800916 - Use the Android backup service to store profile data

Status: RESOLVED INCOMPLETE

(Firefox for Android Graveyard :: General, defect)

Description

[James Willcox (:snorp) (jwillcox@mozilla.com) (he/him)]

Android provides a back up service which can be used to restore application data if the phone is wiped. It would be nice if we at least stored *some* profile data there (bookmarks, history, passwords?) so folks wouldn't lose all their stuff.

http://developer.android.com/training/cloudsync/backupapi.html

Comment 1

[Brad Lassey [:blassey] (use needinfo?)]

In the very least we could store their sync credentials here so sync can get them back to where they left off.

Mark, how would we go about determining if this is a safe place to put potentially sensitive data?

Comment 2

[Mark Goodwin [:mgoodwin]]

(In reply to Brad Lassey [:blassey] from comment #1) 
> Mark, how would we go about determining if this is a safe place to put
> potentially sensitive data?

I honestly don't know; I'd need to do some reading up.  Maybe others in my team know more about this than I do - I'll ask around.

> In the very least we could store their sync credentials here so sync can get
> them back to where they left off.

This is dangerous. One of the design goals of sync, as it stands, is to ensure that no-one other than the user can access their synced data. If we upload sync credentials to this service our users lose that control. 

Would you like me to organize a sec. group discussion to discuss possibilities?

Comment 3

[Richard Newman [:rnewman]]

> > Mark, how would we go about determining if this is a safe place to put
> > potentially sensitive data?
> 
> I honestly don't know; I'd need to do some reading up.  Maybe others in my
> team know more about this than I do - I'll ask around.

We got a warning on Yammer that ConnectBot was storing SSH keys there, and those were regarded as potentially compromised.

Random chat on this topic:

http://www.mobilejaw.com/articles/2011/06/security-concerns-around-androids-backup/

> > In the very least we could store their sync credentials here so sync can get
> > them back to where they left off.
> 
> This is dangerous. One of the design goals of sync, as it stands, is to
> ensure that no-one other than the user can access their synced data. If we
> upload sync credentials to this service our users lose that control.

I'd be inclined to back up the data, rather than the sync credentials -- one can always set up a new Sync account.

However, sometime next year we'll have a much better solution to this problem for most users, namely a Firefox Account with associated Sync.
 
> Would you like me to organize a sec. group discussion to discuss
> possibilities?

If you do, please add me to the list of interested parties.

Comment 4

[Mark Goodwin [:mgoodwin]]

It looks like the ToS for the backup service explicitly forbids this; see 4.11 on https://developers.google.com/android/backup/terms

Comment 5

[Mark Goodwin [:mgoodwin]]

Are we still looking at doing this?

Comment 6

[Brad Lassey [:blassey] (use needinfo?)]

(In reply to Mark Goodwin [:mgoodwin] from comment #5)
> Are we still looking at doing this?

I think comment 4 kinda killed the idea. Though I think it would still be great for users to get up an running faster.

Comment 7

[BMO Automation]

We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.