Having a debate with my team about the security risk of using NSLog() in an app in the app store. They are saying it is possible for another app store app to read our app's ASL logging - but I can't find any code online that really demonstrates that. Anybody have some pointers that could help the conversation along?
thanks
Well, those logs are stored in a file somewhere… If you're really concerned about sensitive information inside those logs, why don't you just replace your use of NSLog() with a custom function that calls through to NSLog if some debug condition is set (perhaps some compiler flag or preprocessor macro) and just eats the log message if in a release build?
cmarstall wrote:
Having a debate with my team about the security risk of using NSLog() in an app in the app store.
What platform are you working on?
bob133 wrote:
Well, those logs are stored in a file somewhere…
Just FYI, on iOS NSLog does not write to a file; log entries are held in a small in-memory buffer. However, that does not necessarily assuage cmarstall’s concerns.
Finally, be aware that logging has completely changed in the currently-seeded OS releases. WWDC 2016 Session 721 Unified Logging and Activity Tracing has the details, but one key point is that log entries can now be flagged as containing personally identifiable information (PII).
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"