On Wed, Dec 19, 2012 at 5:41 PM, Nick Kralevich <[email protected]> wrote: > > If you're a user, and you don't want your data backed up, then goto > "Settings > Backup & reset > Back up my data" and deselect that option. > Individual apps (such as Google+) also have options for disabling cloud > uploads. > > Third party applications have to opt-in to being backed up to the network. > Please see http://developer.android.com/guide/topics/data/backup.html for > more details. Data from applications is not automatically backed up to the > network without developer interaction. > > If you're an application developer, you can set the android:allowBackup > attribute to "false". This will disable both the opt-in cloud backup, as > well as the adb based backup feature. Files stored in an applications' home > directory will not get backed up nor restored. > > http://developer.android.com/reference/android/app/backup/BackupManager.html#attr_android:allowBackup > > Is this what you're looking for? Yes, thank you very much.
Jeff > On Wed, Dec 19, 2012 at 2:32 PM, Jeffrey Walton <[email protected]> wrote: >> >> Hi All, >> >> Does anyone have secure coding rules for Android to keep data out of >> the various clouds? Does AOSP even provide the measures (perhaps not, >> because of the tight relationship with Google)? >> >> I understand it can be OK to allow cloud egress if other security >> controls are used. But things like hard-coded keys and null >> initialization vectors neutralize any encryption benefits, so I'd >> prefer to keep data out of the cloud when advising those not versed in >> the art. >> >> Below are similar rules I have for iOS to give you an idea of what I >> am looking for. >> >> Jeff >> >> * Ensure sensitive data is not stored in <program>/Documents. Data in >> Documents/ can be backed up to an external device or entity (MacBook, >> Desktop PC, iTunes, iCloud, etc). Private data should be stored in a >> directory such as <program>/Caches. Also see Technical Q&A QA1719. >> >> * Verify sensitive data stored on the file system has the >> com.apple.MobileBackup extended attribute to prohibit iCloud backup. >> The attribute is honored in iOS 5.0.1 and above. Also see Technical >> Q&A QA1719. >> >> * Verify sensitive data stored on the file system has the >> kCFURLIsExcludedFromBackupKey flag to prohibit iCloud backup. The flag >> is honored in iOS 5.1 and above. Also see Technical Q&A QA1719. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
