Disabling Backup
If anyone with access to your phone can back it up, then we’ll need some way to hide the information if we’re going to be HIPAA compliant.
We can start with something simple by disabling backups using the allowBackup attribute in the Android Manifest file. By default this is set to true. Changing it to false, as in Listing 5-2, will stop the adb backup command working for any phone, even for a full system backup.
However, it would be a mistake to solely rely on this, as a rooted phone has access to databases and can still remove them from the phone via Unix commands. Figure 5-6 shows how someone can shell onto the phone, cd to the databases directory, and then dump the database table to view the data.
Figure 5-6 Viewing the ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
