feat: Migration from phone to phone

app/src/main/AndroidManifest.xml

@@ -7,7 +7,7 @@
 
     <application
         android:name=".MainApplication"
-        android:allowBackup="false"
+        android:allowBackup="true"
         android:dataExtractionRules="@xml/data_extraction_rules"
         android:fullBackupContent="@xml/backup_rules"
         android:icon="@mipmap/ic_launcher"

app/src/main/res/xml/backup_rules.xml

@@ -1,13 +1,28 @@
 <?xml version="1.0" encoding="utf-8"?><!--
-   Sample backup rules file; uncomment and customize as necessary.
-   See https://developer.android.com/guide/topics/data/autobackup
-   for details.
-   Note: This file is ignored for devices older than API 31
-   See https://developer.android.com/about/versions/12/backup-restore
--->
+  ~ Infomaniak Authenticator - Android
+  ~ Copyright (C) 2026 Infomaniak Network SA
+  ~
+  ~ This program is free software: you can redistribute it and/or modify
+  ~ it under the terms of the GNU General Public License as published by
+  ~ the Free Software Foundation, either version 3 of the License, or
+  ~ (at your option) any later version.
+  ~
+  ~ This program is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  ~ GNU General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU General Public License
+  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  -->
 <full-backup-content>
-    <!--
-   <include domain="sharedpref" path="."/>
-   <exclude domain="sharedpref" path="device.xml"/>
--->
-</full-backup-content>
+    <include
+        domain="file"
+        path="." />
+    <include
+        domain="database"
+        path="." />
+    <exclude
+        domain="file"
+        path="Quoi ?" />
+</full-backup-content>

app/src/main/res/xml/data_extraction_rules.xml

@@ -1,19 +1,32 @@
 <?xml version="1.0" encoding="utf-8"?><!--
-   Sample data extraction rules file; uncomment and customize as necessary.
-   See https://developer.android.com/about/versions/12/backup-restore#xml-changes
-   for details.
--->
+  ~ Infomaniak Authenticator - Android
+  ~ Copyright (C) 2026 Infomaniak Network SA
+  ~
+  ~ This program is free software: you can redistribute it and/or modify
+  ~ it under the terms of the GNU General Public License as published by
+  ~ the Free Software Foundation, either version 3 of the License, or
+  ~ (at your option) any later version.
+  ~
+  ~ This program is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  ~ GNU General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU General Public License
+  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+  -->
 <data-extraction-rules>
-    <cloud-backup>
-        <!-- TODO: Use <include> and <exclude> to control what is backed up.
-        <include .../>
-        <exclude .../>
-        -->
-    </cloud-backup>
-    <!--
+
     <device-transfer>
-        <include .../>
-        <exclude .../>
+        <include
+            domain="file"
+            path="." />
+        <include
+            domain="database"
+            path="." />
+        <exclude
+            domain="file"
+            path="Quoi ?" />
     </device-transfer>
-    -->
-</data-extraction-rules>
+
+</data-extraction-rules>

multiplatform-lib/src/androidMain/kotlin/internal/KeyPairManagerImpl.android.kt

@@ -32,8 +32,8 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
             return Failure.KeyManagement.GenerationFailed(it.toString())
         }
 
-        saveKeyToFilesDir("$userId-$keyId-private.key", keyPair.private.encoded)
-        saveKeyToFilesDir("$userId-$keyId-public.key", keyPair.public.encoded)
+        saveFileToFilesDir("$userId-$keyId-private.key", keyPair.private.encoded)
+        saveFileToFilesDir("$userId-$keyId-public.key", keyPair.public.encoded)
         return null
     }
 
@@ -57,16 +57,18 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
         }.getOrElse { Xor.Second(Failure.KeyManagement.KeyExtractionFailed(it.toString())) }
     }
 
-    actual override suspend fun findKeyIdFor(userId: Long): Xor<String, Failure.KeyManagement.KeyNotFound> {
-        val fileNamePrefix = "$userId-"
+    actual override suspend fun findKeyIdFor(predicate: (name: String) -> Boolean): String? {
         val userPassKey: File = withContext(Dispatchers.IO) {
             appCtx.filesDir.listFiles()
         }?.find {
-            it.name.startsWith(fileNamePrefix)
-        } ?: return Xor.Second(Failure.KeyManagement.KeyNotFound("No keys"))
+            predicate(it.name)
+        } ?: return null
 
