1. Are you ready for the Galaxy S20? Here is everything we know so far!

Security tip when using LogCat

Discussion in 'Android Development' started by alostpacket, Feb 6, 2011.

  1. alostpacket

    alostpacket Over Macho Grande?
    Thread Starter

    This Fall Lookout mobile discovered that developers were writing some pretting interesting things to LogCat and the talked about their findings at DefCon.

    While, as a dev, you should try to never put sensitive information in your logs, you can use this system to turn off logging in your releases.

    At the beginning of each of my classes i write:

    Code (Text):
    1.  
    2. public class MyClass
    3. {
    4.     // Debugging
    5.     private static final String TAG = "MyClass";
    6.     private static final boolean GLOBAL_DEBUG = DebugMode.MODE;
    7.     private static final boolean LOCAL_DEBUG = true;
    8.     private static final boolean D = ( GLOBAL_DEBUG && LOCAL_DEBUG );
    9.  
    10.  
    Notice the DebugMode.MODE is a separate class, and it's a pretty simple one:

    Code (Text):
    1.  
    2. public class DebugMode
    3. {
    4.     public static final boolean MODE = true;
    5. }
    6.  
    Anyways, then, when I want to put something in LogCat I write

    Code (Text):
    1. if (D) Log.d ( TAG, "something interesting happened");
    Finally, when I'm ready to release, I only have to change the DebugMode class to:

    Code (Text):
    1.  
    2. public class DebugMode
    3. {
    4.     public static final boolean MODE = false;
    5. }
    6.  
    And voila! We now have Both fine-grained per-class control of how much info gets sent to LogCat, as well as a Global on/off switch that will help keep prying eyes out of our logs.

    Anyways, hope that helps

    :)
     



    1. Download the Forums for Android™ app!


      Download

       
Loading...

Share This Page

Loading...