimited time or money. Remember that WhisperSystems is a non-profit.

If you want to help solve this, see #4577 (comment).

@johanw666

This comment has been minimized.

Show comment
Hide comment
@johanw666

johanw666 Feb 20, 2017

Finally a good excuse to root and use Titanium backup. Or build your own version with encrypted backup put back in.

johanw666 commented Feb 20, 2017

Finally a good excuse to root and use Titanium backup. Or build your own version with encrypted backup put back in.

@sicofante

This comment has been minimized.

Show comment
Hide comment
@sicofante

sicofante Feb 20, 2017

Nobody has unlimited time and money, but nope, that's not the point.

They provide an application and us, the users, provide feedback. If backups aren't deemed essential, some users like myself just move on and tons of others don't even bother.

I perfectly know the open source excuse ("just code it yourself", "patches are welcome", etc., etc., etc.). I'm no developer. I'm a user.

The devs must decide if this is a hobby project or a professional project. If it's the latter they should listen to basic reasoning fom the users (who on Earth creates an application that can't backup it's own data??). If it's the former, everything is just great as it is and I wish them unlimited enjoyment from their hobby.

sicofante commented Feb 20, 2017

Nobody has unlimited time and money, but nope, that's not the point.

They provide an application and us, the users, provide feedback. If backups aren't deemed essential, some users like myself just move on and tons of others don't even bother.

I perfectly know the open source excuse ("just code it yourself", "patches are welcome", etc., etc., etc.). I'm no developer. I'm a user.

The devs must decide if this is a hobby project or a professional project. If it's the latter they should listen to basic reasoning fom the users (who on Earth creates an application that can't backup it's own data??). If it's the former, everything is just great as it is and I wish them unlimited enjoyment from their hobby.

@moxie0

This comment has been minimized.

Show comment
Hide comment
@moxie0

moxie0 Feb 20, 2017

Member

@sicofante I agree that backups are important, just like many other open issues. I'm working as hard as I can every day, and will get to it eventually. In the mean time if people want to help, I've done my best to outline how. Hope you understand.

Member

moxie0 commented Feb 20, 2017

@sicofante I agree that backups are important, just like many other open issues. I'm working as hard as I can every day, and will get to it eventually. In the mean time if people want to help, I've done my best to outline how. Hope you understand.

@Lucent

This comment has been minimized.

Show comment
Hide comment
@Lucent

Lucent Apr 20, 2017

The workaround still works. Just migrated a database from an S7 Edge on Android 7 to an S8+ on Android 7. Reboots were required after each uninstall due to INSTALL_FAILED_VERSION_DOWNGRADE error from adb.

Six more months until I have to migrate again to the Note 8. I'd like to seed the bounty for implementing a full database backup with $100. Someone who's more experienced is welcome to set up the collection and distribution of the bounty.

Lucent commented Apr 20, 2017

The workaround still works. Just migrated a database from an S7 Edge on Android 7 to an S8+ on Android 7. Reboots were required after each uninstall due to INSTALL_FAILED_VERSION_DOWNGRADE error from adb.

Six more months until I have to migrate again to the Note 8. I'd like to seed the bounty for implementing a full database backup with $100. Someone who's more experienced is welcome to set up the collection and distribution of the bounty.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 3, 2017

An upgrade today didn't work for me anymore. It shows all the conversations, but all messages show 'Error decrypting message'.

ghost commented May 3, 2017

An upgrade today didn't work for me anymore. It shows all the conversations, but all messages show 'Error decrypting message'.

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee May 3, 2017

@martijnotto this is not the appropriate place for a report like that. Search for duplicates and if you don't find any, file a new issue with WAY more detail than you just gave. Make sure to completely fill out the issue template.

strugee commented May 3, 2017

@martijnotto this is not the appropriate place for a report like that. Search for duplicates and if you don't find any, file a new issue with WAY more detail than you just gave. Make sure to completely fill out the issue template.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 4, 2017

@strugee this is actually the place, as this topic is about upgrading without losing the messages. Apparantly the 'usual' way of downgrading, backing up and then installing the old version on the new/upgraded phone and restoring doesn't work. At least it didn't in my case going from 5.1.1 to 7.1.1.

