Signal-android: [Feature Request] Signed Encrypted Backup Signal Apk

Created on 30 Oct 2017 · 6Comments · Source: signalapp/Signal-Android

I have an idea to overcome the lack of the encrypted backup functionality.

Problem:
The problem with encrypted backups is that you can only do them if you compile your own instance of signal (which can not be installed over an existing installation and can not be easily updated). An encrypted backup of an existing official signal installation is not possible. (but necessary)
The titanium backup way requires rooted phones, which is not feasable every time.
Since this issue has been open for years now, without a (usable) sollution, i propose a simple workaround that does not cost many ressources.

Suggested Feature:
The signal developers that hold the key used to sign the official apks could provide a version where encryted backups are enabled. This version could be installed over the existing signal installation on non rooted phones and would finally enable users to migrate signal to a new phone. (without root obviously)

Expected outcome:
No more whining about missing functionality. Development of a "clean" sollution can go on without stress.

Footnote:
Maybe hide the apk download a bit and mark ist as unstable so people wont complain if it does not work in their case.

Source

username11236

👍2

Most helpful comment

Since there is no way to import encrypted backups into signal anymore this is obsolete. -closed
Bring back the encrypted backup, please.
The sms backup&restore way, well, has not worked for years now and in my humble opinion, never will.
Keep it simple!

Forcing people to root every phone they have is a far greater security risk that allowing people to dump the signal db for later restoring. Think about it, please :)

username11236 on 5 Dec 2017

👍3

All 6 comments

Forcing people to root every phone they have is a far greater security risk that allowing people to dump the signal db for later restoring. Think about it, please :)

username11236 on 5 Dec 2017

👍3

However, I think it would be possible to provide an apk with android:allowBackup="true" in AndroidManifest.xml thus allowing people to make a complete backup via adb backup, restoring it on a new phone and with the next Signal update at the latest have android:allowBackup="false" again to disable the evil cloud backups of Signal yet again.

mittwinter on 7 Dec 2017

👍1

Automatic encrypted backups of your messages used to be possible, but was disabled? Why? Could someone fill me in what happened previously and why this was such a big discussion?

Why not allow Signal to make encrypted backups with a user chosen encrypted passphrase to cloud storage such as Dropbox or Google Drive once per day?

Or maybe in the same way as Threema makes automatic encrypted backups with a user chosen passphrase, by using Android backups. Thoughts?

Mushoz on 10 Apr 2018

Encrypted backup is part of the latest Signal release again, see also 24e573e537639f6f8ff40fd774cf9ff079bbacce .

mittwinter on 10 Apr 2018

@mittwinter thank you very much for your response. I did find that option. One thing that wasn't clear to me is whether this is automated or not? There is a button to manually do a backup, but does this functionality also run automatically?

Also, the big downside of this backup functionality is that if you lose your phone, you're out of luck. Unless you manually copied the backup to your cloud storage of choice. Wouldn't it be a convenient feature if you could chose the desired target of your backups, such as Dropbox or Google Drive?

Mushoz on 10 Apr 2018

@Mushoz We try not to use this issue tracker for Q&A and discussion. In order to limit the amount of email notifications for everyone, please pose your questions about the new backup functionality in the community forum (it allows you to log in via GitHub). Thanks!