A mobile client may store agent prompts, repository paths, diffs, command output, and downloaded artifacts. Protecting the live app sandbox is not enough if those files enter a device cloud backup you did not include in the threat model.
Start with a data inventory.
| Data | Needed offline? | Backup allowed? | Delete trigger |
|---|---|---|---|
| task ID and status | yes | maybe | account removal |
| prompt and response | maybe | usually no | task retention limit |
| repository artifact | temporary | no | upload or timeout |
| auth/session token | yes | no | logout or rotation |
| diagnostic log | temporary | no | bounded retention |
“Encrypted at rest” and “excluded from backup” answer different questions.
iOS boundary
Place recreatable or sensitive files in an appropriate cache or application-support location and mark files that must not be backed up with the backup-exclusion resource value. Keep authentication material in Keychain with an accessibility class chosen for the actual unlock and migration requirements.
Pseudocode:
var values = URLResourceValues()
values.isExcludedFromBackup = true
var fileURL = artifactURL
try fileURL.setResourceValues(values)
Do not apply this blindly to user-created documents they expect to restore. The inventory decides.
Android boundary
Define backup rules for supported Android versions and explicitly exclude databases, shared preferences, or files containing task evidence and credentials. For example, a data-extraction rules file can separate cloud backup and device transfer policies.
<data-extraction-rules>
<cloud-backup>
<exclude domain="database" path="agent_tasks.db" />
<exclude domain="file" path="artifacts/" />
</cloud-backup>
<device-transfer>
<exclude domain="database" path="agent_tasks.db" />
</device-transfer>
</data-extraction-rules>
Exact configuration depends on minimum OS version and storage APIs. Verify against current platform documentation and the built package.
Test the lifecycle
Record the device model, OS/build, application version, account state, and backup configuration. Then test:
- create synthetic sensitive task data;
- trigger the platform's supported backup flow;
- inspect the backup with authorized development tooling;
- restore onto a clean test device or emulator;
- verify excluded data is absent;
- verify the app handles missing local history without retrying old tool actions;
- log out and uninstall, then confirm the declared deletion behavior.
Use fake repositories and tokens. A backup test should never turn real secrets into a fixture.
The limitation is important: excluding files from cloud backup does not prevent screenshots, notification previews, debug logging, rooted-device access, or server retention. It closes one boundary. Mobile privacy improves when every copy has an explicit owner, retention rule, and restore test.
Top comments (0)