-
Scott Violet authored
User expectations on Android is that if the browser goes into the background and is killed by the OS, and the user switches back to the app state is restored (Chrome does this now). This is true even of incognito data. To limit the potential of leaking private information when incognito this patch adds encryption of the tab/navigation stack. Chrome on Android does this as well. The key used for encryption is randomly generated and stored by the system. This way, if the system doesn't provide the data (because the system has determined the app shouldn't restore state), WebLayer won't be able to decrypt the data. This means restoring state of incognito data has a different lifetime then non-incognito data, but that is by design. Again, this logic matches that of Chrome on Android. BUG=1033924 TEST=weblayer_support_instrumentation_test_apk BrowserFragmentLifecycleTest.restoresPreviousSession Change-Id: Iaeb721ae942efa1db19ee8366d1cfbf30747cd43 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2018482 Commit-Queue: Scott Violet <sky@chromium.org> Reviewed-by:Evan Stade <estade@chromium.org> Cr-Commit-Position: refs/heads/master@{#735995}
bf8b8aa7