This is relevant information for people in this discussion because people might choose to

  • not upgrade their phone/get a new one to avoid losing Signal data
  • not waste time mucking about with adb because it doesn't work anyway

ghost commented May 4, 2017

@strugee this is actually the place, as this topic is about upgrading without losing the messages. Apparantly the 'usual' way of downgrading, backing up and then installing the old version on the new/upgraded phone and restoring doesn't work. At least it didn't in my case going from 5.1.1 to 7.1.1.

This is relevant information for people in this discussion because people might choose to

  • not upgrade their phone/get a new one to avoid losing Signal data
  • not waste time mucking about with adb because it doesn't work anyway
@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee May 4, 2017

@martijnotto uh... you meant a phone upgrade?

You didn't specify that. So we were left to assume you meant upgrade Signal.

strugee commented May 4, 2017

@martijnotto uh... you meant a phone upgrade?

You didn't specify that. So we were left to assume you meant upgrade Signal.

@kyanha

This comment has been minimized.

Show comment
Hide comment
@kyanha

kyanha May 4, 2017

@strugee Your users are not as clueless as you assume they are. This is an issue which has frustrated many, for close to a year and a half. Please consider increasing this issue's priority.

Or, perhaps, create a protocol by which conversations may be securely transferred into another app on the device without having to be copied plaintext through the clipboard. Perhaps some form of permissioned intent to perform an ECDH/curve25519 key and digest negotiation, then a set of intents to actually transfer plaintext conversations under that encrypted cover. I'd create that protocol, but it seems reasonable to assume that you will never trust any protocol for secure message transfer that you don't create yourselves.

Yes, it means that the user must trust the security of the software they use to invoke that function, but your users are capable of more than you think they are, are capable of determining their own threat models, and if you don't provide the function you ultimately end up driving your users to root their phones (which by definition makes them less secure and more open to malware stealing their messages anyway).

(Or, if you've started using/trusting things that other people have built, you might consider the use of SQLCipher, which is used in https://play.google.com/store/apps/details?id=com.twistedplane.sealnote with source at https://github.com/vishesh/sealnote/ to store its notes and export copies of its note database.)

kyanha commented May 4, 2017

@strugee Your users are not as clueless as you assume they are. This is an issue which has frustrated many, for close to a year and a half. Please consider increasing this issue's priority.

Or, perhaps, create a protocol by which conversations may be securely transferred into another app on the device without having to be copied plaintext through the clipboard. Perhaps some form of permissioned intent to perform an ECDH/curve25519 key and digest negotiation, then a set of intents to actually transfer plaintext conversations under that encrypted cover. I'd create that protocol, but it seems reasonable to assume that you will never trust any protocol for secure message transfer that you don't create yourselves.

Yes, it means that the user must trust the security of the software they use to invoke that function, but your users are capable of more than you think they are, are capable of determining their own threat models, and if you don't provide the function you ultimately end up driving your users to root their phones (which by definition makes them less secure and more open to malware stealing their messages anyway).

(Or, if you've started using/trusting things that other people have built, you might consider the use of SQLCipher, which is used in https://play.google.com/store/apps/details?id=com.twistedplane.sealnote with source at https://github.com/vishesh/sealnote/ to store its notes and export copies of its note database.)

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee May 12, 2017

@kyanha I'm not associated with WhisperSystems and I can't reprioritize this issue.

People have stated above what needs to happen for this to be resolved. If it's important enough to you, you can follow those steps.

That being said you should maybe read https://github.com/WhisperSystems/Signal-Android/blob/master/CONTRIBUTING.md#development-ideology again. In my experience running privacy events, etc. users are indeed "clueless" (though I wouldn't use that term). If Signal wants mass adoption it has to be really easy. That's what good UX is.

strugee commented May 12, 2017

@kyanha I'm not associated with WhisperSystems and I can't reprioritize this issue.