-        val keyId = userPassKey.name.substringAfter(fileNamePrefix).substringBefore('-')
-        return Xor.First(keyId)
+        val keyId = userPassKey.name.substring(
+            startIndex = userPassKey.name.indexOfFirst { it == '-' } + 1,
+            endIndex = userPassKey.name.indexOfLast { it == '-' }
+        )
+        return keyId
     }
 
     actual override suspend fun deleteKeysMatching(predicate: (name: String) -> Boolean): Xor<Unit, Failure.KeyManagement.KeyNotFound> {
@@ -81,7 +83,7 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
         return Xor.First(Unit)
     }
 
-    private suspend fun saveKeyToFilesDir(fileName: String, key: ByteArray) = Dispatchers.IO {
+    private suspend fun saveFileToFilesDir(fileName: String, key: ByteArray) = Dispatchers.IO {
         val file = File(appCtx.filesDir, fileName)
         file.writeBytes(key)
     }

multiplatform-lib/src/androidMain/kotlin/internal/utils/FileUtils.android.kt

@@ -0,0 +1,38 @@
+/*
+ * Infomaniak Authenticator - Android
+ * Copyright (C) 2026 Infomaniak Network SA
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.infomaniak.auth.lib.internal.utils
+
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.invoke
+import splitties.init.appCtx
+import java.io.File
+
+internal actual suspend fun checkFileExists(name: String): Boolean = Dispatchers.IO {
+    File(appCtx.filesDir, name).exists()
+}
+
+/**
+ * **WARNING:** The backup exclusion is Apple/iOS only. On Android, you need to configure the backup rules,
+ * or implement a BackupAgent to have the backup exclusion work.
+ */
+internal actual suspend fun createBackupExcludedFile(name: String, content: String) {
+    File(appCtx.filesDir, name).apply {
+        createNewFile()
+        writeText(content)
+    }
+}

multiplatform-lib/src/appleMain/kotlin/internal/KeyPairManagerImpl.apple.kt

@@ -126,28 +126,32 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
     }
 
     @OptIn(BetaInteropApi::class)
-    actual override suspend fun findKeyIdFor(userId: Long): Xor<String, Failure.KeyManagement.KeyNotFound> = memScoped {
-        //TODO[ik-auth]: Test this code somehow.
-        val userIdPrefix = "$userId-"
-        val (resultsArray, count) = getAllPrivateKeysQuery()
-
-        if (resultsArray == null || count == 0) {
-            return@memScoped Xor.Second(Failure.KeyManagement.KeyNotFound("No keys found in Keychain"))
-        }
+    actual override suspend fun findKeyIdFor(predicate: (name: String) -> Boolean): String? = Dispatchers.IO {
+        memScoped {
+            //TODO[ik-auth]: Test this code somehow.
+            val (resultsArray, count) = getAllPrivateKeysQuery()
 
-        for (i in 0 until count) {
-            val tag = extractTagFromItem(CFArrayGetValueAtIndex(resultsArray, i.toLong()))
+            if (resultsArray == null || count == 0) return@memScoped null
 
-            if (tag?.startsWith(userIdPrefix) == true) {
-                val keyId = tag.removePrefix(userIdPrefix)
-                return@memScoped Xor.First(keyId)
+            for (i in 0 until count) {
+                val tag = extractTagFromItem(CFArrayGetValueAtIndex(resultsArray, i.toLong()))
+
+                if (tag != null && predicate(tag)) {
+                    val keyId = tag.substring(
+                        startIndex = tag.indexOfFirst { it == '-' } + 1,
+                        endIndex = tag.indexOfLast { it == '-' }
+                    )
+                    return@memScoped keyId
+                }
             }
-        }
 
-        Xor.Second(Failure.KeyManagement.KeyNotFound("No key found for userId $userId"))
+            return@memScoped null
+        }
     }
 
-    actual override suspend fun deleteKeysMatching(predicate: (name: String) -> Boolean): Xor<Unit, Failure.KeyManagement.KeyNotFound> =
+    actual override suspend fun deleteKeysMatching(
+        predicate: (name: String) -> Boolean
+    ): Xor<Unit, Failure.KeyManagement.KeyNotFound> = Dispatchers.IO {
         memScoped {
             val (resultsArray, count) = getAllPrivateKeysQuery()
 
@@ -171,6 +175,7 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
                 Xor.Second(Failure.KeyManagement.KeyNotFound("No key containing $predicate"))
             }
         }
+    }
 
