AM Debug v4.0.5 Run#3053

Installer Add option to temporarily disable apk verification during installation

Signed-off-by: Muntashir Al-Islam <[email protected]>

While APK verification is disabled by default in root mode, it's usually enabled in ADB mode. App Manager simply disables it temporarily in ADB mode to perform installation if it's enabled in Developer options. From Android 10, there's is another method that allows deactivation of APK verification in root, ADB and system mode of operations. From Android 14, however, this was made temporary (only applied in a per session basis). Unlike the first method, the latter two allows verification deactivation in system mode of operations too. Here I enable one or both of them depending on the mode of operation.

AM Debug v4.0.5 Run#3054

Refactor Move encryption/decryption handling to BackupItem for consistency

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3055

Backup Make KeyStore backup optional in Android 12 onwards

Android KeyStore v2 is not supported as it is impossible to reliably back up and
restore the newly introduced database-backed KeyStore.

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3056

1-click ops: improve performance of "back up apps with changes"

Calculating hash values for each directory can be very time consuming. Instead,
a greedy approach has been adopted that looks up to depth 3 recursively to find
changes in the timestamp (access and/or modification time). While this approach
may miss a few cases, it's less time consuming that the previous method.

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3057

backup: back up randomized icon instead of the actual icon

Even with the upcoming secure backups with minimal metadata, an attacker can
infer the backed up package name by matching the icon hash with the hash of the
icons extracted from the application of interest. By randomly modifying the MSB
part of the colors in the icon, App Manager effectively prevents any partial
hash matching attacks. At the same time, it also attempts to preserves visual
integrity by selecting a color that blends with its neighbors.

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3058

backup: use cache directory for storing unencrypted backups

When encryption is enabled, App Manager used to use the backup directory for
encryption and decryption, which had several issues:
1. Any adversary watching the directory can detect and obtain a reference to the
unencrypted file, thereby, can also access the unencrypted data
2. For folder that are synced to clouds, creation of unencrypted files would
trigger a sync which would waste bandwidth.

Storing the unencrypted data this way ensures that an adversary cannot access
those transient files without privileged permissions.

Signed-off-by: Muntashir Al-Islam <[email protected]>

I've forgot to cleanup the directory after restoring. Will do in the next commit.

AM Debug v4.0.5 Run#3059

backup: cleanup temporary path after completing backup/restore

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3060

refactor: move MetadataManager.Metadata to BackupMetadataV2

Signed-off-by: Muntashir Al-Islam <[email protected]>

AM Debug v4.0.5 Run#3061

backup: apply Magisk hide/denylist rules only if it is enabled

In App Info tab, adding a package or process to Magisk hide/denylist continues
to enable the feature automatically since it is done actively.

Signed-off-by: Muntashir Al-Islam <[email protected]>