How do apps like Facebook and Telegram persist user data across Clear Data in Settings?

Question

I'm trying to develop an attendance application. Therefore, I would like to minimize identity spoofing where a user signs the attendance for their friend by persisting the user logged in status in the application without uninstalling it.

For example, Facebook persists user data even when the user does Clear Data in Settings → Storage. And Telegram is able to show a Manage Storage button instead of the Clear Data button inside Settings → Storage which makes it difficult to clear the user data.

How do both these apps perform these kinds of actions? I am able to persist user authentication data when the user kills the app in the background. However, my data cannot "survive" through the Clear Data process.

Answer 1

I'd believe that those apps are simply using this backup mechanism: https://developer.android.com/guide/topics/data/backup.html

Specifically, because all you would need to backup is the a user token (for example) to be able to access your own servers and authenticate, and well... then restore all the data you want.

The documentation say it very clearly:

Data is restored when the app is installed. If needed, you can request a manual restore.

Also (it's a Key/Value storage, like SharedPreferences):

Note: If Wi-Fi isn't available, Key/Value Backup may use mobile data. Key/Value Backup is therefore typically not suitable for app data contents, such as media, downloaded files, and caches, unless the amount of data is very small.

You don't even need to be logged in.