     @OptIn(BetaInteropApi::class, ExperimentalForeignApi::class)
     private fun MemScope.getAllPrivateKeysQuery(): Pair<CFArrayRef?, Int> {

multiplatform-lib/src/appleMain/kotlin/internal/extensions/CFErrors.kt

@@ -20,8 +20,10 @@
 package com.infomaniak.auth.lib.internal.extensions
 
 import com.infomaniak.auth.lib.internal.utils.Xor
+import kotlinx.cinterop.BetaInteropApi
 import kotlinx.cinterop.CPointer
 import kotlinx.cinterop.ExperimentalForeignApi
+import kotlinx.cinterop.ObjCObjectVar
 import kotlinx.cinterop.alloc
 import kotlinx.cinterop.memScoped
 import kotlinx.cinterop.ptr
@@ -45,6 +47,8 @@ import platform.Foundation.NSError
  *      }
  * }
  * ```
+ *
+ * See [tryIt2] for the full NSError variant (no C-style CoreFoundation).
  */
 internal inline fun <R : Any> tryIt(block: (errorPointer: CPointer<CFErrorRefVar>) -> R?): Xor<R, NSError> = memScoped {
     val errorVar = alloc<CFErrorRefVar>()
@@ -54,3 +58,40 @@ internal inline fun <R : Any> tryIt(block: (errorPointer: CPointer<CFErrorRefVar
         else -> Xor.Second(error)
     }
 }
+
+/**
+ * Helpful for functions that take a pointer of an error ref.
+ *
+ * Example usage:
+ * ```
+ * val result = tryIt2 { errorPointer ->
+ *     NSFileManager.defaultManager.URLForDirectory(
+ *         directory = NSApplicationSupportDirectory,
+ *         inDomain = NSUserDomainMask,
+ *         appropriateForURL = null,
+ *         create = true,
+ *         error = errorPointer,
+ *     )
+ * }
+ *
+ * when (result) {
+ *      is Xor.First -> return result.value // Successful
+ *      is Xor.Second -> {
+ *          println("Error: ${result.value.localizedDescription}")
+ *          handleNSError(result.value)
+ *          return null
+ *      }
+ * }
+ * ```
+ *
+ * See [tryIt] For the C-style CoreFoundation compatible variant.
+ */
+@OptIn(BetaInteropApi::class)
+internal inline fun <R : Any> tryIt2(block: (errorPtr: CPointer<ObjCObjectVar<NSError?>>) -> R?): Xor<R, NSError> = memScoped {
+    val errorVar = alloc<ObjCObjectVar<NSError?>>()
+    val result = block(errorVar.ptr)
+    when (val error = errorVar.value) {
+        null -> Xor.First(result!!)
+        else -> Xor.Second(error)
+    }
+}

multiplatform-lib/src/appleMain/kotlin/internal/utils/FileUtils.apple.kt

@@ -0,0 +1,64 @@
+/*
+ * Infomaniak Authenticator - Android
+ * Copyright (C) 2026 Infomaniak Network SA
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.infomaniak.auth.lib.internal.utils
+
+import com.infomaniak.auth.lib.internal.extensions.firstOrElse
+import com.infomaniak.auth.lib.internal.extensions.toNsData
+import com.infomaniak.auth.lib.internal.extensions.tryIt2
+import kotlinx.cinterop.ExperimentalForeignApi
+import platform.Foundation.NSApplicationSupportDirectory
+import platform.Foundation.NSFileManager
+import platform.Foundation.NSURL
+import platform.Foundation.NSURLIsExcludedFromBackupKey
+import platform.Foundation.NSUserDomainMask
+
+internal actual suspend fun checkFileExists(name: String): Boolean {
+    return NSFileManager.defaultManager.fileExistsAtPath("${getApplicationSupportDirectory()}/$name")
+}
+
+@OptIn(ExperimentalForeignApi::class)
+internal actual suspend fun createBackupExcludedFile(name: String, content: String) {
+    val path = "${getApplicationSupportDirectory()}/$name"
+    NSFileManager.defaultManager.createFileAtPath(
+        path = path,
+        contents = content.toNsData(),
+        attributes = null
+    )
+    val url = NSURL.fileURLWithPath(path)
+    val _ = tryIt2 {
+        url.setResourceValue(
+            value = true,
+            forKey = NSURLIsExcludedFromBackupKey,
+            error = it
+        )
+    }.firstOrElse { error(it) }
+}
+
+@OptIn(ExperimentalForeignApi::class)
+private fun getApplicationSupportDirectory(): String {
+    val directory = tryIt2 {
+        NSFileManager.defaultManager.URLForDirectory(
+            directory = NSApplicationSupportDirectory,
+            inDomain = NSUserDomainMask,
+            appropriateForURL = null,
+            create = true,
+            error = it,
+        )
+    }.firstOrElse { error(it) }
+    return requireNotNull(directory.path) // No reason for it to be null given the code above.
+}