I have an app for Android, that saves data to sqlite database in a common way. As the user works with the application, the data is changed etc. So far no problem...
But when the user use some back-up software (like Titanium Backup or others), make a backup of the application, he can restore the data to old state. I need the way to protect application from this or to detect the restoration and handle it.
The simple workflow:
Install APP
Work with APP
Reach the STATE1 of APP's database
Back-up the APP (with any backup/restore application, the device can be rooted)
Work with APP
Reach the STATE2 of APP's database
Restores the APP (or just data) to STATE1 - this is the point I need to deny or detect on the next execution of the APP.
So far I played with the Access-time detection and comparsion, but it seems to be really un-reliable through different devices and ROMs.
Thank you.
To do this you need to save some state off the device, or at least outside of the data directory. The easiest way is probably to save the fingerprint of the DB file in some 'hidden' directory on external storage (SD card). Or if your app has Web login, etc. store the fingerprint for each user.
In any case, the user has full control over the device so you can't prevent this 100%. Your app needs to gracefully handle any changes in the DB or simply fail if it detects a fatal inconsistency.
Related
Based on Is it possible to persisit a file after app uninstall with Android 11?
In Android 11, It seems like almost impossible to retain user data locally, after app uninstallation. Unless we are using SAF, which requires explicit user interaction, to select file/ dialog using this system UI
Or, by using android:hasFragileUserData="true" flag, which will pop up the following UI during uninstallation - https://www.xda-developers.com/android-10-manifest-flag-developers-retain-app-data-before-uninstalling/
However, to my suprise, I do notice a popular app in the market, which able to cleanly retain user multiple backup data, with 0 user interaction, and not using android:hasFragileUserData="true" flag method.
This is a video, to show how it is able to cleanly read the retained data, after re-installation (I have already did a clean uninstall, before capturing the video) - https://www.youtube.com/watch?v=UqG4n_0xmVI
Does anyone has any idea, how I can achieve such "magic"?
In my app user can choose custom files to be used instead of some default settings. File's info is stored by its URI and I have hard time handling case of Backup Service restoring whole app, when all the restored URIs will be invalid.
App will turn to using default settings whenever it detects invalid URIs (not pointing to custom files), however I would want to inform the user about this fact after restore is performed, so he knows why app is using default settings.
Is there any way to detect when app was restored using BackupAgent?
So far I didn't find any proper tool for detecting when app was restored with use of a Backup Service, however I found a workaround:
context.packageManager.getPackageInfo(myPackageName, 0).firstInstallTime always returns time of install of the current instance of the app, so it is possible to store this time using backed-up SharedPreferences and then comparing it with the time received from packageManager - if it is "newer" than the one stored in SharedPreferences, then it means the app has been restored by a Backup Service.
I'm working on an Anti-Theft app. Supposing that my phone is stolen, the first thing a thief will do is factory reset it, what means all apps and data will be lost.
I can convert my app to a System App and it will probably "survive" a hard reset but its data will be lost. Is there a way to keep the app and its data after a reset?
If it's not possible to keep its data, I thought I could store its settings in a file, but it would be erased too. Is there also a way to keep a file after a reset?
Edit: I don't want its data. I want its data not be erased after a factory reset cause erasing its data means erasing all user settings. Since I'm developing an anti-theft app, if a thief resets it, the app should keep its data (user data like a email and phone number) to contact the owner even after a reset made by the thief...
Why do you want a copy of the data after it's stolen (????). May be you have a use case. Anyways, if you are basing your app on API level 23 and above, you can have a look at this - https://developer.android.com/guide/topics/data/autobackup.html
This kind of automatically does what you wanted to achieve.The backed up data is on Google drive of the user account but it's of no use unless restored. Funny thing is, the autobackup feature would actually restore this data after the app is installed again (and the same user has logged in).
This will not really help if you don't have the phone (i mean if it's stolen :)). But if you want to persist app data across app uninstalls and factory reset, autobackup would do the trick for you (available only on API level 23 and above)
It is possible to recover data once a mobile is factory reset or so was uncovered by some Cambridge University researchers in the paper titled Security Analysis of Android Factory Resets published in 2015. I haven't had much time to go through it, but it looks promising.
It seems they did manage to get master tokens even after factory reset by utilizing some flaw in android system where the composition of flash drives make them dangerously hard to erase. Seems something you can experiment with depending on the usage. Do go through it once.
I have an Android application using the Data Backup service. After installing it using Eclipse on a device I can save some data and they become backed up well so far. I can also wipe the data and have them restored. This works as well. If I now take another device and install this application (again with Eclipse) like I'm going to switch the device, the restore process gets executed but don't deliver any data. (like there aren't any)
I'm asking me why. The package is the same, the google account too. Have I missed something in how data are mapped to apps?
Is there anyway to know that when an application is launched for the firsttime? I dont want to use sharedpref because when the user cleardata manually it clears all the data.
That is the point of clearing data, the user may want to tell your app to consider itself freshly installed without having to necessarily uninstall the app. You should not be trying to break that expectation. That said.....
You could create a file on the SD card and check for the existence of that file to determine if your app is being run for the first time.
Do not use the normal openFileOutput() calls in android as that will be cleared when the user clears data as well.
Unless the user wipes all files on the SD card, the file should remain in existence. Also, you can do both, a shared preference and the file and then check for one or the other, just in case.
Use your own server. Just store the unique android id on your server in the first time user launches your application. But you need internet for this.