Android Read Log Permission

| 1 comment | android

When reading this post about the Facebook SDK writing a line to your Android phone's log file, I was interested to see what other applications wrote sensitive data to the log.

The log is available to any application that has the READ LOG permission. This permission is marked dangerous but users are confronted with this message:

Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information.

From what I have seen, that word "potentially" needs to be changed to "most definitely".

On my Samsung Galaxy S2, I found that all my texts and emails were written to the log file in plain text. I even wrote a proof of concept application to read my emails.

I see no good reason as to why applications would need to write any private data to the log. The permission is there in the first place for easy debugging which makes sense, but just writing whole emails and texts to the log makes no sense. When I receive a text, a notification is written to the notification bar which includes the text contents, including the name of the contact - this whole string, for some reason, is written to the log file. Likewise whenever I open an email in the Gmail application, the whole content of the email is written to the log file.

I did try and reach out to Google and Samsung about this issue, but after a couple of weeks have not heard anything back.

Google do not seem to be following their own advice that states:

Application developers should be careful writing to on-device logs. In Android, logs are a shared resource, and are available to an application with the READ_LOGS permission. Even though the phone log data is temporary and erased on reboot, inappropriate logging of user information could inadvertently leak user data to other applications.

Firefox Aurora Web Inspector

| 0 comments | firefox html5 video webgl

I downloaded the pre-beta version of Firefox, named Firefox Aurora. I started experimenting with it and it seemed alright but did not support the range input type which was sad, but then I right-clicked and opened up the web inspector and saw this:

WOW! - Very cool.

The 3D view of the page structure allows you to pan around and zoom using WebGL. More details are on the Mozilla Development Blog.

20 years of Glasses - A Sample

| 0 comments | glasses

This is a sample of the numerous pairs of glasses I have been through in 20 years. They are, what I can tell, in chronological order, oldest at back to most recent at front. They have been accumulating in my house. I took them to the opticians today for recycling, they were very grateful.

Timeline of Glasses