MASTG-TECH-0127: Inspecting an App's Backup Data
You can inspect an Android app's backup data to verify that sensitive data is not included in the backup. This technique is useful for verifying that the app correctly excludes sensitive data from backups.
Backup Made via ADB Backup¶
Android backups are stored in .ab
files, which are specially formatted TAR archives. If you followed the steps from Performing a Backup and Restore of App Data, you should have an apps/
directory in your working directory. This directory contains the extracted backup data.
The files are stored within top-level directories according to their semantic origin:
apps/pkgname/a/
: Application .apk file itselfapps/pkgname/obb/
: The application's associated .obb containersapps/pkgname/f/
: The subtree rooted at thegetFilesDir()
locationapps/pkgname/db/
: The subtree rooted at thegetDatabasePath()
parentapps/pkgname/sp/
: The subtree rooted at thegetSharedPrefsFile()
parentapps/pkgname/r/
: Files stored relative to the root of the app's file treeapps/pkgname/c/
: Reserved for the app'sgetCacheDir()
tree; not stored.