Skip to content

Security: Prevent ADB Data Extraction and Encrypt Room Database (SQLCipher)#121

Open
zebauman wants to merge 1 commit into
vishal2376:masterfrom
zebauman:master
Open

Security: Prevent ADB Data Extraction and Encrypt Room Database (SQLCipher)#121
zebauman wants to merge 1 commit into
vishal2376:masterfrom
zebauman:master

Conversation

@zebauman

Copy link
Copy Markdown

Description of the Vulnerability

While auditing the application, I discovered a compound security vulnerability regarding insecure local data storage. Previously, android:allowBackup was enabled by default without explicit exclusion rules. This allowed an attacker with physical access to legacy Android devices (or root access on modern devices) to extract the application's entire sandbox. Because the Room database was utilizing the default SQLite implementation, highly sensitive user tasks were being stored in plaintext and could be read using any SQLite browser.

Since the application already features a robust custom JSON export/import backup system, system-level ADB backups are largely redundant and introduce an unnecessary attack surface.

Changes Proposed in this PR:

  • Disabled Global Backups: Set android:allowBackup="false" in the AndroidManifest.xml to close the perimeter against ADB extraction tools.
  • Granular Backup Rules: Populated backup_rules.xml and data_extraction_rules.xml to explicitly exclude the database domain, ensuring that even if system backups are re-enabled in the future, the secure database is never exported to the cloud or via device-to-device transfer.
  • Data-at-Rest Encryption: Migrated the Room database engine to use SQLCipher.
    • Initialized SQLiteDatabase.loadLibs(context) and passed a SupportFactory into the Room database builder in TaskDatabase.kt.

Note for maintainer: A static passphrase is used in this PR for demonstration, but for production, this should be transitioned to a dynamically generated key stored securely inside the Android Keystore.

Testing Performed:

  • Verified basic CRUD operations (creating, editing, and deleting tasks) remain fully functional by building and testing locally on Android 11 and Android 14 emulators.
  • Verified that executing adb backup now yields an empty archive for the app's sandbox.
  • Verified via root shell extraction that the local_db file is now encrypted ciphertext and cannot be read without the passphrase.

** Warning:** Because this introduces database encryption, existing users with plaintext databases will trigger the .fallbackToDestructiveMigration() flag.

- Disabled `android:allowBackup` in AndroidManifest.xml to prevent unauthorized data extraction via ADB.
- Configured granular backup rules (`backup_rules.xml` and `data_extraction_rules.xml`) to explicitly exclude the database directory from system-level backups.
- Integrated `net.sqlcipher.database` (SQLCipher) into the Room database module (`TaskDatabase.kt`) to encrypt data at rest.
- Applied SupportFactory to `Room.databaseBuilder` to ensure user tasks are protected against physical extraction and local privilege escalation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant