skip to Main Content

I’m trying to develop an attendance application. Therefore, I would like to minimize identity spoofing where a user signs the attendance for their friend by persisting the user logged in status in the application without uninstalling it.

For example, Facebook persists user data even when the user does Clear Data in SettingsStorage. And Telegram is able to show a Manage Storage button instead of the Clear Data button inside SettingsStorage which makes it difficult to clear the user data.

How do both these apps perform these kinds of actions? I am able to persist user authentication data when the user kills the app in the background. However, my data cannot "survive" through the Clear Data process.

2

Answers


  1. I’d believe that those apps are simply using this backup mechanism: https://developer.android.com/guide/topics/data/backup.html

    Specifically, because all you would need to backup is the a user token (for example) to be able to access your own servers and authenticate, and well… then restore all the data you want.

    The documentation say it very clearly:

    Data is restored when the app is installed. If needed, you can request a manual restore.

    Also (it’s a Key/Value storage, like SharedPreferences):

    Note: If Wi-Fi isn’t available, Key/Value Backup may use mobile data. Key/Value Backup is therefore typically not suitable for app data contents, such as media, downloaded files, and caches, unless the amount of data is very small.

    You don’t even need to be logged in.

    Login or Signup to reply.
  2. This is easily done through the setting android:manageSpaceActivity for application block in AndroidManifest. If you set some Activity on it then the Clear Data button automatically changes on Manage Storage and will open your Activity by click.

    <application 
        ...
        android:manageSpaceActivity=".SomeManageStorageActivity">
        ...
        >
    
            <activity
                android:name="some.package.SomeManageStorageActivity"
                ...
            </activity>
    
    </application>
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search