Skip to content

MASTG-TEST-0231: References to Logging APIs

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

This test verifies if an app uses logging APIs like android.util.Log, Log, Logger, System.out.print, System.err.print, and java.lang.Throwable#printStackTrace.

Steps

  1. Use either Static Analysis on Android with a tool such as semgrep to identify all logging APIs.

Observation

The output should contain a list of locations where logging APIs are used.

Evaluation

The test fails if an app logs sensitive information from any of the listed locations.

Mitigations