Protecting backups/imports + custom target option

Ref. https://github.com/deltachat/deltachat-android/issues/1685

  • Operating System: Android
  • Delta Chat Version: 1.12.5
  • Expected behavior: Ask for password on import (and first choose backup folder)
  • Actual behavior: Importing any backup without security, worse: from Downloads
  • Steps to reproduce the problem: Normal backup/import
  1. Backups really need to be protected by a backup-specific password. (Manually set by the user at the time of the backup, and not the account login password. It is important to ask for the login password also, but that is only to authenticate doing the backup, not to protect the resulting backup file…)

2a. On Android, the Downloads folder is the worst location for an unprotected backup; DC should let the user choose target folder and thus also the source folder for imports.

2b. On Android, there is a difference between “save as/to”, “send to” and “share to”. Various Encryption software that offers encrypted containers on Android, use the “Send to/Share to” feature, which is technically different from “save”, and different software options appear in those alternatives.

It would be great if we could optionally use “share backup to”, in order to trigger those encryption features (and even others, such as save directly to a cloud service instead of on the device) which will let us store the backup directly into an encrypted location without touching any “open” folders that are available to other software. (The Downloads folder is the absolutely worst location I can imagine on Android.)

This functionality / option of backup (and restore) location should be provided in all clients/platforms.

3 Likes

I generally agree with you (problem is, there is soooo much we want to do and it’s hard to find the time for sth and also we actually want to implement a proper second-device-setup where you just scan a QR code and the backup is transferred, no need to do anything manually)

but why is this? I mean, sure, we could save it to “Documents” but it’s readable to all apps, as well.

i would also be interested in why Downloads is worse than any other public folder.

in fact, Downloads was chosen as that appears to be the only place where the user can delete/access the backup without additional software on virtually all devices. also, it stays visible to the user here, which is not true for many other folders.

I was proposing a 4-cyphers pin for backup than I found this thread…
Please devs remember this!
Thanks

1 Like

In my personal build I’m using device’s SD card for import/export. Did this because of memory constraint at device.