v1.6: fix HIGH security vuln — remove plaintext cookie backup

- Remove KEY_COOKIES_BACKUP plaintext fallback from PreferencesManager - getCookies() now fails closed (force re-login) if EncryptedSharedPreferences unavailable - Set android:allowBackup="false" to prevent adb backup extraction of session data - Add missing gradle-wrapper.jar to repo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 18:28:26 +00:00
parent b3b69dd2b2
commit 8d1cf21966
7 changed files with 183 additions and 25 deletions
@@ -5,7 +5,7 @@
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

    <application
-        android:allowBackup="true"
+        android:allowBackup="false"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:roundIcon="@mipmap/ic_launcher_round"