Menu
We're using Firebase Crash reporting in our app currently - and we've noticed something odd. In order to help us debug any crashes, we use FirebaseCrash.log to add information about the server requests/responses being made to our servers.
But recently, we've noticed that the logs are being redacted. From what we can tell, this is happening server side, leaving us with logs that look like this:
7:51:11.914 AM gmp_nav20_crash <-- 201
https://[REDACTED_DOMAIN_NAME][REDACTED_URL_BASIC](287ms, unknown-length body)7:51:11.626 AM gmp_nav20_crash --> POST
https://[REDACTED_DOMAIN_NAME][REDACTED_URL_BASIC]http/1.1 (67-byte body)
Is there any way we can disable this at least for certain domains? It makes tracking down exactly what went wrong more difficult than it should be, and doesn't provide any meaningful protections for the user that I can see.
770
Firebase Crashlytics is a realtime, lightweight crash reporter who helps us to track, fix, and prioritize stability issues which destroy our app quality. Crashlytics protect us at the time of troubleshooting by intelligently grouping crashes and highlighting the circumstances which lead up to them.
Open your app from the home screen of your test device or simulator. In your app, press the "Test Crash" button that you added using the code above. After your app crashes, run it again from Xcode so that your app can send the crash report to Firebase.
Crashlytics creates a exception handler that intercepts the exceptions that weren't caught and does something with them but it also sends the exception to the previous exception handler, that's why the app stills crashes.
As the comments above show this is not configurable and you want the results readable from the Firebase console, I suggest processing the URL in a way that obfuscates the fact it is a URL while leaving it human readable. Just make sure you're careful to only do this to non-sensitive information - especially if you are in Europe with new GDPR regulations.
It could be as simple as:
url.replaceAll("\\.", "[dot]");
But I'd suggest masking the protocol (and maybe the slashes) too
url.replaceAll("https://", "[secure]")
.replaceAll("http://", "")
.replaceAll("\\.", "[dot]");
Edit (To answer bounty question: "Is it legal to track Base64 encoded URLs and domain names according to Firebase policies?")
According to the Firebase Policies page
You will not facilitate the merging of personally-identifiable information with non-personally identifiable information unless you have robust notice of, and the user's prior affirmative (i.e., opt-in) consent to, that merger.
Assuming you have not asked for consent, I would take this to mean you should also strip any queries or identifiable information from the URL.
Again this could be as simple as splitting the string at the first or last slash (if present), depending which parts of the url are important to you
176
convert URL string into base64 string and send encoded string
public static String toBase64(String stringToEncode){
String base64 = null;
try {
byte[] data = stringToEncode.getBytes("UTF-8");
base64 = Base64.encodeToString(data, Base64.DEFAULT);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return base64;
}
FirebaseCrash.report(new Exception("Error while downloading image with URL (Base 64 encoded):" + StringUtils.toBase64(s)));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
