Update MASTG-BEST-0004 - Add Link to Security recommendations for bac…

…kups (#3118)

* Update MASTG-BEST-0004 - Add Link to Security recommendations for backups

* add links to android-risks

best-practices/MASTG-BEST-0004.md

@@ -9,3 +9,5 @@ For the sensitive files found, instruct the system to exclude them from the back
 
 - If you are using Auto Backup, mark them with the `exclude` tag in `backup_rules.xml` (for Android 11 or lower using `android:fullBackupContent`) or `data_extraction_rules.xml` (for Android 12 and higher using `android:dataExtractionRules`), depending on the target API. Make sure to use both the `cloud-backup` and `device-transfer` parameters.
 - If you are using the key-value approach, set up your [BackupAgent](https://developer.android.com/identity/data/keyvaluebackup#BackupAgent) accordingly.
+
+Refer to ["Security recommendations for backups - Mitigations"](https://developer.android.com/privacy-and-security/risks/backup-best-practices#security-recommendations-for-backups-mitigations) for more information.

weaknesses/MASVS-STORAGE/MASWE-0003.md

@@ -7,6 +7,8 @@ profiles: [L2]
 mappings:
   masvs-v1: [MSTG-STORAGE-8]
   masvs-v2: [MASVS-STORAGE-2, MASVS-PRIVACY-1]
+  android-risks:
+  - https://developer.android.com/privacy-and-security/risks/backup-best-practices
 
 refs:
 - https://developer.android.com/guide/topics/data/autobackup#define-device-conditions

weaknesses/MASVS-STORAGE/MASWE-0004.md

@@ -7,6 +7,8 @@ profiles: [L1, L2, P]
 mappings:
   masvs-v1: [MSTG-STORAGE-8]
   masvs-v2: [MASVS-STORAGE-2, MASVS-PRIVACY-1]
+  android-risks:
+  - https://developer.android.com/privacy-and-security/risks/backup-best-practices
 
 refs:
 - https://developer.android.com/guide/topics/data/autobackup#include-exclude-android-11