Since the new ADT preview version (version 21), they have a new lint warning that tells me the next thing on the manifest file (in the application tag):
Should explicitly set android:allowBackup to true or false (it's true by default, and that can have some security implications for the application's data)
A couple of new checks: you must explicitly decide whether your app allows backups, and a label check. There's a new command line flag for setting the library path. Many improvements to the incremental lint analysis while editing.
Whether to allow the application to participate in the backup and
restore infrastructure. If this attribute is set to false, no backup
or restore of the application will ever be performed, even by a
full-system backup that would otherwise cause all application data to
be saved via adb. The default value of this attribute is true.
The name of the class that implement's the application's backup agent,
a subclass of BackupAgent. The attribute value should be a fully
qualified class name (such as, "com.example.project.MyBackupAgent").
However, as a shorthand, if the first character of the name is a
period (for example, ".MyBackupAgent"), it is appended to the package
name specified in the element. There is no default. The
name must be specified.
For this lint warning, and for all other lint warnings, note that you can get a fuller explanation than just what is in the one line error message; you don't have to search the web for more info.
If you are using lint via Eclipse, either open the lint warnings view, where you can select the lint error and see a longer explanation, or invoke the quickfix (Ctrl-1) on the error line, and one of the suggestions is "Explain this issue", which will also pop up a fuller explanation. If you are not using Eclipse, you can generate an HTML report from lint (lint --html ) which includes full explanations next to the warnings, or you can ask lint to explain a particular issue. For example, the issue related to allowBackup has the id "AllowBackup" (shown at the end of the error message), so the fuller explanation is:
$ ./lint --show AllowBackup
Summary: Ensure that allowBackup is explicitly set in the application's manifest
Priority: 3 / 10 Severity: Warning Category: Security
The allowBackup attribute determines if an application's data can be backed up and restored. It is documented here.
By default, this flag is set to true. When this flag is set to true, application data can be backed up and restored by the user using adb backup and adb restore.
This may have security consequences for an application. adb backup allows users who have enabled USB debugging to copy application data off of the device. Once backed up, all application data can be read by the user. adb restore allows creation of application data from a source specified by the user. Following a restore, applications should not assume that the data, file permissions, and directory permissions were created by the application itself.
allowBackup="false" opts an application out of both backup and
To fix this warning, decide whether your application should support backup,
and explicitly set
Click here for More information