Access to private app storage

txp

Hello all!

I've still not switched to GOS and it is not clear for me if is it possible to access/copy an app private storage (what is referred to app-private ("internal") storage in the Usage Guide) on a stock Graphene OS using either the built-in file manager or ADB.

Can somebody help me?

Thanks!

de0u

txp It is generally not possible. GrapheneOS includes the SeedVault backup system, but it has issues. Whether an app's storage is or is not available via adb depends on the app, and often it isn't.

txp

de0u Thanks for the info!

That's unfortunate. I really don't like the idea of not being able to access my data on a device that I lawfully own : (

de0u

txp I really don't like the idea of not being able to access my data on a device that I lawfully own : (

That is a valid perspective. There are multiple reasons behind the Android design treating application data as an enclave. One reason is that if it's easy for you as a user to get at data then it may be easy for malware to get at the data too. The system is explicitly designed to not operate with the "ambient authority" model that was traditional for desktop operating systems, in which every app run by a user has the ability to read, write, and delete all data for all apps.

ryrona

de0u That is a valid perspective. There are multiple reasons behind the Android design treating application data as an enclave. One reason is that if it's easy for you as a user to get at data then it may be easy for malware to get at the data too. The system is explicitly designed to not operate with the "ambient authority" model that was traditional for desktop operating systems, in which every app run by a user has the ability to read, write, and delete all data for all apps.

Actually, one can implement it to allow the physical user to access all files without allowing any third-party app to do so. Simply have a specific system provided app with special privileges. Could be the built-in file browser app, or maybe even adb.

However, there is still one reason why you would want to deny even the physical user access to internal app data. Together with hardware backed device encryption, it prevents data extraction in case the physical user is not you, but your enemy, who has gotten access to your fully unlocked phone. Most importantly, it fully prevents such an attacker to restore deleted content. Some might find that security property valuable.

But it is a little bit at odds with the freedom to look into and manipulate your own system. Just an unfortunate case where someone had to pick between having security or freedom.