Android app submission says, remove any logging before submission. Have a few question on this one
Is System.out.println considered as logging? How can I disable it across the app without having to remove it on by one
Tried android:debuggable="false" inside manifest, but eclipse says "Avoid hardcoding the debug mode; leaving it out allows debug and release builds to automatically assign one"
I have some third party jar files that shows Log statement when I test my app. How can I remove them, considering I don't have the source.
Suggestions are highly appreciated.
I'm sure you've come across the fact that you can do the if(GLOBAL_VALUE) trick, because your logs are already there!
Therefore, my suggestions is to use Proguard; http://developer.android.com/tools/help/proguard.html
The following proguard.cfg chunk instructs to remove Log.d calls.
-assumenosideeffects class android.util.Log {
public static *** d(...);
}
You can do it for other calls like Log.i, Log.e, etc based on the value you put there!
As for your Jar, if it is referencing the Android Log system, ProGuard should take care of that.
Related
Why the Google Play Console of my Production app crash reports (located in "Android Vitals" / "ANR and Crashes" and then select any crash to see a stack trace) contains a lot of ORs in the Stack Trace?
What does it mean? Which of that 12 methods actually caused the crash? Why the report so unclear?
Is there a way to get exact method name and ideally the line number in the report? (I have added mapping file under "Deobfuscation files").
The reason is that you are using Proguard for minifying and obfuscating your code (so far so good), and Proguard reuses the same method names as much as it can (i.e. as long as the signature of the methods are different) to minimize the number of letters it has to use. So the minified code contains most likely a dozen of methods with the name "a" in each class, and the stacktrace only gives you the method name, not its signature, so it's unfortunately impossible to know which one of the dozen "a" methods is being called, hence the deobfuscation tool gives you all the possibilities.
You can customise the Proguard configuration to avoid so many conflicts and hence make it easier to debug for you, but that will be at the cost of your app's size.
Edit: Use the -useuniqueclassmembernames flag to avoid these ORs. You can check the ProGuard manual for more details.
I had the same question some time ago:
Strange stacktrace reported by Google Play Console.
In my case i could notice that only one of the functions in each group could be the right one beacause the others where not invoked inside the "above" function.
I think this is a protection method against reverse engineering.
how to enable logger in specific screen of release-build in android?
I Realeased an APK in playstore which is obfuscated apk and Logger are disabled , When customers find some issues in that apk in specific screen. So i want to Enable Logger in that specific screen of release-build.
Is it possible, If Yes how can i acheive..??
Updated Question:
Apk release build - Obfuscated by DexGuard
Thanks
You could use Log.i. Information logs are always showed to users. See more.
If you used ProGuard to remove all logs from your application you should remove clearing of public static int i(...); from rules.
If it wasn't enough flexibility try Timber
And setup ReleaseTree for your release versions
It is not possible to enable logger in release builds. Instead of that you can use this lib to print log on your screen.
Another solution you can find an example of it here. It's really simple, just add a class OnScreenLog to your project
I am trying to use proguard to obfuscate the code of my Android app.
My problem is that some screen of my app work fine, some others show a blank screen (not entirely blank though, for example my top title bar display correctly, but the rest of the content is blank).
I have started with the basic settings:
proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
Then, in proguard-project.txt, I have tried to add:
-keep class {my.package.name}.** { *; }
No change
Then
-dontskipnonpubliclibraryclassmembers
No change
Then
-dontobfuscate
which obviously solved the problem but then there is no point since I want to obfuscate my code.
Any idea?
Look at the output ProGuard creates; it will tell you what classes got renamed and what classes got deleted (because they appear to be unused). You will need to modify your config to nether rename nor delete these classes of course. Typically, you can find an interaction between your AndroidManifest.xml and the pieces that are missing after obfuscation (and your logcat might even tell you what is missing). Less likely is that use of reflection led ProGuard to not realize the importance of keeping these things in tact.
If you decide you need full obfuscation for the things that are being altered yet are necessary, you'll need to create thin object proxys that are safe from obfuscation and know how to get to the real classes.
