Development discussion of WireGuard
 help / color / mirror / Atom feed
* Allow client-side encrypted backups for Android app
@ 2023-01-21 13:22 Nazar Mokrynskyi
  2023-02-08  2:03 ` Jason A. Donenfeld
  0 siblings, 1 reply; 5+ messages in thread
From: Nazar Mokrynskyi @ 2023-01-21 13:22 UTC (permalink / raw)
  To: wireguard

Basically this: https://github.com/seedvault-app/seedvault/wiki/FAQ#why-do-some-apps-not-allow-to-get-backed-up

I'm moving to non-rooted ROM for the first time in many years (GrapheneOS) and it is a major pain to configure all the apps manually when apps deliberately disable backups in their apps.

According to following example provided it is trivial to do: https://github.com/grote/Transportr/commit/4dc38f429f75909a088d8bd8a5b3b5ddd8030f71

-- 
Sincerely, Nazar Mokrynskyi
github.com/nazar-pc


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Allow client-side encrypted backups for Android app
  2023-01-21 13:22 Allow client-side encrypted backups for Android app Nazar Mokrynskyi
@ 2023-02-08  2:03 ` Jason A. Donenfeld
  2023-02-08  2:19   ` David Cowden
  0 siblings, 1 reply; 5+ messages in thread
From: Jason A. Donenfeld @ 2023-02-08  2:03 UTC (permalink / raw)
  To: Nazar Mokrynskyi; +Cc: wireguard

I think I'd prefer to still keep this a bit more locked down. There is
the "export tunnels as zip" feature (which requires an explicit
authentication step each time), which you can use for backup/restore.

Jason

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Allow client-side encrypted backups for Android app
  2023-02-08  2:03 ` Jason A. Donenfeld
@ 2023-02-08  2:19   ` David Cowden
  2023-02-08 12:38     ` Nazar Mokrynskyi
  0 siblings, 1 reply; 5+ messages in thread
From: David Cowden @ 2023-02-08  2:19 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: Nazar Mokrynskyi, wireguard

On Android 12+ you can configure which files are backed up (among other things) at runtime using the BackupAgent API https://developer.android.com/guide/topics/data/autobackup. Would you be opposed to this being a configurable option that defaults to off?

David

------- Original Message -------
On Tuesday, February 7th, 2023 at 7:03 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:


> 
> 
> I think I'd prefer to still keep this a bit more locked down. There is
> the "export tunnels as zip" feature (which requires an explicit
> authentication step each time), which you can use for backup/restore.
> 
> Jason

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Allow client-side encrypted backups for Android app
  2023-02-08  2:19   ` David Cowden
@ 2023-02-08 12:38     ` Nazar Mokrynskyi
       [not found]       ` <CALuYY17r9eh_eAc2KRUnQXS1Fd9rCqVJR4aNaupL=W8P710qVA@mail.gmail.com>
  0 siblings, 1 reply; 5+ messages in thread
From: Nazar Mokrynskyi @ 2023-02-08 12:38 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: wireguard, David Cowden


[-- Attachment #1.1.1: Type: text/plain, Size: 1820 bytes --]

I know there is an export feature in the app and I used it successfully, but it doesn't make much sense to me to have that and disable OS backups at the same time.
There are use cases for one-off copying of things for which exporting as zip is great, but there are also others.

I don't want to have set a reminder and regularly go though every single app manually, use their flavor of backup feature (that doesn't necessarily store everything BTW, including in Wireguard), then collect the files somehow, encrypt them and send to the destination.

What I want is automation: configure the tool (SeedVault in my case) to create backups of all apps every day and store them in encrypted form on my private Nextcloud instance with ability to restore backups easily later on.
The issue is that some apps like Wireguard prevent me from enjoying that workflow fully and right now I don't see why would it be beneficial for Wireguard to intentionally prevent that.

With that context I hope it is clearer why I'd appreciate for current design decision around that to be re-evaluated.

