Follow

A few folk pinged me overnight my time (UK) to say "adb backup" addresses only one exfil vector. That's true, but it's a vector I have the most context on. If I wanted to make all exfil harder my temptation would be to require a factory reset when enabling developer mode.

This would follow the model of unlocking the bootloader; If you enable something which reduces the security of the device you have to wipe the users data, but would be a *huge* behaviour change.

· · Web · 1 · 0 · 0

@alsutton

Yeah thats a real nice way to close all the gaps opened by adb

Obviously has some significant implications for the ease with which developers can get users to help with debugging, although I guess could still enable such functionality with the hope that developers would minimise negative privacy /security implications of stuff that ends up in the logs/bug reports

Then again I guess app developers can take steps to limit user data exposure via adb backup

Sign in to participate in the conversation
Mastodon

The original server operated by the Mastodon gGmbH non-profit