Skip to content

MASTG-TEST-0263: Logging of StrictMode Violations

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

This test checks whether an app enables StrictMode in production. While useful for developers to log policy violations such as disk I/O or network operations in production apps, leaving StrictMode enabled can expose sensitive implementation details in the logs that could be exploited by attackers.

Steps

  1. Install the production build of your app on your device or emulator.
  2. Uses Monitoring System Logs to show the system logs StrictMode creates.
  3. Open the app and let it execute.

Observation

The output should contain a list of log statements related to StrictMode.

Evaluation

The test fails if an app logs any StrictMode policy violations.

Demos

MASTG-DEMO-0037: App Leaking Information about Unclosed SQL Cursor via StrictMode