Sincerely, Nazar Mokrynskyi
github.com/nazar-pc

08.02.23 04:19, David Cowden пише:
> On Android 12+ you can configure which files are backed up (among other things) at runtime using the BackupAgent API https://developer.android.com/guide/topics/data/autobackup. Would you be opposed to this being a configurable option that defaults to off?
>
> David
>
> ------- Original Message -------
> On Tuesday, February 7th, 2023 at 7:03 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
>
>>
>> I think I'd prefer to still keep this a bit more locked down. There is
>> the "export tunnels as zip" feature (which requires an explicit
>> authentication step each time), which you can use for backup/restore.
>>
>> Jason

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 4753 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Allow client-side encrypted backups for Android app
       [not found]       ` <CALuYY17r9eh_eAc2KRUnQXS1Fd9rCqVJR4aNaupL=W8P710qVA@mail.gmail.com>
@ 2023-02-08 14:00         ` Nazar Mokrynskyi
  0 siblings, 0 replies; 5+ messages in thread
From: Nazar Mokrynskyi @ 2023-02-08 14:00 UTC (permalink / raw)
  To: John Sahhar; +Cc: Jason A. Donenfeld, wireguard, David Cowden


[-- Attachment #1.1.1: Type: text/plain, Size: 2720 bytes --]

No, I'm requesting for Wireguard Android app to stop intentionally disallowing backups:
https://git.zx2c4.com/wireguard-android/tree/ui/src/main/AndroidManifest.xml?id=713947e432126e0e29dcf497960e5fa0f6301e2b#n36

Sincerely, Nazar Mokrynskyi
github.com/nazar-pc

08.02.23 15:34, John Sahhar пише:
> I missed the intro to this thread, but if I'm understanding correctly
> you need a safe way to back up your wg keys/configs? I wrote a bash
> script a few years ago which I use for that, perhaps a starting place
> for what you're trying to accomplish.
>
> https://github.com/ok-john/wireguard-tools/tree/master/contrib/key-grid
> https://syscall.network/releases/key-grid.svg
>
> --
> Regards,
> John Sahhar
> Cryptographer @ Entropy
>
> On Wed, Feb 8, 2023 at 12:44 PM Nazar Mokrynskyi <nazar@mokrynskyi.com> wrote:
>> I know there is an export feature in the app and I used it successfully, but it doesn't make much sense to me to have that and disable OS backups at the same time.
>> There are use cases for one-off copying of things for which exporting as zip is great, but there are also others.
>>
>> I don't want to have set a reminder and regularly go though every single app manually, use their flavor of backup feature (that doesn't necessarily store everything BTW, including in Wireguard), then collect the files somehow, encrypt them and send to the destination.
>>
>> What I want is automation: configure the tool (SeedVault in my case) to create backups of all apps every day and store them in encrypted form on my private Nextcloud instance with ability to restore backups easily later on.
>> The issue is that some apps like Wireguard prevent me from enjoying that workflow fully and right now I don't see why would it be beneficial for Wireguard to intentionally prevent that.
>>
>> With that context I hope it is clearer why I'd appreciate for current design decision around that to be re-evaluated.
>>
>> Sincerely, Nazar Mokrynskyi
>> github.com/nazar-pc
>>
>> 08.02.23 04:19, David Cowden пише:
>>> On Android 12+ you can configure which files are backed up (among other things) at runtime using the BackupAgent API https://developer.android.com/guide/topics/data/autobackup. Would you be opposed to this being a configurable option that defaults to off?
>>>
>>> David
>>>
>>> ------- Original Message -------
>>> On Tuesday, February 7th, 2023 at 7:03 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>>
>>>
>>>> I think I'd prefer to still keep this a bit more locked down. There is
>>>> the "export tunnels as zip" feature (which requires an explicit
>>>> authentication step each time), which you can use for backup/restore.
>>>>
>>>> Jason

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 4753 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-02-08 14:00 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-21 13:22 Allow client-side encrypted backups for Android app Nazar Mokrynskyi
2023-02-08  2:03 ` Jason A. Donenfeld
2023-02-08  2:19   ` David Cowden
2023-02-08 12:38     ` Nazar Mokrynskyi
     [not found]       ` <CALuYY17r9eh_eAc2KRUnQXS1Fd9rCqVJR4aNaupL=W8P710qVA@mail.gmail.com>
2023-02-08 14:00         ` Nazar Mokrynskyi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).