android

Android Read Log Permission

| 1 comment | android

When reading this post about the Facebook SDK writing a line to your Android phone's log file, I was interested to see what other applications wrote sensitive data to the log.

The log is available to any application that has the READ LOG permission. This permission is marked dangerous but users are confronted with this message:

Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information.

From what I have seen, that word "potentially" needs to be changed to "most definitely".

On my Samsung Galaxy S2, I found that all my texts and emails were written to the log file in plain text. I even wrote a proof of concept application to read my emails.

I see no good reason as to why applications would need to write any private data to the log. The permission is there in the first place for easy debugging which makes sense, but just writing whole emails and texts to the log makes no sense. When I receive a text, a notification is written to the notification bar which includes the text contents, including the name of the contact - this whole string, for some reason, is written to the log file. Likewise whenever I open an email in the Gmail application, the whole content of the email is written to the log file.

I did try and reach out to Google and Samsung about this issue, but after a couple of weeks have not heard anything back.

Google do not seem to be following their own advice that states:

Application developers should be careful writing to on-device logs. In Android, logs are a shared resource, and are available to an application with the READ_LOGS permission. Even though the phone log data is temporary and erased on reboot, inappropriate logging of user information could inadvertently leak user data to other applications.

Android

| 0 comments | android is my train delayed phone development trains

I have had my Samsung Galaxy S2 for a few weeks now and I have really enjoyed having a smartphone back in my pocket, after the demise of my iPhone.

Joining the Android Developer Program only cost $25 and I have now been experimenting with what I can get my phone to do.

A good starting point was to port ybsolo over to the Android Market. At the moment all the application does is open a web view but with the service being advertised in the market place, we hopefully will see some people trying it out.

Is My Train Delayed? is a perfect service for the mobile platform so I have been moving it to a native application. It is currently on the Android Market at version 4.0 as I have been adding features over the past few days.

Phone-screenshot

Currently at 146 downloads, it is doing quite well. It pulls the live data straight from National Rail and creates a nice scrollable table view. It also auto-completes station names. On the website, you can locate your nearest station, I am experimenting with this on the android application as well as detailed journey information in a popup window.