MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging

Deprecated Test

This test is deprecated and should not be used anymore. Reason: New version available in MASTG V2

Please check the following MASTG v2 tests that cover this v1 test:

• Logging of StrictMode Violations

Overview

Static Analysis

To determine whether StrictMode is enabled, you can look for the StrictMode.setThreadPolicy or StrictMode.setVmPolicy methods. Most likely, they will be in the onCreate method.

The detection methods for the thread policy are:

• detectDiskWrites()
• detectDiskReads()
• detectNetwork()

The penalties for thread policy violation are:

• penaltyLog(): Logs a message to LogCat.
• penaltyDeath(): Crashes application, runs at the end of all enabled penalties.
• penaltyDialog(): Shows a dialog.

Have a look at the best practices for using StrictMode.

Dynamic Analysis

There are several ways of detecting StrictMode; the best choice depends on how the policies' roles are implemented. They include

• Logcat,
• a warning dialog,
• application crash.