Home » Android » debugging – Android – Are LogCat calls visible to end users if phone is in debug mode?

debugging – Android – Are LogCat calls visible to end users if phone is in debug mode?

Posted by: admin June 15, 2020 Leave a comment

Questions:

I’ve been using Log.whatever() calls to Log various bits of information as I’ve been developing my Android app. As I prepare to publish my app to the Android Marketplace, I’m trying to figure out what I need to remove.

According to the Android developer Dev Guide, before publishing, they suggest:

Deactivate any calls to Log methods in the source code.

How does one deactivate the Log methods? Obviously I could go through and erase them all (which is a bit of a pain) but is there some other way to deactivate Log calls that I’m unaware of?

Also, what danger is there to having Log calls in a published application? Can anyone install Eclipse, plugin in their phone and enable Debug mode and see all the same LogCat information that I see as I’m developing?

Also the Dev Guide suggests:

Remove the android:debuggable="true" attribute from the <application> element of the manifest.

I was unaware of this flag until now. What does it do exactly? I’ve been developing and debugging my app just fine up to this point and this flag is not set to true or false for in my Manifest.

How to&Answers:

Yes, anyone can install the Android SDK (with or without Eclipse) to view all log messages on your device.

I don’t recommend completely removing your logging code, but instead wrap it, such as: if (DEBUG) Log.d(...) where DEBUG is some static boolean you define in a convenient place. I prefer to create a utility class so that all log calls across various classes can be enabled/disabled at once.

Answer:

Simplest chnages for that would be to define one custom Class say MyLog, now replace all the calls of Log.d() to MyLog.d().
Now inside your class you can have one flag that can enable or disable logs.
hope this helps.

Answer:

A good practice is to use something like if (DEBUG) Log.whatever, and then simply make DEBUG false.

There is no real danger except that you may expose some underlying implementaion which may expose glitches and hackable points in you app. The real problem is the performance penalty that you will get from logging too much.

As for android:debuggable="true", search for it in here

Finally, yes, Logcat logs are global and can be seen by anyone using the Android SDK.

Answer:

Yes logs can be seen by anyone. Not only that, apps can collect logs programmatically: http://www.cuteandroid.com/five-android-logcat-related-open-source-apps-for-developers

So make sure you don’t expose sensitive data as many apps collect logs – mine do in case of unhandled exceptions / crashes.

Answer:

Yep, most certainly. Everyone can see them.

If you don’t want that to happen, delete them from your code. It’s quite normal though. I see a lot of apps using logs, and odds are that almost none of your users will be using that to check your logs.

Answer:

I would recommend not wrapping your Log statements; depending on the size of your application that could take a while, will probably result in a fair bit of extra code and is just a hassle IMHO.

Instead I found configuring Proguard to automatically optimize your code and strip out Log statements when exporting an app release to be much easier. It will also obfuscate specified areas slowing down any reverse engineers that are trying to break your app.

If you do decide to go with Proguard you can put something like the following in your proguard-project.txt file to strip out log statements.

-assumenosideeffects class android.util.Log {
    public static boolean isLoggable(java.lang.String, int);
    public static int v(...);
    public static int i(...);
    public static int w(...);
    public static int d(...);
    public static int e(...);
}