Closed AlexTrott closed 4 years ago
We appreciate the heads up on this! I've been able to reproduce this with current App Store downloaded apps on an iOS 14 device, so it's something we'll be releasing a fix for very shortly.
The route we're taking is to entirely remove the Log Monitor feature from the iOS SDK. The primary use case was for folks who weren't familiar with using Console.app on a connected Mac to get log information back to us. That doesn't really apply to the typical person running debug builds, and it does add some complexity and log noise to our SDK.
@frankus thats awesome to here! Thanks for the heads up, do you want me to close this PR?
Sure. Thanks again for bringing this to our attention.
Reason: In iOS 14 users can now see when we are calling the pasteboard. When the Apptentive sdk fails to start ApptentiveLogMonitor, users are made aware of this, and believe the app is snooping on them.
After further investigation, I have found
ApptentiveLogMonitor
constantly fails to start on iOS 13 & 14 (haven't been able to verify iOS 12 and below) which leads to every time you open the appApptentiveLogMonitor
looking at the clipboard and then if it is of a certain format send that code off to Apptentive servers.A malicious user could send anything to the
/debug/verify
which could impact the Apptentive service. This PR stopsrelease
build of the application from looking at the pasteboard, and from sending anything of suitable format to the apptentive endpoint/debug/verify
Related Issue: https://github.com/apptentive/apptentive-ios/issues/274
Changes: Adds debug compiler flag around debug only code in Apptentive