People have stated above what needs to happen for this to be resolved. If it's important enough to you, you can follow those steps.

That being said you should maybe read https://github.com/WhisperSystems/Signal-Android/blob/master/CONTRIBUTING.md#development-ideology again. In my experience running privacy events, etc. users are indeed "clueless" (though I wouldn't use that term). If Signal wants mass adoption it has to be really easy. That's what good UX is.

@kyanha

This comment has been minimized.

Show comment
Hide comment
@kyanha

kyanha May 14, 2017

When people outline steps that "need to happen", but don't actually fulfill them themselves, I've found that often those steps are impossible to fulfill. "It should be possible to do this!" ... well, it's often not.

Thus, I'm looking at alternatives that still provide a better amount of security than the "export to plaintext and hope the channels/midpoints/endpoints used to transfer the plaintext archive aren't compromised" option that is currently provided, while still keeping the "cannot allow backups to the cloud" policy that Whisper Systems appears to wish to impose.

kyanha commented May 14, 2017

When people outline steps that "need to happen", but don't actually fulfill them themselves, I've found that often those steps are impossible to fulfill. "It should be possible to do this!" ... well, it's often not.

Thus, I'm looking at alternatives that still provide a better amount of security than the "export to plaintext and hope the channels/midpoints/endpoints used to transfer the plaintext archive aren't compromised" option that is currently provided, while still keeping the "cannot allow backups to the cloud" policy that Whisper Systems appears to wish to impose.

@strugee

This comment has been minimized.

Show comment
Hide comment
@strugee

strugee May 14, 2017

@kyanha the steps outlined in #4577 (comment) are very reasonable.

strugee commented May 14, 2017

@kyanha the steps outlined in #4577 (comment) are very reasonable.

@kyanha

This comment has been minimized.

Show comment
Hide comment
@kyanha

kyanha May 14, 2017

Except that the "cannot allow backups to the cloud" policy becomes violated by those steps.

kyanha commented May 14, 2017

Except that the "cannot allow backups to the cloud" policy becomes violated by those steps.

@johanw666

This comment has been minimized.

Show comment
Hide comment
@johanw666

johanw666 May 14, 2017

Well, there used to be an encrypted option that worked quite well (except that it also backupped .so library files but those can be skipped easily). I run a personal version that has this built in again. If you make this option foolproof by resetting all secure sessions after restore I think this is good enough for public release, but Moxie disagrees and stays focussed on using the system sms database and some external tool that uses it.

johanw666 commented May 14, 2017

Well, there used to be an encrypted option that worked quite well (except that it also backupped .so library files but those can be skipped easily). I run a personal version that has this built in again. If you make this option foolproof by resetting all secure sessions after restore I think this is good enough for public release, but Moxie disagrees and stays focussed on using the system sms database and some external tool that uses it.

@haffenloher

This comment has been minimized.

Show comment
Hide comment
@haffenloher

haffenloher May 14, 2017

Contributor

Hey, please keep discussion to the community forums and don't post to the issue tracker unless you have new information to add which could help solving the issue. This helps keeping the issue tracker clean and limits the amount of time everyone watching the repo (>500 people) has to spend reading through email notifications. Thanks!

Contributor

haffenloher commented May 14, 2017

Hey, please keep discussion to the community forums and don't post to the issue tracker unless you have new information to add which could help solving the issue. This helps keeping the issue tracker clean and limits the amount of time everyone watching the repo (>500 people) has to spend reading through email notifications. Thanks!

@shaaati

This comment has been minimized.

Show comment
Hide comment
@shaaati

shaaati Jul 22, 2017

I just tried a migration from my Nexus 5 running stock 6.0.1 to a Oneplus 5 with 7.1.1. I followed the process documented by @eosrei and it initially failed, as reported by others in here who tried a restore on a recent Android version. More exactly, some of the settings seemed to have been applied (dark theme, list of linked devices) but not a single conversation was visible.
I am not an Android export but I thought this might be related to SELinux stuff (although SELinux should be in place since Android 5 from what I found).

