I'm trying to develop an attendance application. Therefore, I would like to minimize identity spoofing where a user signs the attendance for their friend by persisting the user logged in status in the application without uninstalling it.
For example, Facebook persists user data even when the user does Clear Data in Settings → Storage. And Telegram is able to show a Manage Storage button instead of the Clear Data button inside Settings → Storage which makes it difficult to clear the user data.
How do both these apps perform these kinds of actions? I am able to persist user authentication data when the user kills the app in the background. However, my data cannot "survive" through the Clear Data process.
Unlike most messengers, Telegram can take up nearly zero space on your phone, even if you're using it heavily. When you remove Telegram data from your device's local cache to free up space, we'll keep it in the cloud for as long as you need, with virtually no limitations.
Why the Telegram cache consumes a large amount of storage? This is because all the data you download or send on Telegram is stored in the cache of your phone.
Clear the app's cache & data Clear cache: Deletes temporary data. Some apps can open slower the next time you use them. Clear data storage: Permanently deletes all app data. We recommend trying to delete from inside the app first.
People were concerned that WhatsApp was going to start funneling data to its parent company Facebook. There's been subsequent clarification, but the damage has been done. But what data do these apps have about you?
Researchers at Oxford university analysed approximately a third of the apps available in Google’s Play Store in 2017 and found that the median app could transfer data to 10 third parties, with one in five apps able to share data with more than 20.
Users cannot easily control who their apps share data with, or the fact that only “two or possibly three super-dominant” companies such as Google sit at the top of the data pyramid. “There are no easily accessible settings or widget to switch this off,” he said.
But Mr Binns said the data transfer rights built into the apps often go beyond simple uses such as crash reporting because many apps ask for “excessive permissions” to transfer data and reserve the right to retain it for analysis and resale.
I'd believe that those apps are simply using this backup mechanism: https://developer.android.com/guide/topics/data/backup.html
Specifically, because all you would need to backup is the a user token (for example) to be able to access your own servers and authenticate, and well... then restore all the data you want.
The documentation say it very clearly:
Data is restored when the app is installed. If needed, you can request a manual restore.
Also (it's a Key/Value storage, like SharedPreferences):
Note: If Wi-Fi isn't available, Key/Value Backup may use mobile data. Key/Value Backup is therefore typically not suitable for app data contents, such as media, downloaded files, and caches, unless the amount of data is very small.
You don't even need to be logged in.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With