Think About android:allowBackup
It is always interesting to see what things show up as new Lint rules when a new version of the Android developer tools is released. One from R21 stunned me:
Should explicitly set android:allowBackup to true or false (it’s true by default, and that can have some security implications for the application’s data)
I could not figure out how I had missed this… until I realized
android:allowBackup is not actually documented in
the docs for the
Instead, it is documented in
the documenation of
a class pertaining to Google’s proprietary data backup service.
With luck, this attribute will be documented in both places
in the future.
As the quoted Lint warning indicates,
true, meaning that your app’s data can be backed up. This includes
the opt-in backup stuff that I am not a fan of
and also an
adb-based full backup command.
It is entirely possible that you want your app to be backed up in this
fashion. It is also entirely possible that you do not. Hence,
as you edit your app in R21, go into the manifest and explicitly
android:allowBackup, thinking along the
way which is the right answer for you.
Need Android app development training for your team? Mark Murphy has trained hundreds! Learn more!