That is why I have been working on a #FreeSoftware backup app that does not need root and saves backups wherever you want (e.g. flash drive, ).
Conversation
Backups happen automatically in the background and are encrypted on your device before uploaded. To restore a backup, you need a 12-word recovery code (BIP39).
2
1
23
This work is sponsored by as part of their mission to spread free privacy software. They accept donations and have an interesting membership program!
2
18
When setting up a new phone, the process to restore a backup currently looks like this. It needs your recovery code to decrypt the backup.
1:28
945 views
2
2
34
There have been many questions about the backup app presented in this thread. So yes, it works like Google's backup, will also restore WiFi passwords, systems settings, wallpaper, etc.
1
3
18
The app works without root by using the internal backup API of the OS, but to do this it needs to be installed as a system app. Ideally, it ships with whatever non-Google Android you are using, e.g. , , etc.
1
1
24
While it could also work on other versions, the development is targeting Android 10 exclusively. The reason for that has been explained by here: github.com/stevesoltys/ba
2
1
17
Two questions:
1. Why is there no option to store the mnemonic as a file, instead of having to either memorize it or go find some physical pen and paper around you?
2. Does this requirement of Android 10 or up mean there's no hope of seeing this integrated on LineageOS as of now?
1
1. This would leak the encryption key to shared storage where it can potentially get picked up by malicious apps.
2. LineageOS is working on Android 10 as we speak. Also, people are free to keep supporting older Android versions.
1
Just a last question: is the choice of having the app generate the recovery mnemonic for the user, instead of the user typing a chosen password, based on security concerns as well?
2
It provides an ~128-bit entropy key so it can't be brute forced as opposed to a passphrase where it's highly unlikely the user will choose anything strong enough to withstand any substantial brute force attack. Passwords are an anti-pattern and should be avoided when they can be.
Still, shifting the onus to the user to either memorize twelve random words by heart, or search a second device (or pen and paper) to type it manually, is probably an usability issue. There is a high chance that the user will forget part of the mnemonic, or lose the paper.
1
They're expected to write it down with pen and paper on a few pieces of paper and store those in safe locations. You aren't supposed to memorize them. Users are extremely likely to forget strong passwords especially when they aren't regularly entering them on a day to day basis.
1
Show replies