Is it safe to keep Log.i on production?

Asked 2/4, 2014 at 11:6 Answered 2/4, 2014 at 11:25

In my android application i extensively use Log.i, Log.e.

On these commands I usually pass SQLite queries or http rest urls that communicate with my application.

My question is: Is it safe to keep these logs when the application reaches the Play store ? If a user runs the application with his device connected on his computer will he be able to view the Log messages on his LogCat ?

Lingam answered 2/4, 2014 at 11:6 Comment(4)

if you leave it of course users will be able to see it. – Facet 2/4, 2014 at 11:8

yes, the users can read this log messages in the logcat – Justiciable 2/4, 2014 at 11:8

interesting question ... both are safe on the play store and yes, able to see – Domiciliary 2/4, 2014 at 11:9

What do you do in exception blocks, do you keep the log.e there to log the exceptions or get rid of them too? – Marmara 11/7, 2015 at 5:50

If the users connect the device to a computer and read the logcat, they can see all the log messages that your app generates.

A possible solution is use Proguard to remove (automatically) all the log messages.

More info on this answer: How to configure proguard to ONLY remove android logging calls

Hope it helps.

Justiciable answered 2/4, 2014 at 11:11 Comment(0)

Yes, the user will be able to read those log files. Is it 'safe'? Depends. Are your rest calls or sqlite queries a secret? All the network communication could be read anyways with wireshark for instance.

What I do when I release my apps is: I create my own Log class with methods i, d, e etc and use this Log class instead of the Android one, because then I can use a simple switch like boolean debug = true according to which I write to the LogCat or don't. That way I can leave all my log statements in the app. When you've written your own Log class, to use it all over your app, you can simply replace all

import android.util.Log;

with

import your.package.Log;

with Eclipse.

Inna answered 2/4, 2014 at 11:12 Comment(1)

What you suggest is what I was thinking in case it is not safe. However, proguard as suggested by sabadow and Shajeel Afzal seem more attracting – Lingam 2/4, 2014 at 11:26

Logging is a very handy debugging and diagnostic technique used by developers. Use the logging class provided as part of the Android SDK to log important information about your application to LogCat, but make sure you review your application’s logging implementation prior to publication, as logging has performance drawbacks.

Before releasing your application Review your log carefully so it doesn't leak any confidential data.

Logging is very important whenever your application is in testing mode. Logs will provide you current state and scenario of your application on current device. So it's very helpful whenever you will update your application.

Sometimes Google play rejects your application if they found your Logging mechanism violates the rules.

Rossiter answered 2/4, 2014 at 11:25 Comment(0)

No it is not safe to keep Log methods on Production. These logs can be used to trace different callbacks in Android and if you are showing Database records in them then you must remove those before publishing your app.

And you don't have to remove Log callbacks one by one in your project. You can use Proguard to remove Log methods automatically by just writing few lines in proguard-project.txt present in root of your project.

Follow this answer to remove logging methods using proguard

Eastwards answered 2/4, 2014 at 11:10 Comment(1)

Why wouldn't it be safe? I mean, if your bytecode is running on someone else's computer then you have to assume that nothing can be hidden from them. – Yellowish 2/4, 2014 at 11:22

Recommended topics

Hot tags