Duo Restore for Android

Table of Contents

 

General Information

Duo Mobile's restore functionality lets you back up Duo-protected accounts and third-party OTP accounts (such as Google or Facebook) for recovery to the same device or to a new device.

Backup and restore of third-party accounts requires Duo Mobile version 3.28 or newer. Duo mobile versions 3.17 to 3.27 permit restore of Duo-protected accounts only.

If you are a Duo Mobile end-user (not an administrator) and are looking for help configuring Duo Restore beyond the instructions here, or if you are not sure if your organization permits use of Duo Restore, please contact The Help Desk for assistance at 936.468.4357.

 

Enabling Duo Restore

Automatic backups require that your device has a PIN, pattern, or password screen lock. You may need to update your screen lock settings before continuing.

  1. Locate the Google Backup settings page in your device's settings. Navigation to the Google backup setting can vary by phone manufacturer. For example, on Pixel devices navigate to Settings → Google → Backup.

    You must create Google backups for Duo Mobile backup and restore from cloud to work. Backup services offered by other vendors, such as Samsung Cloud backup, will not work for Duo Mobile backup and restore.

  2. If you haven't already enabled app data in your backup, select the checkbox next to Other device data to include Duo Restore information in your backup. Tap Confirm.

If you already have Google account backup enabled you should see Apps included in the "Backup Details" information.

 

  1. If you just enabled Google backup, tap Back up now to create your first system backup before continuing to the next step.

  2. At this point, you can also choose to enable account recovery for your third-party accounts. Open the Duo Mobile app and navigate to Settings → Duo Instant Restore.

  3. Tap Automatically reconnect third-party accounts from cloud to enable. This will include third-party accounts in your Duo Restore information.

 

Nightly Google backups will include Duo Restore information. To see the last time a successful backup occurred, open the Duo Mobile app and navigate to Settings → Duo Instant Restore. Automatic backups require that your device has a PIN, pattern, or password screen lock.

If you created a Google Drive backup using the old Duo Restore toggle, you can still access this backup to perform an Instant Restore.

 

Recovering Third-Party Accounts

  1. From your new Android device, download the latest Duo Mobile app from the Google Play Store. Be sure to install the app published by Duo Security LLC.

  2. Open the Duo Mobile app on your new device.

  3. Tap I have existing accounts from the welcome screen.

  4. Duo Mobile will check for a previous backup in Google Drive. Select the Google account you used when initially setting up Duo Restore.

  5. If Duo Mobile finds a valid backup in your Google Drive, it restores your previously backed-up accounts. If your backup includes third-party accounts, enter your recovery password when prompted.

 

When you return to the accounts list after a successful third-party accounts restore, you'll be able to tap your third-party accounts to generate passcodes for logging into those services.

Note that this doesn't reconnect your Duo-protected accounts. You'll still need to perform the Duo-protected account recovery steps before you can use those accounts to log in to Duo-protected services with Duo Push or Duo Mobile passcodes.

 

Third-Party Account Recovery on Android in Action

 

Recovering Duo-Protected Accounts

  1. From your new Android device, download the latest Duo Mobile app from the Google Play Store. Be sure to install the app published by Duo Security LLC.

  2. Open the Duo Mobile app on your new device.

  3. Tap I have existing accounts from the welcome screen.

  4. Duo Mobile will check for a previous backup in Google Drive. Select the Google account you used when initially setting up Duo Restore.

  5. If account information is found, you will then see the accounts on the Duo Restore screen and shown as disabled in your main accounts list, with a Reconnect action.

  6. Tap Reconnect below a Duo account in the main accounts list.

  7. Log in to the Duo-protected application selected by your IT administrator.

  8. Authenticate using Duo via a method allowed for this application by your IT administrator. If SMS or hardware token passcode and phone calls are not allowed, you will either need to use a different Duo Push-capable 2FA device, use the Duo Self Service Portal, or contact your IT administrator to restore your account on your new device.

  9. After authenticating, your new Android device should be connected to the Duo service.

 

Recovering Accounts Manually

If the Duo Restore feature is not enabled by your Duo administrator, or your backup includes third-party accounts but you did not set a recovery password for those accounts, after tapping Reconnect within Duo Mobile you'll see the options to Scan a QR code or Enter activation code.

