Skip to main content

Android App Backup

Apps that target Android 6.0 (SDK 23) and higher can use the built-in "Auto Backup" feature. It is up to the Developer whether to allow this functionality or not. The setting for this is stored in the app AndroidManifest.xml file as the parameter android:allowBackup. This setting takes a Boolean response of either true or false.

If the app does not define this parameter in the AndroidManifest.xml file, then it defaults to "disable" automatically.

<manifest ... >
    ...
    <application android:allowBackup="true" ... >
        ...
    </application>
</manifest>

If the app allows backups, as the example above does, then you will also want to look for the android:fullBackupContent key. This key will either present a Boolean (true/false) or a path to a file (backup_rules.xml) which will contain the rules for the backup. Using this key, Developers can include/exclude certain files from the app. This setting is required for Android 12 and above, and optional for Android 11 and lower.

<application ...
 android:fullBackupContent="@xml/backup_rules">
</application>

Checking if Backups are Enabled

If you have already decoded & decompiled the Android app, then you already have access to the AndroidManifest.xml file. Search the <application> key for the allowBackup entry:

% grep -oE 'android:allowBackup="\w+"' AndroidManifest.xml
android:allowBackup="false"

To check the fullBackupContent key:

% grep -oE 'android:fullBackupContent="(.+?)(\w+)*"' AndroidManifest.xml
android:allowBackup="false"

If there is a file defined, it will look like this:

% grep -oE 'android:fullBackupContent="(.+?)(\w+)*"' AndroidManifest.xml
android:allowBackup="@xml/backup_rules"

Create the Backup File

With your device connected to the computer, run the following command to generate an application backup file:

% adb backup -apk -shared com.example.app

-apk Includes the application APK file(s)

-shared Backs up the shared storage / SD Card contents

com.example.app The app ID to backup

On the device, a screen will appear that allows you to set a password if desired (there is no need to do that). Just tap on the "Back up my data" button near the bottom of the view.

Android Backup View

Once the backup is complete, it will return you to the application. By default, there will be a new file called "backup.ab" in the current directory.

Note: If you want to take multiple backups at different stages during testing, you can supply the -f flag to the backup command and specify a unique filename.

% adb backup -apk -shared com.example.app -f backup1.ab

% adb backup -apk -shared com.example.app -f backup2.ab

Extract the Backup File

Using the Android Backup Extractor (abe.jar) we can convert the backup.ab file into a backup.tar file, then extract the tar file to view the contents:

% java -jar abe.jar unpack backup.ab backup.tar
% mkdir backup
% tar -xf backup.tar -C ./backup

Review all the files in the ./backup directory to see if any sensitive data is exposed via the backup process.

References

https://developer.android.com/guide/topics/data/autobackup

https://github.com/nelenkov/android-backup-extractor/releases/tag/master-20220709062836-33a2f6c