DEV Community

Roronoa
Roronoa

Posted on

Keep Agent Logs Out of Mobile Cloud Backups on iOS and Android

A mobile client may store agent prompts, repository paths, diffs, command output, and downloaded artifacts. Protecting the live app sandbox is not enough if those files enter a device cloud backup you did not include in the threat model.

Start with a data inventory.

Data Needed offline? Backup allowed? Delete trigger
task ID and status yes maybe account removal
prompt and response maybe usually no task retention limit
repository artifact temporary no upload or timeout
auth/session token yes no logout or rotation
diagnostic log temporary no bounded retention

“Encrypted at rest” and “excluded from backup” answer different questions.

iOS boundary

Place recreatable or sensitive files in an appropriate cache or application-support location and mark files that must not be backed up with the backup-exclusion resource value. Keep authentication material in Keychain with an accessibility class chosen for the actual unlock and migration requirements.

Pseudocode:

var values = URLResourceValues()
values.isExcludedFromBackup = true
var fileURL = artifactURL
try fileURL.setResourceValues(values)
Enter fullscreen mode Exit fullscreen mode

Do not apply this blindly to user-created documents they expect to restore. The inventory decides.

Android boundary

Define backup rules for supported Android versions and explicitly exclude databases, shared preferences, or files containing task evidence and credentials. For example, a data-extraction rules file can separate cloud backup and device transfer policies.

<data-extraction-rules>
  <cloud-backup>
    <exclude domain="database" path="agent_tasks.db" />
    <exclude domain="file" path="artifacts/" />
  </cloud-backup>
  <device-transfer>
    <exclude domain="database" path="agent_tasks.db" />
  </device-transfer>
</data-extraction-rules>
Enter fullscreen mode Exit fullscreen mode

Exact configuration depends on minimum OS version and storage APIs. Verify against current platform documentation and the built package.

Test the lifecycle

Record the device model, OS/build, application version, account state, and backup configuration. Then test:

  1. create synthetic sensitive task data;
  2. trigger the platform's supported backup flow;
  3. inspect the backup with authorized development tooling;
  4. restore onto a clean test device or emulator;
  5. verify excluded data is absent;
  6. verify the app handles missing local history without retrying old tool actions;
  7. log out and uninstall, then confirm the declared deletion behavior.

Use fake repositories and tokens. A backup test should never turn real secrets into a fixture.

The limitation is important: excluding files from cloud backup does not prevent screenshots, notification previews, debug logging, rooted-device access, or server retention. It closes one boundary. Mobile privacy improves when every copy has an explicit owner, retention rule, and restore test.

Top comments (0)