mirror of
https://github.com/avinal/nikki.git
synced 2026-07-03 21:40:09 +05:30
b8d4f52e22
1. Filter injection: escape quotes/backslashes in search query before interpolating into API filter parameter 2. Backup data leak: configure backup_rules.xml and data_extraction_rules.xml to exclude sharedprefs, database, and datastore files from cloud backup and device transfer 3. Cleartext traffic: add network_security_config.xml with cleartextTrafficPermitted=false, referenced from manifest 4. Debug logging: remove all Log.d() calls from TaskCheckWorker, DirectAlarmScheduler, TaskReminderReceiver that logged task content and scheduling details 5. Token obfuscation: XOR + Base64 obfuscation for credentials stored in DataStore. Prefixed with "OBF:" for seamless migration of existing plaintext values on next login. Not cryptographic — prevents casual file inspection. Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com> Co-Authored-By: Claude Opus 4.6 (1M context)