Closed
Bug 800916
Opened 12 years ago
Closed 3 years ago
Use the Android backup service to store profile data
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: snorp, Unassigned)
Details
Android provides a back up service which can be used to restore application data if the phone is wiped. It would be nice if we at least stored *some* profile data there (bookmarks, history, passwords?) so folks wouldn't lose all their stuff. http://developer.android.com/training/cloudsync/backupapi.html
Comment 1•12 years ago
|
||
In the very least we could store their sync credentials here so sync can get them back to where they left off. Mark, how would we go about determining if this is a safe place to put potentially sensitive data?
Comment 2•12 years ago
|
||
(In reply to Brad Lassey [:blassey] from comment #1) > Mark, how would we go about determining if this is a safe place to put > potentially sensitive data? I honestly don't know; I'd need to do some reading up. Maybe others in my team know more about this than I do - I'll ask around. > In the very least we could store their sync credentials here so sync can get > them back to where they left off. This is dangerous. One of the design goals of sync, as it stands, is to ensure that no-one other than the user can access their synced data. If we upload sync credentials to this service our users lose that control. Would you like me to organize a sec. group discussion to discuss possibilities?
Comment 3•12 years ago
|
||
> > Mark, how would we go about determining if this is a safe place to put > > potentially sensitive data? > > I honestly don't know; I'd need to do some reading up. Maybe others in my > team know more about this than I do - I'll ask around. We got a warning on Yammer that ConnectBot was storing SSH keys there, and those were regarded as potentially compromised. Random chat on this topic: http://www.mobilejaw.com/articles/2011/06/security-concerns-around-androids-backup/ > > In the very least we could store their sync credentials here so sync can get > > them back to where they left off. > > This is dangerous. One of the design goals of sync, as it stands, is to > ensure that no-one other than the user can access their synced data. If we > upload sync credentials to this service our users lose that control. I'd be inclined to back up the data, rather than the sync credentials -- one can always set up a new Sync account. However, sometime next year we'll have a much better solution to this problem for most users, namely a Firefox Account with associated Sync. > Would you like me to organize a sec. group discussion to discuss > possibilities? If you do, please add me to the list of interested parties.
Updated•12 years ago
|
Flags: sec-review?(mgoodwin)
Comment 4•12 years ago
|
||
It looks like the ToS for the backup service explicitly forbids this; see 4.11 on https://developers.google.com/android/backup/terms
Comment 6•11 years ago
|
||
(In reply to Mark Goodwin [:mgoodwin] from comment #5) > Are we still looking at doing this? I think comment 4 kinda killed the idea. Though I think it would still be great for users to get up an running faster.
Flags: needinfo?(blassey.bugs)
Updated•11 years ago
|
Flags: sec-review?(mgoodwin) → sec-review-
Comment 7•3 years ago
|
||
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•