Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some undisable log makes information insecurity #1174

Closed
snowswinginthewind opened this issue Sep 3, 2019 · 3 comments
Closed

Some undisable log makes information insecurity #1174

snowswinginthewind opened this issue Sep 3, 2019 · 3 comments
Assignees
@TrekSoft
Labels
cognito Issues with the AWS Android SDK for Cognito core Issues with the AWS Android Core library

Comments

@snowswinginthewind
Copy link

To Reproduce
1.Keep the isPersistenceEnabled's value is true.
2.after install, open the app which used for the first time,you can see the logs contain AWS account info.
I tried the "disabling all Loggings" method as official doc:https://aws.amazon.com/cn/blogs/mobile/logging-with-the-aws-sdk-for-android/ ,It doesn't work.

Which AWS service(s) are affected?
aws-android-sdk-core:2.13.+, 2.14.+, 2.15+

Expected behavior
Could you please give some api to disable below logs in the sdk, or remove below log in aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java

line 129:logger.info("Using keyAlias = " + keyAlias);

line 1236:logger.info("Using keyAlias = " + keyAlias);

line 153:logger.info("Creating the AWSKeyValueStore with key for " +
"sharedPreferences = " + sharedPreferencesName);

Environment Information (please complete the following information):

  • AWS Android SDK Version: [2.6.25]
  • Device: [all the devices]
  • Android Version: [all the versions]
  • Specific to simulators: [No]
@desokroshan desokroshan self-assigned this Sep 3, 2019
@royjit royjit mentioned this issue Sep 3, 2019
Closed
@royjit royjit added cognito Issues with the AWS Android SDK for Cognito core Issues with the AWS Android Core library labels Sep 3, 2019
@TrekSoft
Copy link
Contributor

Hi @snowswinginthewind - thanks for bringing this to our attention. You are absolutely correct that the information in that post is no longer accurate and we currently don't have a way of setting the log level for what will output or turning them off altogether.

I am working on adding this functionality now and will update this issue when it's being pushed for release.

@TrekSoft TrekSoft mentioned this issue Oct 28, 2019
Merged
TrekSoft added a commit to TrekSoft/aws-sdk-android that referenced this issue Oct 31, 2019
@TrekSoft
Adds logging levels - addresses issue aws-amplify#1174
c4942e4
TrekSoft added a commit that referenced this issue Oct 31, 2019
@TrekSoft
Adds logging levels - addresses issue #1174 (#1282)
de07030
@TrekSoft
Copy link
Contributor

You're all set now - you can now call LogFactory.setLevel(Level) with the level you want

@mutablealligator mutablealligator mentioned this issue Nov 11, 2019
Closed
awsmobilesdk pushed a commit to awsmobilesdk/aws-sdk-android that referenced this issue Apr 12, 2020
@TrekSoft
Adds logging levels - addresses issue aws-amplify#1174 (aws-amplify#1282
b7cc94e 
)
@lokalathlet
Copy link

Hi, I've got a finding from penetration test concearning undesireable logs from AWSMobileClient in Release version of the my app. I fix this issue adding this rule to my app's proguard-rules.pro file.

-assumenosideeffects class android.util.Log {
  public static boolean isLoggable(java.lang.String, int);
  public static *** d(...);
  public static *** w(...);
  public static *** v(...);
  public static *** i(...);
  public static *** e(...);
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TrekSoft TrekSoft

Labels
cognito Issues with the AWS Android SDK for Cognito core Issues with the AWS Android Core library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@desokroshan @TrekSoft @lokalathlet @royjit @snowswinginthewind