One of our Customers pointed out a security issue when they executed our app developed using CN1. Below we describe the issue:
The customer says our app uses a resource called "Android Backup Functionality".
He reports that this Android feature has vulnerabilities that can be explored by evil hackers. I suppose our customer has executed some kind of intrusion tests. He didn't give us more details.
But, in our code, we don't use directly "Android Backup Functionality" or anything with a similar name. Our code only uses Codenameone's "Storage functionality" to save some Data, allowing the app to remain operational offline. We believe that CodeNameOne uses the Android Local file system to offer all Storage functionalities.
Below, is my question:
Does Codename One architecture uses some resources called "Android backup Functionality" behind the scenes?
This is an Android feature that we default to true. You can disable it with the build hint: android.allowBackup=false.