PhoneHome: Remote Logging for Android (opens in new tab)

(mattspitz.me)

10 pointsmattspitz12y ago5 comments

5 comments

5 comments · 2 top-level

dz0ny12y ago· 2 in thread

"PhoneHome retrieves Hoot’s logs from mischievous devices without asking anything from the user."

Sentry anyone?

Sure, you could route it through Sentry or whatever other logging-type backend you'd like, but the Android library takes care of the indirection and batching for you.

dz0ny12y ago

Sentry+ACRA is my recipe :)

e28eta12y ago· 1 in thread

Looks like a good candidate for a feature that should be opt-in, depending on how interesting the data you're logging is.

Also, it might be interesting to increase the logging verbosity to the remote service for users who've opted in and are experiencing problems.

I wasn't aware reading from the log now required root, but I'm guessing it's still a best practice to avoid logging sensitive data and/or copious amounts to the system log in production applications.

mattspitzOP12y ago

Good points all around.

PhoneHome home doesn't send any data that your application couldn't otherwise expose. It just provides an easier way to do it for the developer.

Regarding sensitive data, Facebook has had issues leaking user tokens in logs, and I imagine they're not alone. The typical way to handle this is to put all the sensitive information (if you have to log it at all) at a certain level and then use ProGuard to strip the calls out of the bytecode when making a production build, but between Android and remote libraries, I found that this involves a lot of whack-a-mole to get a config file that works.

But, if you've got everything through a layer of indirection (using PhoneHome), it's easy enough just to switch on the BuildConfig.DEBUG to decide whether to print to the system log.

j / k navigate · click thread line to collapse

5 comments

5 comments · 2 top-level

dz0ny12y ago· 2 in thread

"PhoneHome retrieves Hoot’s logs from mischievous devices without asking anything from the user."

Sentry anyone?

mattspitzOP12y ago

Sure, you could route it through Sentry or whatever other logging-type backend you'd like, but the Android library takes care of the indirection and batching for you.

dz0ny12y ago

Sentry+ACRA is my recipe :)

e28eta12y ago· 1 in thread

Looks like a good candidate for a feature that should be opt-in, depending on how interesting the data you're logging is.

Also, it might be interesting to increase the logging verbosity to the remote service for users who've opted in and are experiencing problems.

I wasn't aware reading from the log now required root, but I'm guessing it's still a best practice to avoid logging sensitive data and/or copious amounts to the system log in production applications.

mattspitzOP12y ago

Good points all around.

PhoneHome home doesn't send any data that your application couldn't otherwise expose. It just provides an easier way to do it for the developer.

Regarding sensitive data, Facebook has had issues leaking user tokens in logs, and I imagine they're not alone. The typical way to handle this is to put all the sensitive information (if you have to log it at all) at a certain level and then use ProGuard to strip the calls out of the bytecode when making a production build, but between Android and remote libraries, I found that this involves a lot of whack-a-mole to get a config file that works.

But, if you've got everything through a layer of indirection (using PhoneHome), it's easy enough just to switch on the BuildConfig.DEBUG to decide whether to print to the system log.

j / k navigate · click thread line to collapse