With some research I found that issuing adb shell restorecon -Rv /data/data/org.thoughtcrime.securesms after importing the backup via adb and before upgrading the app via Play Store did the trick. When following the process from #4577 (comment) include this command as step 8.1.

I rooted the Oneplus 5 before doing all this so I do not know if this is a viable solution for non-rooted devices.

shaaati commented Jul 22, 2017

I just tried a migration from my Nexus 5 running stock 6.0.1 to a Oneplus 5 with 7.1.1. I followed the process documented by @eosrei and it initially failed, as reported by others in here who tried a restore on a recent Android version. More exactly, some of the settings seemed to have been applied (dark theme, list of linked devices) but not a single conversation was visible.
I am not an Android export but I thought this might be related to SELinux stuff (although SELinux should be in place since Android 5 from what I found).

With some research I found that issuing adb shell restorecon -Rv /data/data/org.thoughtcrime.securesms after importing the backup via adb and before upgrading the app via Play Store did the trick. When following the process from #4577 (comment) include this command as step 8.1.

I rooted the Oneplus 5 before doing all this so I do not know if this is a viable solution for non-rooted devices.

@snapfractalpop

This comment has been minimized.

Show comment
Hide comment
@snapfractalpop

snapfractalpop Oct 20, 2017

For anyone using the workaround mentioned from #4577 (comment), it was going smooth for me until I hit a snag. On step 8, when performing the backup, BackupManagerService has a moderately fast timeout for individual items. So, if you have a large video, or other bulky file, it may timeout and cause the backup to fail.

I will lose my data as a result of this, however I did do a plaintext backup, and saved various images (they will lose their context). I suppose I will lose group messages. I've wasted a good amount of time on this, and I hope that this can help save someone else from my fate.. if you do try this workaround, beware of the restore timeout (there doesn't seem to be any documented way of overriding it).

snapfractalpop commented Oct 20, 2017

For anyone using the workaround mentioned from #4577 (comment), it was going smooth for me until I hit a snag. On step 8, when performing the backup, BackupManagerService has a moderately fast timeout for individual items. So, if you have a large video, or other bulky file, it may timeout and cause the backup to fail.

I will lose my data as a result of this, however I did do a plaintext backup, and saved various images (they will lose their context). I suppose I will lose group messages. I've wasted a good amount of time on this, and I hope that this can help save someone else from my fate.. if you do try this workaround, beware of the restore timeout (there doesn't seem to be any documented way of overriding it).

@smarek

This comment has been minimized.

Show comment
Hide comment
@smarek

smarek Jan 24, 2018

Contributor

Last item in discussion https://whispersystems.discoursehosting.net/t/encrypted-backup/1227 mentions the proposal that can be merged if I provide it in PR, the bounty still available? 😸

Also @moxie0 can you please confirm that this PR will be merged if implemented as you described previously? My last work on #6886 and ton of other PRs are ready-to-merge for a long time, and there is no activity from your side ...

Contributor

smarek commented Jan 24, 2018

Last item in discussion https://whispersystems.discoursehosting.net/t/encrypted-backup/1227 mentions the proposal that can be merged if I provide it in PR, the bounty still available? 😸

Also @moxie0 can you please confirm that this PR will be merged if implemented as you described previously? My last work on #6886 and ton of other PRs are ready-to-merge for a long time, and there is no activity from your side ...

@automated-signal

This comment has been minimized.

Show comment
Hide comment
@automated-signal

automated-signal Apr 2, 2018

GitHub Issue Cleanup:
See #7598 for more information.

automated-signal commented Apr 2, 2018

GitHub Issue Cleanup:
See #7598 for more information.

@signalapp signalapp locked and limited conversation to collaborators Apr 2, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.