From b5481492a80e519dfc59b83db22b03e30fbda1ce Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
<161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Fri, 13 Mar 2026 06:32:03 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]=20Fi?=
=?UTF-8?q?x=20sensitive=20data=20exposure=20in=20backups?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Update `backup_rules.xml` and `backup_rules_legacy.xml` to explicitly exclude `account_manager.xml` shared preference file from cloud backups and device transfers, preventing the exposure of active account sessions and internal identifiers.
Co-authored-by: dlukt <201112286+dlukt@users.noreply.github.com>
---
mastodon/src/main/res/xml/backup_rules.xml | 2 ++
mastodon/src/main/res/xml/backup_rules_legacy.xml | 1 +
2 files changed, 3 insertions(+)
diff --git a/mastodon/src/main/res/xml/backup_rules.xml b/mastodon/src/main/res/xml/backup_rules.xml
index 90a0ec9c0c..72344bbecf 100644
--- a/mastodon/src/main/res/xml/backup_rules.xml
+++ b/mastodon/src/main/res/xml/backup_rules.xml
@@ -4,10 +4,12 @@
+
+
diff --git a/mastodon/src/main/res/xml/backup_rules_legacy.xml b/mastodon/src/main/res/xml/backup_rules_legacy.xml
index 19c34aaf44..ce1d5fc1b0 100644
--- a/mastodon/src/main/res/xml/backup_rules_legacy.xml
+++ b/mastodon/src/main/res/xml/backup_rules_legacy.xml
@@ -3,4 +3,5 @@
+