From 81f1dec94a56d8b96dd2c61587a34d53134d00ea Mon Sep 17 00:00:00 2001 From: RyRy79261 Date: Sat, 20 Jun 2026 04:29:30 +0200 Subject: [PATCH] fix(android): disable Auto Backup of on-device health data (allowBackup=false) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the secure-storage investigation: the highest-value, cheapest on-device hardening is not moving the token to Keystore — it's closing the `adb backup` extraction path. With allowBackup="true" a device-access adversary could pull the app sandbox, which holds the ENTIRE plaintext Dexie health PII DB (intake, vitals, meds, dose logs, …) plus the session token. Setting allowBackup="false" removes that vector for both, on all Android versions, with zero dependencies. No user data is lost: the data syncs to Neon Postgres (the device is not the system of record), so a reinstall/new device restores via sign-in + sync. The trade-off is that Android cloud/`adb` backup of app data is disabled — which for a health PII app is the privacy-correct default. The Keystore-plugin move is deliberately deferred (medium-cost async refactor across 7 files for marginal at-rest gain on a re-obtainable token); if on-device encryption is later wanted, the target is the Dexie health DB, not the token. --- apps/native/android/app/src/main/AndroidManifest.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/native/android/app/src/main/AndroidManifest.xml b/apps/native/android/app/src/main/AndroidManifest.xml index 13396e01..5cfe26ab 100644 --- a/apps/native/android/app/src/main/AndroidManifest.xml +++ b/apps/native/android/app/src/main/AndroidManifest.xml @@ -1,8 +1,13 @@ +