Tap Scan QR code and scan the QR code from your third-party account 2FA setup screen, or, to recover a Duo-protected account, access the My Settings and Devices page from the Duo prompt to reactivate the account. If your organization hasn't enabled self-service device management, contact your IT Help Desk or Duo service administrator for assistance reactivating the account.

If you use Duo for more than one organization, you will need to contact each organization's IT Help Desk to reactivate your accounts.

 


Frequently Asked Questions


How does the Duo Mobile restore process affect third-party accounts in my Duo Mobile app?

You'll need to visit each third-party site and follow their specific instructions for reactivating 2FA. This usually involves scanning a QA code after using an alternative recovery method like phone call or SMS. Third-party accounts include accounts that were added to Duo Mobile but not directly linked to the Duo service, such as Google Accounts, Amazon, Facebook, Snapchat, Dropbox, etc.

 

Will Duo Mobile accounts be saved on my device if I delete the app?

It depends on the device's operating system.

  • On iOS, all accounts are retained in the device's secure keychain when you delete the app. This means both Duo-protected and third-party accounts will be available if you reinstall Duo Mobile on the same device. Accounts are only deleted when done so explicitly in the app.
  • On Android, deleting the Duo Mobile app will delete all accounts from your device. Deleting the Duo Mobile app essentially wipes the potential for unassisted account recovery, as any Duo Restore data backed up to Google Drive, if enabled, will be removed as well.

 

Is it possible to restore an account once I've deleted it in Duo Mobile?

No. If you manually delete accounts within the app then they are gone and there is no process for restoration.

 

How large are Duo Mobile backups?

The size of Duo Mobile backup files can vary depending on how many accounts are associated with a device, but generally they are not larger than 500 KB.

 

Does Duo backup the private key pairs used in any of the accounts in my Duo Mobile App?

If you haven't enabled third-party account restore in Duo Mobile then app backups to Google Drive (Android) or iCloud (iOS) accounts DO NOT contain any private key or other sensitive data. Do note that some third-party accounts use an email address as the primary identifier, and thus will be included in the backup (Amazon, Gmail, and others).

Full device encrypted backups to iTunes will back up both the account listings and private key pairs, but can only be restored on the SAME phone that created the backup.

If you opt-in to third-party account backup and restore, and have set an account recovery password, then the app backups to Google Drive (Android) or iCloud (iOS) do include the private key information for your third-party accounts. The backups are encrypted by the recovery password, which is only known to you and cannot be recovered by Duo. When you restore a backup that contains third-party account information you must enter the recovery password to decrypt the backup.

Users cannot inspect or open backup files. iCloud does not provide a way for users to view the backup file. Google Drive users can view that Duo Mobile is using their Drive to store data and the size of that backup but cannot interact with that file. Duo Mobile only has access to the application-specific folder in Google Drive.

 

If the private keys are not backed up, how does this work?

Once you restore your account list you'll see a “Reconnect” link next to each account. Reconnecting the account directs you through a reactivation process where the you need to authenticate to a Duo protected application (configured by the Duo account admin) to verify your identity. Once the your identity has been verified, Duo Mobile reactivates account.

 

Can I restore a backup to a different mobile platform (Android → iOS or iOS → Android)?

No, backups can not be restored across platforms. Duo Mobile can be activated on a new device that uses the same phone number as an old device on a different platform via the self-service device management options in the Duo prompt (if enabled by your Duo admin), or you can contact your IT help desk or Duo admin to request assistance reactivating the accounts on the new device.

 

Why am I getting an error saying "We couldn't find any accounts backed up on this Google account. Try selecting another Google account or contact your help desk." when attempting Duo Restore?

There are several reasons this could happen:

  • The wrong Google account was chosen when attempting Duo Restore.
  • If you very recently toggled on Duo Restore on your new phone, it may not be in sync with the backup on your old phone yet.
  • The Duo Mobile app was deleted from the old phone, which would have also deleted the Google Drive backup.
  • Duo Restore was actually never activated on the old (original) device so no backup is available.
Print Article

Related Articles (5)

Overview of Duo enrollment
Overview of Duo Restore
Duo-protected versus third-party applications. What's the difference?
Troubleshooting article for Duo Push notifications on Android devices.
Introduction to two-factor authentication and Duo.