Think About android:allowBackup

It is always interesting to see what things show up as new Lint rules when a new version of the Android developer tools is released. One from R21 stunned me:

Should explicitly set android:allowBackup to true or false (it’s true by default, and that can have some security implications for the application’s data)

I could not figure out how I had missed this… until I realized that android:allowBackup is not actually documented in the docs for the <application> element. Instead, it is documented in the documenation of BackupManager, a class pertaining to Google’s proprietary data backup service. With luck, this attribute will be documented in both places in the future.

As the quoted Lint warning indicates, android:allowBackup defaults to true, meaning that your app’s data can be backed up. This includes the opt-in backup stuff that I am not a fan of and also an adb-based full backup command.

It is entirely possible that you want your app to be backed up in this fashion. It is also entirely possible that you do not. Hence, as you edit your app in R21, go into the manifest and explicitly assign true or false to android:allowBackup, thinking along the way which is the right answer for you.


Need Android app development training for your team? Mark Murphy has trained hundreds! Learn more!