问题
Android supports cloud and local backup of APK files, application data, and so on. Is the device keystore included in the backup?
(I don't think you can extract private keys from an hardware-backed keystore even in rooted devices, not so sure about the software-based version used when there is no hardware support.)
回答1:
No. The whole point behind the hardware-backed keystore is that it's resistant to even privileged attacks with root access.
For this reason, not even the OS can access raw key material from the hardware-backed keystore.
While it would be theoretically possible for the OS to do a keystore backup on lower end devices with a software-backed keystore, this is simply not done or allowed by the OS for security reasons.
回答2:
A July 13 2016 check with official says no:
"What gets backed up with Android Backup Service
Google Calendar settings
Wi-Fi networks & passwords
Home screen wallpapers
Gmail settings
Apps installed through Google Play (backed up on the Play Store app)
Display settings (Brightness & Sleep)
Language & Input settings
Date & Time
Third-party app settings & data (varies by app) Note: Not all apps use Android Backup Service. Some apps may not back up and restore all data."
Of course backing up and restoring apps that use the KeyStore without the KeyStore itself being backed up and restored with the account makes little or no sense.
Though it's possible they did not update their docs my best guess is that the KeyStore is backed up but that information is not made widely available.
Possibly due to the backup not being encrypted prior to transport which is the Google back up standard. They may have made an exception for the keystore but that would indicate all other data isn't as secure when transported nor when received by their servers (they do encrypt the data once they receive it).
来源:https://stackoverflow.com/questions/34765340/can-androids-keystore-be-backed-up