MASTG-TEST-0041: Testing for Debugging Code and Verbose Error Logging
Deprecated Test
This test is deprecated and should not be used anymore. Reason: New version available in MASTG V2
Please check the following MASTG v2 tests that cover this v1 test:
Overview¶
Static Analysis¶
To determine whether StrictMode ↗ is enabled, you can look for the StrictMode.setThreadPolicy or StrictMode.setVmPolicy methods. Most likely, they will be in the onCreate method.
The detection methods for the thread policy are:
detectDiskWrites()detectDiskReads()detectNetwork()
The penalties for thread policy violation are:
penaltyLog(): Logs a message to LogCat.penaltyDeath(): Crashes application, runs at the end of all enabled penalties.penaltyDialog(): Shows a dialog.
Have a look at the best practices ↗ for using StrictMode.
Dynamic Analysis¶
There are several ways of detecting StrictMode; the best choice depends on how the policies' roles are implemented. They include
- Logcat,
- a warning dialog,
- application crash.