2 Replies
      Latest reply: Sep 2, 2016 1:32 AM by eskimo RSS
      cmarstall Level 1 Level 1 (0 points)

        Having a debate with my team about the security risk of using NSLog() in an app in the app store. They are saying it is possible for another app store app to read our app's ASL logging - but I can't find any code online that really demonstrates that. Anybody have some pointers that could help the conversation along?

        thanks

        • Re: is it possible to read another app's NSLog output?
          bob133 Level 4 Level 4 (955 points)

          Well, those logs are stored in a file somewhere…  If you're really concerned about sensitive information inside those logs, why don't you just replace your use of NSLog() with a custom function that calls through to NSLog if some debug condition is set (perhaps some compiler flag or preprocessor macro) and just eats the log message if in a release build?

          • Re: is it possible to read another app's NSLog output?
            eskimo Apple Staff Apple Staff (7,190 points)

            cmarstall wrote:

            Having a debate with my team about the security risk of using NSLog() in an app in the app store.

            What platform are you working on?


            bob133 wrote:

            Well, those logs are stored in a file somewhere

            Just FYI, on iOS NSLog does not write to a file; log entries are held in a small in-memory buffer.  However, that does not necessarily assuage cmarstall’s concerns.


            Finally, be aware that logging has completely changed in the currently-seeded OS releases.  WWDC 2016 Session 721 Unified Logging and Activity Tracing has the details, but one key point is that log entries can now be flagged as containing personally identifiable information (PII).

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"