Closed Bug 770912 Opened 13 years ago Closed 13 years ago

Excessive logging could violate user privacy

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
All
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
Firefox 18

People

(Reporter: kats, Assigned: kats)

Details

Attachments

(1 file, 1 obsolete file)

Patch (unbitrotted)
17.49 KB, patch
mfinkle
: review+
Details | Diff | Splinter Review
Attached patch Patch (obsolete) — Splinter Review
Right now we're logging every URL the user visits to logcat, which is A Bad Idea(TM). (see http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf) The attached patch removes (or disables) the ones I could find by looking in logcat and the code. There might be more.
Attachment #639113 - Flags: review?(mark.finkle)
Review ping. This has bitrotted a lot but if it's worth landing this then I can un-bitrot it.
Comment on attachment 639113 [details] [diff] [review] Patch >diff --git a/mobile/android/base/Favicons.java b/mobile/android/base/Favicons.java >+ private static final boolean VIOLATE_PRIVACY = false; Let's not even do this. It's a compile time thing so specific logging could be added just as easily. > private BitmapDrawable downloadFavicon(URL faviconUrl) { > try { > uri = faviconUrl.toURI(); > } catch (URISyntaxException e) { >- Log.d(LOGTAG, "Could not get URI for favicon URL: " + mFaviconUrl); Let's just log "Could not get URI for favicon", which will let people know the exception was hit. > } catch (MalformedURLException e) { >- Log.d(LOGTAG, "The provided favicon URL is not valid: " + e); "The provided favicon URL is not valid" > void handleDoorHanger(JSONObject geckoObject) throws JSONException { >- Log.i(LOGTAG, "DoorHanger received for tab " + tabId + ", msg:" + message); >+ Log.i(LOGTAG, "DoorHanger received for tab " + tabId); Completely remove this > else if (Intent.ACTION_VIEW.equals(action)) { > String uri = intent.getDataString(); > GeckoAppShell.sendEventToGecko(GeckoEvent.createURILoadEvent(uri)); > Log.i(LOGTAG,"onNewIntent: " + uri); Remove this one too? > else if (action != null && action.startsWith(ACTION_WEBAPP_PREFIX)) { > String uri = getURIFromIntent(intent); > GeckoAppShell.sendEventToGecko(GeckoEvent.createWebappLoadEvent(uri)); >- Log.i(LOGTAG,"Intent : WEBAPP (" + action + ") - " + uri); >+ Log.i(LOGTAG,"Intent : WEBAPP (" + action + ")"); Let's just remove it > else if (ACTION_BOOKMARK.equals(action)) { > String uri = getURIFromIntent(intent); > GeckoAppShell.sendEventToGecko(GeckoEvent.createBookmarkLoadEvent(uri)); >- Log.i(LOGTAG,"Intent : BOOKMARK - " + uri); >+ Log.i(LOGTAG,"Intent : BOOKMARK"); Remove too r+, I agree we need to stop putting private info in the logs. Brian just mentioned this to me today regarding Private Browsing mode. Thanks for re-pinging.
Attachment #639113 - Flags: review?(mark.finkle) → review+
Unbitrotted and addressed review comments. Enough has changed that I'd like re-review. In particular I found a few more places were printing out the URLs so I removed those as well.
Attachment #639113 - Attachment is obsolete: true
Attachment #659455 - Flags: review?(mark.finkle)
Attachment #659455 - Flags: review?(mark.finkle) → review+
https://hg.mozilla.org/mozilla-central/rev/d5557d37be66
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 18
Changes are applied on the latest Nightly build. Closing bug as verified fixed on: Firefox 18.0a1 (2012-09-11) Device: Galaxy Note OS: Android 4.0.4
Status: RESOLVED → VERIFIED
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: