Should I release an app to the App Store with print statements in it?

Asked 7/4, 2017 at 21:18 Answered 5/11, 2018 at 13:54

Solved ios security uiviewcontroller printf mac-app-store

I intend to release my app to the App Store soon (after TestFlight). I have quite a few view controllers with print statements in them. The print statements are for testing purposes (debugger) and the user will never see them.

Will it make any difference if I do or don't include the print statements inside the app once I release it?

Will the print statements make any difference as far as reducing speed when switching between scenes even if by milliseconds?

Can I get rejected for including them inside my app?

In couple of vcs I print the uids just for clarity on my part. Are there any security risks by including those print statements in the app?

Purple answered 7/4, 2017 at 21:18 Comment(1)

No your app will not be rejected it's a good habit to clean your app as much as you can but still it doesn't affect your app. – Locular 7/4, 2017 at 21:27

I assume you are using Swift, then print is completely safe, even for AppStore builds. You are not going to be rejected and it's not a security risk either.

print, unlike similar NSLog, is not going to produce any logs anywhere that would be visible to the user (e.g. in Xcode Device Console).

More info on the difference between print and NSLog: Swift: print() vs println() vs NSLog()

Ovolo answered 7/4, 2017 at 21:51 Comment(2)

thanks. I only used printf because the description for print that of an actual printer. Your answer is exactly what I needed to know :) – Purple 8/4, 2017 at 2:5

Thank you for this answer. I was unsure about the safety. – Bracket 25/7, 2018 at 1:9

The premise of the question assumes you are facing an adversary who wants to introspect your app. So the question you need to answer is: "to what extent do you want (or are required) to make it difficult for these people?".

All you are doing by using print instead of NSLog is raising the bar to introspection. There is no 100% guaranteed way to prevent an attacker from introspecting your app; assuming they are able to execute it on a device that has had its security compromised (ie. is jailbroken).

One system-level tweak i created, is to hook every print() call, and NSLog its arguments... thus converting a print() to an NSLog. Now there are tweaks like Logify, that will hook all classes and methods in an app so you can trace its execution flow completely, but this is a bit of a nightmare to read through.

If you are creating a particularly sensitive app and want to be make things harder, you could just wrap print() calls in a compiler statement to see if you are on a simulator:

#if TARGET_OS_SIMULATOR
    print()
#endif

This is still a fallible mechanism, but does raise the bar even higher. Just depends what your requirements are :)

Me: Im a penetration tester for mobile apps, and have extensive experience in "how not to do things".

Locomotive answered 5/11, 2018 at 13:54 Comment(1)

interesting answer. Makes sense that a determined individual would get in one way or another. I came across this code, I forgot which SO post, but it said that it would kill all print statements when pushing your app live. Just add it to the AppDelegate. func print(_ items: Any...) { #if DEBUG; Swift.print(items[0]); #endif; } – Purple 5/11, 2018 at 14:6

Recommended topics

Hot tags