Call to logging API

Call to logging API

Risk: info

Description

This entry describes all the logging API calls used to write log entries. In Android, a logging mechanism called Logcat is introduced to view and filter series of circular buffers that contain logs from various applications and portions of the system. Log information in Logcat can be read out from other applications in the same device. Thus, the output of sensitive information to Logcat is considered that it has a vulnerability of the information leakage.

Recommendation

This entry is informative, no recommendations applicable.

Links

• DRD04-J. Do not log sensitive information
• ERR02-J. Prevent exceptions while logging data
• Logging methods ( Log sparingly )

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_9
• OWASP_MASVS_L2:
  • MSTG_CODE_9