什么是“android:allowBackup”?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12648373/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is "android:allowBackup"?
提问by android developer
Since the new ADT preview version (version 21), they have a new lint warning that tells me the next thing on the manifest file (in the application tag):
由于新的ADT预览版(版本21) ,他们有一个新的皮棉警告,告诉我在清单文件,接下来的事情(在应用程序标签):
Should explicitly set android:allowBackup to true or false (it's true by default, and that can have some security implications for the application's data)
应该明确地将 android:allowBackup 设置为 true 或 false(默认情况下为 true,这可能会对应用程序的数据产生一些安全影响)
In the official website, they've written:
在官方网站上,他们写道:
A couple of new checks: you must explicitly decide whether your app allows backups, and a label check. There's a new command line flag for setting the library path. Many improvements to the incremental lint analysis while editing.
一些新检查:您必须明确决定您的应用程序是否允许备份,以及标签检查。有一个用于设置库路径的新命令行标志。对编辑时增量 lint 分析的许多改进。
What is this warning? What is the backup feature, and how do I use it?
这是什么警告?什么是备份功能,如何使用?
Also, why does the warning tell me it has security implications? What are the disadvantages and advantages of disabling this feature?
另外,为什么警告告诉我它有安全隐患?禁用此功能的优缺点是什么?
There are two concepts of backup for the manifest:
清单备份有两个概念:
- "android:allowBackup" allows to backup and restore via adb, as shown here:
- “机器人:allowBackup”允许备份和通过ADB恢复,如图所示在这里:
Whether to allow the application to participate in the backup and restore infrastructure. If this attribute is set to false, no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb. The default value of this attribute is true.
是否允许应用程序参与备份和恢复基础架构。如果此属性设置为 false,则不会执行应用程序的备份或恢复,即使是全系统备份,否则会导致所有应用程序数据通过 adb 保存。此属性的默认值为 true。
This is considered a security issue because people could backup your app via ADBand then get private data of your app into their PC.
这被认为是一个安全问题,因为人们可以通过ADB备份您的应用程序,然后将您的应用程序的私人数据获取到他们的 PC 中。
However, I think it's not that of a problem, since most users don't know what adb is, and if they do, they will also know how to root the device. ADB functions would only work if the device has the debugging feature enabled, and this needs the user to enable it.
但是,我认为这不是问题,因为大多数用户不知道 adb 是什么,如果他们知道,他们也会知道如何对设备进行 root。ADB 功能只有在设备启用了调试功能时才能工作,这需要用户启用它。
So, only users that connect their devices to the PC and enable the debugging feature would be affected. If they have a malicious app on their PC that uses the ADB tools, this could be problematic since the app could read the private storage data.
因此,只有将设备连接到 PC 并启用调试功能的用户才会受到影响。如果他们的 PC 上有一个使用 ADB 工具的恶意应用程序,这可能会出现问题,因为该应用程序可以读取私有存储数据。
I think Google should just add a feature that is disabled by default, in the developer category, to allow backup&restore of apps via ADB.
我认为谷歌应该在开发者类别中添加一个默认禁用的功能,以允许通过 ADB 备份和恢复应用程序。
- "android:backupAgent" allows to use the backup and restore feature of the cloud, as shown hereand here:
The name of the class that implement's the application's backup agent, a subclass of BackupAgent. The attribute value should be a fully qualified class name (such as, "com.example.project.MyBackupAgent"). However, as a shorthand, if the first character of the name is a period (for example, ".MyBackupAgent"), it is appended to the package name specified in the element. There is no default. The name must be specified.
实现应用程序备份代理的类的名称,BackupAgent 的子类。属性值应该是完全限定的类名(例如,“com.example.project.MyBackupAgent”)。但是,作为简写,如果名称的第一个字符是句点(例如,“.MyBackupAgent”),则会将其附加到元素中指定的包名称。没有默认值。必须指定名称。
This isn't a security issue.
这不是安全问题。
采纳答案by Tor Norbye
For this lint warning, as for all other lint warnings, note that you can get a fuller explanation than just what is in the one line error message; you don't have to search the web for more info.
对于此 lint 警告,对于所有其他 lint 警告,请注意,您可以获得比单行错误消息中的内容更完整的解释;您不必在网络上搜索更多信息。
If you are using lint via Eclipse, either open the lint warnings view, where you can select the lint error and see a longer explanation, or invoke the quick fix (Ctrl-1) on the error line, and one of the suggestions is "Explain this issue", which will also pop up a fuller explanation. If you are not using Eclipse, you can generate an HTML report from lint (lint --html <filename>) which includes full explanations next to the warnings, or you can ask lint to explain a particular issue. For example, the issue related to allowBackuphas the id AllowBackup(shown at the end of the error message), so the fuller explanation is:
如果您通过 Eclipse 使用 lint,请打开 lint 警告视图,您可以在其中选择 lint 错误并查看更长的解释,或者在错误行上调用快速修复 (Ctrl-1),其中一个建议是“解释这个问题”,这也会弹出一个更完整的解释。如果您没有使用 Eclipse,您可以从 lint ( lint --html <filename>)生成一个 HTML 报告,其中包含警告旁边的完整解释,或者您可以要求 lint 解释特定问题。例如,与allowBackupid相关的问题AllowBackup(显示在错误消息的末尾),因此更完整的解释是:
$ ./lint --show AllowBackup
AllowBackup
-----------
Summary: Ensure that allowBackup is explicitly set in the application's
manifest
Priority: 3 / 10
Severity: Warning
Category: Security
The allowBackupattribute determines if an application's data can be backed up and restored, as documented here.
