由于 新ADT preVIEW版本（版本21） ，他们有一个新的皮棉警告，告诉我在清单文件，接下来的事情（在应用程序标签）：

Since the new ADT preview version (version 21) , they have a new lint warning that tells me the next thing on the manifest file (in the application tag):

应该明确设置的android：allowBackup为true或false（这是默认为true，并且可以对应用程序的数据的一些安全问题）

Should explicitly set android:allowBackup to true or false (it's true by default, and that can have some security implications for the application's data)

在 官方网站 ，他们已经写

In the official website , they've written:

一对夫妇的新的检查：你必须明确地决定你的应用是否允许备份和标签检查。有一个新的命令行标志设置库路径。以增量皮棉分析，同时编辑。

A couple of new checks: you must explicitly decide whether your app allows backups, and a label check. There's a new command line flag for setting the library path. Many improvements to the incremental lint analysis while editing.

这是什么警告？什么是备份功能以及如何使用它？

What is this warning? What is the backup feature and how do I use it?

另外，为什么警告告诉我，它带来了安全隐患？什么是禁用此功能的缺点和优点？

Also, why does the warning tells me it has security implications? What are the disadvantages and advantages of disabling this feature?

编辑：有备用的2概念清单：

there are 2 concepts of backup for the manifest:

在机器人： allowBackup 允许备份，并通过亚行恢复，如here: "android:allowBackup" allows to backup and restore via adb , as shown here:

是否允许应用程序参与到备份和   恢复基础设施。如果此属性设置为false，没有备份   或将永远不会执行，甚至一个应用程序的恢复   全系统备份，否则将导致所有应用程序数据   通过ADB保存。此属性的默认值是true。

Whether to allow the application to participate in the backup and restore infrastructure. If this attribute is set to false, no backup or restore of the application will ever be performed, even by a full-system backup that would otherwise cause all application data to be saved via adb. The default value of this attribute is true.

这是考虑安全问题，因为人们可以通过备份亚行您的应用程序，然后让你的应用程序的私有数据到他们的电脑。

this is considered a security issue because people could backup your app via adb and then get private data of your app into their PC.

不过，我认为这不是一个问题，因为大多数用户不知道什么是亚洲开发银行，如果他们这样做，他们也知道如何根设备。亚洲开发银行的功能只会工作，如果该设备已启用功能的调试，这需要用户来启用它。

however, i think it's not that of a problem, since most users don't know what adb is, and if they do, they will also know how to root the device. adb functions would only work if the device has the debugging feature enabled, and this needs the user to enable it.

所以，只有将其设备连接到PC，并打开调试功能的用户会受到影响。如果他们有自己的PC上的恶意应用程序，使用亚行的工具，这可能是问题的，因为应用程序可以读取的专用存储数据。

so, only users that connect their devices to the PC and enable the debugging feature would be affected. if they have a malicious app on their PC that uses the ADB tools , this could be problematic since the app could read the private storage data.

我认为谷歌应该只是补充一点，在默认情况下禁用的功能，在开发类别，允许备份和放大器;通过亚行恢复的应用程序

i think google should just add a feature that is disabled by default, in the developer category, to allow backup&restore of apps via adb.

在机器人： backupAgent 允许使用的备份和恢复的云功能，如here和 此处 ： "android:backupAgent" allows to use the backup and restore feature of the cloud, as shown here and here :

这是实现应用程序的备份代理类的名称，   BackupAgent的子类。该属性值应该是一个全   类名（例如，com.example.project.MyBackupAgent）。   然而，作为一个速记，如果名称的第一个字符是一个   周期（例如，.MyBackupAgent），它被附加到包   名字在元素中指定。没有默认值。该   名称必须指定。

The name of the class that implement's the application's backup agent, a subclass of BackupAgent. The attribute value should be a fully qualified class name (such as, "com.example.project.MyBackupAgent"). However, as a shorthand, if the first character of the name is a period (for example, ".MyBackupAgent"), it is appended to the package name specified in the element. There is no default. The name must be specified.

这是不是一个安全问题。

this isn't a security issue.

推荐答案

有关此皮棉警告，并为所有其他lint警告，注意，你可以得到一个更全面的解释不只是什么是在一行中的错误信息;你不必在网上搜索了解更多信息。

For this lint warning, and for all other lint warnings, note that you can get a fuller explanation than just what is in the one line error message; you don't have to search the web for more info.

如果您通过Eclipse中使用不起毛，无论是打开lint警告视图，在这里你可以选择皮棉的错误，看到更详细的解释，或者调用上的错误行的quickfix（按Ctrl-1），和的建议之一是解释这个问题，这也将弹出一个更全面的解释。如果你没有使用Eclipse，可以生成从皮棉（皮棉--html）的HTML报告，其中包括全面的解释旁边的警告，也可以要求皮棉解释某个特定问题。例如，涉及到allowBackup问题具有id为AllowBackup（在错误消息的末端示出），所以更全面的解释是：

If you are using lint via Eclipse, either open the lint warnings view, where you can select the lint error and see a longer explanation, or invoke the quickfix (Ctrl-1) on the error line, and one of the suggestions is "Explain this issue", which will also pop up a fuller explanation. If you are not using Eclipse, you can generate an HTML report from lint (lint --html ) which includes full explanations next to the warnings, or you can ask lint to explain a particular issue. For example, the issue related to allowBackup has the id "AllowBackup" (shown at the end of the error message), so the fuller explanation is:

$ ./lint --show AllowBackup

$ ./lint --show AllowBackup

摘要：确保allowBackup明确在应用程序的设置 清单

Summary: Ensure that allowBackup is explicitly set in the application's manifest

优先级：3月10日 严重性：警告 类别：安全

Priority: 3 / 10 Severity: Warning Category: Security

在allowBackup属性决定如果一个应用程序的数据可以备份 和恢复。据记载这里。

The allowBackup attribute determines if an application's data can be backed up and restored. It is documented here.

在默认情况下，该标志设置为true。当此标志设置为true， 应用数据可以被备份，并通过使用亚行备份的用户恢复 和亚行恢复。

By default, this flag is set to true. When this flag is set to true, application data can be backed up and restored by the user using adb backup and adb restore.

这可能对应用程序的安全性后果。亚行备份允许 谁已经启用USB调试复制应用程序数据关闭的用户 设备。一旦备份，所有应用程序数据可以由用户读取。亚洲开发银行 恢复允许创建应用数据从指定的来源 用户。经过恢复，应用程序不应该假定数据，文件 权限和目录权限是由应用程序创建 本身。

This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.

设置 allowBackup =假选择采用应用了两种备份和 恢复。

Setting allowBackup="false" opts an application out of both backup and restore.

要解决此警告，决定你的应用程序是否应该支持备份， 并明确设置安卓allowBackup =（TRUE | FALSE）

To fix this warning, decide whether your application should support backup, and explicitly set android:allowBackup=(true|false)"

点击这里查看更多信息