Skip to content

MASTG-TEST-0263: Logging of StrictMode Violations

Overview

This test checks whether an app enables StrictMode in production. While useful for developers to log policy violations such as disk I/O or network operations in production apps, leaving StrictMode enabled can expose sensitive implementation details in the logs that could be exploited by attackers.

The target of this test is the production build of the app.

Steps

  1. Use Installing Apps to install the app.
  2. Use Monitoring System Logs to show the system logs StrictMode creates.
  3. Open the app and let it execute.

Observation

The output should contain a list of log statements related to StrictMode.

Evaluation

The test case fails if an app logs any StrictMode policy violations.

Demos

MASTG-DEMO-0037: App Leaking Information about Unclosed SQL Cursor via StrictMode