Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it safe to keep Log.i on production?

Tags:

android

android-logcat

In my android application i extensively use Log.i, Log.e.

On these commands I usually pass SQLite queries or http rest urls that communicate with my application.

My question is: Is it safe to keep these logs when the application reaches the Play store ? If a user runs the application with his device connected on his computer will he be able to view the Log messages on his LogCat ?

like image 474
antoniom Avatar asked Apr 02 '14 11:04

antoniom

3 Answers

If the users connect the device to a computer and read the logcat, they can see all the log messages that your app generates.

A possible solution is use Proguard to remove (automatically) all the log messages.

More info on this answer: How to configure proguard to ONLY remove android logging calls

Hope it helps.

like image 84
sabadow Avatar answered Sep 29 '22 01:09

sabadow

Yes, the user will be able to read those log files. Is it 'safe'? Depends. Are your rest calls or sqlite queries a secret? All the network communication could be read anyways with wireshark for instance.

What I do when I release my apps is: I create my own Log class with methods i, d, e etc and use this Log class instead of the Android one, because then I can use a simple switch like boolean debug = true according to which I write to the LogCat or don't. That way I can leave all my log statements in the app. When you've written your own Log class, to use it all over your app, you can simply replace all 

import android.util.Log;

with 

import your.package.Log;

with Eclipse.

like image 37
fweigl Avatar answered Sep 29 '22 02:09

fweigl

Logging is a very handy debugging and diagnostic technique used by developers. Use the logging class provided as part of the Android SDK to log important information about your application to LogCat, but make sure you review your application’s logging implementation prior to publication, as logging has performance drawbacks.

Before releasing your application Review your log carefully so it doesn't leak any confidential data.

Logging is very important whenever your application is in testing mode. Logs will provide you current state and scenario of your application on current device. So it's very helpful whenever you will update your application.

Sometimes Google play rejects your application if they found your Logging mechanism violates the rules.

like image 42
Lavekush Agrawal Avatar answered Sep 29 '22 02:09

Lavekush Agrawal
Sign in to Comment

Related questions

How do I configure the ADT plugin in the eclipse
Replaced fragment still visible
Could not find class 'org.apache.http.entity.mime.content.Filebody', referenced from method
Android Studio - Panic: Could not open AVD
Crawling the Google Play store
How to persist fragment data after backstack transactions?
How many maximum device can we pair via Bluetooth to android device at a time? [closed]
Bluetooth not sending file to other device
Android max limit for geofences?
How does robospice manage activity lifecycle?
android twitter4j authentication via installed twitter app not browser
Get Spannable String from EditText
Facebook asks for Android key hashes for app that is still in sandbox mode
Is it a bad practice to hold application Context instance?
FragmentTransaction : replace and addToBackStack not working together?
in app billing fails in new version of my app
Multiple fixtures on one body or multiple bodies?
android linear layout place two items next to each other
Android Read WhatsApp Data
Android App Retrieve Data from Server but in a Secure way

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!