I am developing an android application where i am using a lot of Logs for printing values at console for debugging purpose. Now i am using Log.i() method in Android. Now actually what the problem , before i have to give to testing team, i have to remove all logs. When the number of classes in the project is small, i can remove it manually. But when the project contains 40 to 50 classes, it is humanly impossible to go to all classes and remove it manually. So is there any settings is availaible in eclipse so that i can remove or disable all logs by changing a single settings or configuration or else is there any jar file that helps for debugging much more easier than Log.i() method. Any suggestion or guidance is highly appreciable
Thanks inAdvance
the logs will be kept on the phone and any user/developer can check them out by installing apps like Catlog even without using adb! This is a problem as you stand to give unnecessary and at times, confidential data to users/other developers.
Simple way to solve this?
a. Use Proguard to automatically block all logs, more information in this stackoverflow thread
Here you can automatically block all logs at the bytecode level in Proguard
-assumenosideeffects class android.util.Log {
public static int v(...);
}
The above, for example would remove any verbose logging, more in this thread
b. I use a if(DEBUG) Log.i for all my logs, so that with one change of the boolean DEBUG i can switch on/off all logs
This answer referred from this link
Android hide logs in the application when upload to market
I've been using Log.whatever() calls to Log various bits of information as I've been developing my Android app. As I prepare to publish my app to the Android Marketplace, I'm trying to figure out what I need to remove.
According to the Android developer Dev Guide, before publishing, they suggest:
Deactivate any calls to Log methods in the source code.
How does one deactivate the Log methods? Obviously I could go through and erase them all (which is a bit of a pain) but is there some other way to deactivate Log calls that I'm unaware of?
Also, what danger is there to having Log calls in a published application? Can anyone install Eclipse, plugin in their phone and enable Debug mode and see all the same LogCat information that I see as I'm developing?
Also the Dev Guide suggests:
Remove the android:debuggable="true" attribute from the <application> element of the manifest.
I was unaware of this flag until now. What does it do exactly? I've been developing and debugging my app just fine up to this point and this flag is not set to true or false for in my Manifest.
Yes, anyone can install the Android SDK (with or without Eclipse) to view all log messages on your device.
I don't recommend completely removing your logging code, but instead wrap it, such as: if (DEBUG) Log.d(...) where DEBUG is some static boolean you define in a convenient place. I prefer to create a utility class so that all log calls across various classes can be enabled/disabled at once.
Simplest chnages for that would be to define one custom Class say MyLog, now replace all the calls of Log.d() to MyLog.d().
Now inside your class you can have one flag that can enable or disable logs.
hope this helps.
A good practice is to use something like if (DEBUG) Log.whatever, and then simply make DEBUG false.
There is no real danger except that you may expose some underlying implementaion which may expose glitches and hackable points in you app. The real problem is the performance penalty that you will get from logging too much.
As for android:debuggable="true", search for it in here
Finally, yes, Logcat logs are global and can be seen by anyone using the Android SDK.
Yes logs can be seen by anyone. Not only that, apps can collect logs programmatically: http://www.cuteandroid.com/five-android-logcat-related-open-source-apps-for-developers
So make sure you don't expose sensitive data as many apps collect logs - mine do in case of unhandled exceptions / crashes.
Yep, most certainly. Everyone can see them.
If you don't want that to happen, delete them from your code. It's quite normal though. I see a lot of apps using logs, and odds are that almost none of your users will be using that to check your logs.
I would recommend not wrapping your Log statements; depending on the size of your application that could take a while, will probably result in a fair bit of extra code and is just a hassle IMHO.
Instead I found configuring Proguard to automatically optimize your code and strip out Log statements when exporting an app release to be much easier. It will also obfuscate specified areas slowing down any reverse engineers that are trying to break your app.
If you do decide to go with Proguard you can put something like the following in your proguard-project.txt file to strip out log statements.
-assumenosideeffects class android.util.Log {
public static boolean isLoggable(java.lang.String, int);
public static int v(...);
public static int i(...);
public static int w(...);
public static int d(...);
public static int e(...);
}