-
Notifications
You must be signed in to change notification settings - Fork 550
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some undisable log makes information insecurity #1174
Comments
Hi @snowswinginthewind - thanks for bringing this to our attention. You are absolutely correct that the information in that post is no longer accurate and we currently don't have a way of setting the log level for what will output or turning them off altogether. I am working on adding this functionality now and will update this issue when it's being pushed for release. |
You're all set now - you can now call LogFactory.setLevel(Level) with the level you want |
Hi, I've got a finding from penetration test concearning undesireable logs from AWSMobileClient in Release version of the my app. I fix this issue adding this rule to my app's proguard-rules.pro file.
|
To Reproduce
1.Keep the isPersistenceEnabled's value is true.
2.after install, open the app which used for the first time,you can see the logs contain AWS account info.
I tried the "disabling all Loggings" method as official doc:https://aws.amazon.com/cn/blogs/mobile/logging-with-the-aws-sdk-for-android/ ,It doesn't work.
Which AWS service(s) are affected?
aws-android-sdk-core:2.13.+, 2.14.+, 2.15+
Expected behavior
Could you please give some api to disable below logs in the sdk, or remove below log in aws-android-sdk-core/src/main/java/com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java
line 129:logger.info("Using keyAlias = " + keyAlias);
line 1236:logger.info("Using keyAlias = " + keyAlias);
line 153:logger.info("Creating the AWSKeyValueStore with key for " +
"sharedPreferences = " + sharedPreferencesName);
Environment Information (please complete the following information):
The text was updated successfully, but these errors were encountered: