If file_path has any whitespace or shell metacharacters in it, then
the invocation of subprocess.call would be likely to break (or even
accidentally execute code, depending on how perverse the pathnames
are).
It's generally a good plan to avoid shell=True for subprocess.call
where you can lay out the arguments deliberately in python. This one
looks relatively straightforward (but note, i have not tested it,
sorry!)
Note that if a name has a `"` character in it, we still fail, out of
safety reasons.
in particular, we want to avoid command injection into the sqlite
binary with particularly malicious names that look something like the
following:
```
foo.db"; .shell touch should-not-exist; .nullvalue "
```
Specifying the password on the command line with `--password XXX`
leaves the password itself visible to any process on the machine which
can scan the process table.
On some systems (including common GNU/Linux distributions) this
visibility is possible by default.
This change should make it possible to offer the password without
putting it into the process table; rather, the user puts the password
in the environment, and specifies the name of the environment
variable, like so:
```
$ export MVT_IOS_BACKUP_PASSWORD=WronglySconeRoundnessUnruffled
$ mvt-ios decrypt-backup -d /path/to/dest /path/to/data/XXXXXXXX-YYYYYYYYYYYYYYY/
$ unset MVT_IOS_BACKUP_PASSWORD
```
or you can do so using a prefixed env var, as described in the updated
check.md documentation.
- The _adb_download function doesn't need a package_name argument. This broke _adb_process_file and unnecessarily clutters function calls. Also, the function may be used to download other files or folders too. Generating a random filename seems like the best solution to me since it is less likely to get a duplicate filename and thus to replace an existing file.
- The path /sdcard/Download doesn't necessarily exist. Using /sdcard seems more reliable.
