Reading ActivityManager-logs on a Jelly Bean device?

Asked 6/7, 2012 at 23:47 Answered 9/8, 2012 at 13:31

Solved android security android-activity android-logcat

Jelly Bean has removed the ability to read the logs of other apps (according to this I/O talk), which is a sensible security improvement. However, I need to read ActivityManager-logs for my app to work (to see which app is currently starting). To do this, I was using

private static final String clearLogcat = "logcat -c";
private static final String logcatCommand = "logcat ActivityManager:I *:S";
//...

which no longer works, as I can only read my own application's logs in Jelly Bean. Is there an alternative solution to finding out when another app is starting (apart from root)? I understand why we shouldn't be able to read other applications' logs (kind of - it should be the other developers' resposibility to make sure that no personal information is logged, not mine by being prevented from reading the log), but I don't understand why the ActivityManager, a framework class, is included in that policy...

Thanks,
Nick

Scheer answered 6/7, 2012 at 23:47 Comment(0)

There is an extensive discussion of this issue going on here. Unfortunately, it's "expected behavior" and as such won't be fixed. The only current solution (for reading the logs from within an application on JB and above) is to manually grant the permission to the app through adb:

adb shell pm grant <pkg> android.permission.READ_LOGS

A such-granted permission:

survives reboots
survives application updates (i.e. "adb install -r")
does not survive if the application was uninstalled and then installed again

It's obvious that this isn't something that a normal user can be expected to do. A GUI-solution (where users can grant this permission from the Settingsmenu of their device) is promised by the Android team, but unfortunately the functionality was removed before the "fix" was implemented.

Scheer answered 9/8, 2012 at 13:31 Comment(3)

maybe you should elaborate more on why you must read the logs in the first place... there is almost certainly a solution that doesn't involve doing so... – Clemenciaclemency 9/8, 2012 at 14:12

You're right - I just wanted to provide more information for people coming here to find out about the removed READ_LOGS-permission (because of the title and the way I asked the question). – Scheer 9/8, 2012 at 15:58

It should be noted that pm grant only works on the emulator or a 'development' device, not on production devices – Biophysics 2/10, 2012 at 22:8

First of all, ActivityManager isn't an application... it's a class that makes up part of the Android application framework.

Second of all, if the Android team deliberately went out of their way to prevent this from working, then I doubt there is a security loophole around it. The fact is that third party applications should not have to rely on logcat logs in order to work properly. If you give some details about your reason for needing to read these logs, maybe we can help point you to a better solution.

Clemenciaclemency answered 7/7, 2012 at 0:16 Comment(10)

Actually there are substantial differences between system and 3rd part apps in terms of available permissions. ActivityManager actually has two pieces - code that runs in the calling process, but also code that runs in the privileged system server process. The logs of interest may well come from the latter. – Jervis 7/7, 2012 at 4:13

@ChrisStratton, okok you're right. I just removed the entire 2nd paragraph because I don't think I ever ended up deciding what the OP meant by "system app". I wasn't sure whether he meant "Google-made apps" (like Google+ or Google Maps) or the actual classes that make up the application framework. If he was talking about the application framework (which I now believe he was), then you are correct. – Clemenciaclemency 7/7, 2012 at 4:21

Actual "apps" installed on the system partition or signed with the same certificate can obtain permissions which regular 3rd-party apps cannot. This question though would be more about a non-"app" system process. Presumably the log segregation is done at the process level; it will be interesting though to see how it is implemented - there do not appear to be changes to the latest released kernel driver source (ie android-omap-tuna-3.0-jb-pre1) – Jervis 7/7, 2012 at 4:38

You obviously know a lot more about this than I do... and you're probably right in that the logging segregation is done at a system level... that makes a lot more sense to me now that I think about it. I try not to get too involved with the kernel/library/android runtime stuff here on SO... I guess I didn't know what I was getting myself into when I answered the question :P – Clemenciaclemency 7/7, 2012 at 4:58

@ChrisStratton, I'd be interested to know what you discover about this though. Still waiting for the source code to be released... – Clemenciaclemency 7/7, 2012 at 4:59

By "system app", I meant ActivityManager as an Android application framework class, not any com.google.* apps. By "way around it", I didn't mean a security loophole, but an alternative approach to figure out when other apps are starting. I specifically need to do exactly that: Find out when another app is starting, in the moment that it is starting. Until now, I used the logcat-command posted above to catch the 07-07 11:49:53.156: I/ActivityManager(304): START {cmp=com.mg.android/com.mg.weatherpro.MainView u=0} from pid 30607 logs – Scheer 7/7, 2012 at 9:48

That's not really something you are supposed to do in a 3rd party app. – Jervis 8/7, 2012 at 14:15

What do you mean by "supposed to do"? If it's something that the user wants, i.e. helps him? – Scheer 9/8, 2012 at 13:2

@Scheer No, "supposed to do" as in (1) it's not stable and can easily break if the Android team changes/removes the logs, and (2) it's not secure, and (3) there is most likely a solution to whatever problem you are currently having that doesn't involve reading the logs of the framework classes. – Clemenciaclemency 9/8, 2012 at 14:3

@Scheer "If its something the user wants, i.e. helps him"... the user will only be satisfied until one of the logs is changed and the app crumbles before their eyes. Reading logs was never officially part of the Android SDK... so from a framework designer's point of view (whose job it is to write a secure, maintainable API that is backward compatible with older versions and is extremely robust in that newer versions won't break existing apps), it's totally acceptable for the Android team to prevent 3rd party apps from reading these logs. Hope that makes more sense... :) – Clemenciaclemency 9/8, 2012 at 14:9

Recommended topics

Hot tags