该allowBackup属性确定是否可以备份和恢复应用程序的数据,如此处所述。
By default, this flag is set to
true. When this flag is set totrue, application data can be backed up and restored by the user usingadb backupandadb restore.This may have security consequences for an application.
adb backupallows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user.adb restoreallows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.Setting
allowBackup="false"opts an application out of both backup and restore.To fix this warning, decide whether your application should support backup and explicitly set
android:allowBackup=(true|false)
默认情况下,此标志设置为
true。当此标志设置为 时true,用户可以使用adb backup和来备份和恢复应用程序数据adb restore。这可能会对应用程序产生安全影响。
adb backup允许已启用 USB 调试的用户从设备复制应用程序数据。备份后,用户可以读取所有应用程序数据。adb restore允许从用户指定的源创建应用程序数据。还原后,应用程序不应假定数据、文件权限和目录权限是由应用程序本身创建的。设置
allowBackup="false"选择应用程序退出备份和恢复。要修复此警告,请决定您的应用程序是否应支持备份并显式设置
android:allowBackup=(true|false)
Click here for More information
单击此处了解更多信息
回答by IgorGanapolsky
Here is what backup in this sense really means:
这就是备份在这个意义上的真正含义:
Android's backup service allows you to copy your persistent application data to remote "cloud" storage, in order to provide a restore point for the application data and settings. If a user performs a factory reset or converts to a new Android-powered device, the system automatically restores your backup data when the application is re-installed. This way, your users don't need to reproduce their previous data or application settings.
Android 的备份服务允许您将持久性应用程序数据复制到远程“云”存储,以便为应用程序数据和设置提供还原点。如果用户执行恢复出厂设置或转换为新的 Android 设备,系统会在重新安装应用程序时自动恢复您的备份数据。这样,您的用户就不需要重现他们以前的数据或应用程序设置。
~Taken from http://developer.android.com/guide/topics/data/backup.html
~取自http://developer.android.com/guide/topics/data/backup.html
You can register for this backup service as a developer here: https://developer.android.com/google/backup/signup.html
您可以在此处作为开发人员注册此备份服务:https: //developer.android.com/google/backup/signup.html
The type of data that can be backed up are files, databases, sharedPreferences, cache, and lib. These are generally stored in your device's /data/data/[com.myapp] directory, which is read-protected and cannot be accessed unless you have root privileges.
可以备份的数据类型有文件、数据库、sharedPreferences、缓存和lib。这些通常存储在您设备的 /data/data/[com.myapp] 目录中,该目录是读保护的,除非您具有 root 权限,否则无法访问。
UPDATE: You can see this flag listed on BackupManager's api doc: BackupManager
更新:您可以在 BackupManager 的 api 文档中看到此标志:BackupManager
回答by Yuntao
This is not explicitly mentioned, but based on the following docs, I think it is implied that an app needs to declare and implement a BackupAgent in order for data backup to work, even in the case when allowBackup is set to true (which is the default value).
这没有明确提及,但基于以下文档,我认为这暗示应用程序需要声明和实现 BackupAgent 才能使数据备份工作,即使在 allowBackup 设置为 true(这是默认值)。
http://developer.android.com/reference/android/R.attr.html#allowBackuphttp://developer.android.com/reference/android/app/backup/BackupManager.htmlhttp://developer.android.com/guide/topics/data/backup.html
http://developer.android.com/reference/android/R.attr.html#allowBackup http://developer.android.com/reference/android/app/backup/BackupManager.html http://developer.android。 com/guide/topics/data/backup.html
回答by Ayaz Alifov
It is privacyconcern. It is recommended to disallow users to backup an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup="true"), it is possible to modify/read the content of an app even on a non-rooted device.
这是隐私问题。建议禁止用户备份包含敏感数据的应用程序。有权访问备份文件(即 when android:allowBackup="true"),即使在非 root 设备上也可以修改/读取应用程序的内容。
Solution - use android:allowBackup="false"in the manifest file.
解决方案 -android:allowBackup="false"在清单文件中使用。
You can read this post to have more information: Hacking Android Apps Using Backup Techniques
您可以阅读这篇文章以获取更多信息: 使用备份技术破解 Android 应用程序
