Port MASTG-TEST-0009 (by @guardsquare)

demos/android/MASVS-STORAGE/MASTG-DEMO-0020/backup_rules.xml

@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <full-backup-content>
+    <include domain="file" path="." requireFlags="clientSideEncryption" />
     <exclude domain="file" path="backup_excluded_secret.txt" />
 </full-backup-content>

demos/android/MASVS-STORAGE/MASTG-DEMO-0020/data_extraction_rules.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<data-extraction-rules>
+    <cloud-backup disableIfNoEncryptionCapabilities="true">
+        <exclude domain="file" path="backup_excluded_secret.txt" />
+    </cloud-backup>
+
+    <device-transfer disableIfNoEncryptionCapabilities="true">
+        <exclude domain="file" path="backup_excluded_secret.txt" />
+    </device-transfer>
+</data-extraction-rules>

tests-beta/android/MASVS-STORAGE/MASTG-TEST-0216.md

@@ -12,7 +12,14 @@ This test verifies whether your app correctly instructs the system to exclude se
 
 ["Android Backups"](../../../0x05d-Testing-Data-Storage/#backups) can be implemented via [Auto Backup](https://developer.android.com/identity/data/autobackup) (Android 6.0 (API level 23) and higher) and [Key-value backup](https://developer.android.com/identity/data/keyvaluebackup) (Android 2.2 (API level 8) and higher). Auto Backup is the recommended approach by Android as it is enabled by default and requires no work to implement.
 
-To exclude specific files when using Auto Backup, developers must explicitly define exclusion rules in the `exclude` tag in `backup_rules.xml` (for Android 11 or lower using `android:fullBackupContent`) or `data_extraction_rules.xml` (for Android 12 and higher using `android:dataExtractionRules`), depending on the target API. The `cloud-backup` and `device-transfer` parameters can be used to exclude files from cloud backups and device-to-device transfers, respectively. The key-value backup approach requires developers to set up a [`BackupAgent`](https://developer.android.com/identity/data/keyvaluebackup#BackupAgent) or [`BackupAgentHelper`](https://developer.android.com/identity/data/keyvaluebackup#BackupAgentHelper) and specify what data should be backed up.
+To exclude specific files when using Auto Backup, developers must explicitly define exclusion rules in the `exclude` tag in:
+
+- `data_extraction_rules.xml` (for Android 12 and higher using `android:dataExtractionRules`)
+- `backup_rules.xml` (for Android 11 or lower using `android:fullBackupContent`)
+
+The `cloud-backup` and `device-transfer` parameters can be used to exclude files from cloud backups and device-to-device transfers, respectively.
+
+The key-value backup approach requires developers to set up a [`BackupAgent`](https://developer.android.com/identity/data/keyvaluebackup#BackupAgent) or [`BackupAgentHelper`](https://developer.android.com/identity/data/keyvaluebackup#BackupAgentHelper) and specify what data should be backed up.
 
 Regardless of which approach the app used, Android provides a way to start the backup daemon to back up and restore app files. You can use this daemon for testing purposes and initiate the backup process and restore the app's data, allowing you to verify which files were restored from the backup.
 
@@ -22,6 +29,8 @@ Regardless of which approach the app used, Android provides a way to start the b
 2. Install an app on your device.
 3. Launch and use the app going through the various workflows while inputting sensitive data wherever you can.
 4. Run the backup daemon.
+    - (a) Run [Backup Manager](https://developer.android.com/identity/data/testingbackup#TestingBackup)
+    - (b) Run `adb backup` (Deprecated in Android 12. The behavior might differ between an emulator and a physical device).
 5. Uninstall and reinstall the app but don't open it anymore.
 6. Restore the data from the backup and get the list of restored files.
 

tests/android/MASVS-STORAGE/MASTG-TEST-0009.md

@@ -7,6 +7,8 @@ platform: android
 title: Testing Backups for Sensitive Data
 masvs_v1_levels:
 - L2
+status: deprecated
+covered_by: [MASTG-TEST-0216]
 ---
 
 ## Overview