Before, we were faking a backup and just returned true, but remembering that next time, we need to do a fresh non-incremental @pm@ backup.
Now, we backup to local cache, but don't upload it. On next run, when we can do backups again, we will upload the updated cache. This simplifies things and reduces the special logic required.
This will only hide installed apps from naive attackers as the APKs are still not encrypted and even then other attacks would be possible.
However, it allows us to simplify our storage plugin API.
We ask the user to generate a new key, because actively asking for the old one is training bad security habits, but technically verifying the old key will also work.
* 'master' of https://github.com/seedvault-app/seedvault: (50 commits)
Bump version to 11-2.2
Changelog: Update till 11-2.1
Restrict exported components
Allow launching restore through a dialer code
Add expert settings with an option for unlimited quota
Prevent screenshots of recovery code
Use clearer more generic strings
Ask for system authentication before storing a new recovery code
Split up validating, verifying and storing of recovery code
Disable Nextcloud restore when not installed and no store available
Disable spell-checker on recovery code input
Add warning for third-party tools to README
document potential information leakage through the long-lived SQL caches
Provide an overview over key derivations
Compares kotlin-bip39 library with bitcoinj library
Link FAQ in Readme to make it more discoverable
Move LocalContactsBackup to product partition
Add newline at the end of all files
Improve .editorconfig setup
Don't backup on metered networks
...
Conflicts:
app/src/main/res/values-de/strings.xml
app/src/main/res/values-es/strings.xml
app/src/main/res/values-pt/strings.xml
app/src/main/res/values-zh-rCN/strings.xml
Conflicts resolved by simply checking out translations from android11,
since they are not modified in master at all.
Change-Id: I0a83c72dbc78b38985b46f9b75ce92e27acd2e03
User-facing changes:
* Don't backup on metered networks
* Disable spell-checker on recovery code input
* Disable Nextcloud restore when not installed and no store available
* Ask for system authentication before storing a new recovery code
* Prevent screenshots of recovery code
* Add expert settings with an option for unlimited quota
* Allow launching restore through a dialer code
* Restrict exported components
Others:
* Improve .editorconfig setup
* Move LocalContactsBackup to product partition
* Link FAQ in Readme to make it more discoverable
* Compares kotlin-bip39 library with bitcoinj library
* Provide an overview over key derivations
* document potential information leakage through the long-lived SQL caches
* Add warning for third-party tools to README
Change-Id: I095af13d0ff010c9602bc323267c074ce7d019a2
* We don't show Restore in menu by default since it's
not the best idea to restore a running system
* However, at the same time, it's good to have a way to do
that for those who'd like to restore anyway, and the only
current way is adb, which is not ideal
* Dialing "*#*#RESTORE#*#*" will launch the restore activity
Change-Id: I258fead82f7e916a4de0b314e1840d7aa4b3746c
This is may be inconvenient for some people, but it is way more secure as screenshots can be accessed by malicious apps that look our for BIP39 codes. Better to store the code on paper.
This will help to prevent data extraction via seedvault when somebody gets hold of an unlocked phone. However, it will not help against someone able to force you to provide fingerprints or other device secrets.
