Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logging sensitive information #116

Open
bananabr opened this issue Sep 22, 2021 · 0 comments
Open

Logging sensitive information #116

bananabr opened this issue Sep 22, 2021 · 0 comments

Comments

@bananabr
Copy link

Prior to Android 4.0, any application with READ_LOGS permission could obtain all the other applications' log output. After Android 4.1, the specification of READ_LOGS permission has been changed. Even applications with READ_LOGS permission cannot obtain log output from other applications.

However, by connecting an Android device to a PC, or when running a rooted device, log output from other applications can be obtained.

Therefore, it is important that applications do not send sensitive information to log output.

The following LGTM query results demonstrate user credentials being written to the system log: https://lgtm.com/query/3734390561435240112/

Once the issue is fixed, please create a security advisory to a CVE is assigned to it by GitHub.

Thank you,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant