-
-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Export & restore all settings #1500
base: master
Are you sure you want to change the base?
Conversation
Is Also: have you read this? https://bugs.chromium.org/p/chromium/issues/detail?id=661188 The backup logic was disabled at some point
See the previous issue, perhaps it was a limitation on older Android versions.
I don't think we should cover the SQLite files; what is there anyways of user interest? cookies, bookmarks, saved passwords?
There is no way to detect a restore happened? But perhaps it will automatically close it before restoring?
So #1431 would be useless for all those that do not have a rooted phone/custom ROM? As for the backup going to Google servers: is this the functionality used when switching to a new phone? It works differently than the sync profile.
Would this require a rooted device as well?
It depends from what we want to maintain; I would first study a bit further how backup used to work for Chromium on Android, to see if we can restore some functionality (and whether it is useful or not). In the end if we do not want to use the core Android functionality we could have some import/export of all settings and flags alone, in a file, but sooner or later we would start thinking about encrypting it etc which becomes scope creep. |
no, backup_key is completely without references
no, i saw now, they had taken it off and then put it back to not fix the build, but without reactivating it.
I don't know exactly, certainly cookies and offline pages and the history.
i know when it happens, after all the backup/restore is done by chromium.
yes, that's probably it is so
yes, it is quite another thing.
I don't know for sure yet. I don't use
the chromium code already provides encryption functions, but from what I have seen, they seem to me linked to the device, that is, when the device is changed it is no longer possible to decrypt what has been encrypted.
no, there is no force quit of the application. |
I think it's worth restoring what has been deleted to see if it works.
Let me know what you find.
How do other apps do this? Perhaps the restore only happens on "cold" files which are restored on restart, and the app detecting the restore will ask user to restart?
We should try with a non-rooted device.
That is why I am saying it is scope creep: because we should not do it.
If the backup/restore functionality is used by other apps, there must be a way to do it safely. The browser is not different in this sense. |
I wouldn't worry about that, I'd put a flag.
follow this there are also other types of db based on proto files (chrome/browser/persisted_state_db/profile_proto_db_factory.cc): PersistedStateContentProto, ChromeCartContentProto, CouponContentProto, CommerceSubscriptionContentProto, MerchantSignalContentProto. apart from the first one that is used to serialize the tabs (currently under flag), the others do not know what they are.
but what if we simply did an encrypted zip? |
But is it encrypted or not?
Most surely related to the functionality to follow prices and make purchases directly from the browser.
There is no "simply" in encrypted. It is better to provide no encryption rather than a malfunctioning one. |
the password yes
only if you know the decryption key |
I do not consider this encryption with a hard-coded password valid from the perspective of securing user data; it corresponds to obfuscation.
I am talking about the Android sandbox: can other apps open files created by other apps, without any limitation? |
what do you think of this?
you are right, i forget that for android i have to look at posix and not linux code.
what if it was manageable by the user? provided that that value is then registered in a store that is really valid for security purposes. I wonder where the credit card details are.
as far as I understand, in a non-rooted system, if the file is on the internal memory, only if the application allows it through a saf provider. more than the other applications, the problem is the browser itself, as he obviously has access to those files. an example is the page chrome://local-state/ if for some reason was readable by the sites. |
Seems it works the same way for credit cards: encryptor BindCreditCardToStatement |
Asking the user to enter a master password...to encrypt all the other passwords, would be safer. And it would still need key derivation.
There is no right answer to this. If your phone is rooted it does not mean that all apps can do anything they want. Most SU managers still require you to give permissions before root is granted to apps; some other security features are disabled when you root, but not all and might not be applicable for this specific attack scenario.
This export feature can work without any form of encryption; it is up to the user to figure that out, meanwhile we can further think about the use-case.
There are many more barriers to break before sites can access a local file, it is not just governed by |
this patch is a work in progress, I need to talk to you about what to do.
ChromeBackupAgent
code seems unused to me, that is, I couldn't find anything that could enable it in the chromium base code.in fact it is based on the presence of "
backup_key
" which however does not exist in any gn (ref)and this is the main problem because to restore we have to relaunch the application, since some settings require it (always incognito or javascript jit and all about://flags).
seedvault seems to be a good alternative, but from what I understand it needs to be integrated into the android build so it is not possible to install it stand alone (I'm waiting for someone to prove me wrong)
however, point 5 is the most critical.
a possible alternative is to run
bmgr
ref as it does for logcat, so you can manage when the user wants to backup and restore, you tell me.other alternative is to throw everything and start over, emulating BackupDataOutput to save the file when and where I want.
instead point 4 I would see it together with #244
let me know