From c6b25184c13e9b2bf16189ee606b4d5fdf81c66a Mon Sep 17 00:00:00 2001 From: Keirthana Date: Wed, 22 Jan 2025 21:29:33 +0530 Subject: [PATCH] feat(exp): update security documentation for data at rest --- explanation/anbox-security.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/explanation/anbox-security.md b/explanation/anbox-security.md index 35c91370..5889d648 100644 --- a/explanation/anbox-security.md +++ b/explanation/anbox-security.md @@ -80,6 +80,21 @@ It is possible to turn off this update mechanism by setting `container.security_ For security reasons, always keep your systems up-to-date at all times. To ensure this, snaps update automatically, and the snap daemon is by default configured to check for updates four times a day. +## Data security + +We avoid storing user data as much as possible and don't provide any data encryption. The following table helps you understand how data related to you or provided by you is used within Anbox Cloud by various components. + +| Component | Databases | Data stored| +|-----------|-----------|------------| +| LXD instances | Dqlite and SQLite | Information about instances, their management, authentication and certificates | +| AMS | etcd | Information about instance management and configuration, {ref}`custom user data ` when explicitly provided | +| Anbox Stream Gateway | Dqlite | Session and management metadata, service account IDs that identify the web client | +| Anbox Cloud dashboard | SQLite | User email that are used for authentication | + +Services used by Anbox Cloud have configuration files that contain secrets. For the Anbox Stream Gateway, the secrets are stored in Juju relation data. + +The data that you provide to your applications in Android is stored within the instance, for the duration of the instance. + ## Android security The images that Anbox Cloud provides are based on different Android versions. They are updated with security patches monthly, based on the upstream security tags. You can find detailed information on the security patches that have been included (or considered to be included but found unrelated) in the [Android Security Bulletins](https://source.android.com/docs/security/bulletin). The relevant security bulletin for each Anbox Cloud release is linked in the {ref}`ref-release-notes`.