encorej / acra

Automatically exported from code.google.com/p/acra
0 stars 0 forks source link

Enhancement - provide a way to exclude certain SharedPreferences or BUILD values due to privacy. #70

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Include report field BUILD or
2. Include application shared preferences

What is the expected output? What do you see instead?

All the contents of the BUILD and/or shared prefs are sent. However this may 
include some user sensitive details. For example, BUILD seems to have a 
"SERIAL" value for some devices that looks to be user specific. Same with the 
shared user prefs which may include emails, tokens, etc which should not be 
transmitted

What version of the product are you using? On what operating system?
version 4.2.3

Please provide any additional information below.

Resolved this myself by adding two new fields to the ReportCrashes and extra 
code in ReflectionCollector, SharedPreferencesCollector as attached. This could 
be a bit better - for example the ReflectionCollector can run on any input 
class so may be wise to find a way to omit fields specific to a certain class 
and not ones who happen to have the same name on another class!

Original issue reported on code.google.com by hbls00...@gmail.com on 29 Aug 2011 at 4:01

Attachments:

GoogleCodeExporter commented 8 years ago
I really need this feature, because I store the login data in my Preferences 
and I am not okay with uploading login-Data from my users..

Original comment by tucanmob...@daniel-thiem.de on 4 Nov 2011 at 7:45

GoogleCodeExporter commented 8 years ago
Hi,

You could either:
- encrypt your user passwords with a hash algorythm (storing clear text 
password is never a good idea), unless you are storing passwords that have to 
be checked on a remote server which requires the clear text password.
- store values you want to keep private in a specific SharedPreferences: ACRA 
only reports the default SharedPreferences and any other SharedPreferences you 
provide with the additionalSharedPreferences parameter.

I'll have a look at hbls00190 proposed modification but I won't put the highest 
priority on this.

Kevin

Original comment by kevin.gaudin on 4 Nov 2011 at 9:05

GoogleCodeExporter commented 8 years ago
Hi Kevin,

Both of them are security over obscurity. Better way is store password in 
Account manager.

Anyway it would be good if some of next version of ACRA allows filter any value 
from any field. The default implementation could be filtering fields by 
configuration from an annotation.

Original comment by martin.sloup on 3 Jun 2012 at 5:58

GoogleCodeExporter commented 8 years ago
I'm adding an annotation parameter which allows to pass an array of regular 
expressions. Any SharedPreferences key matching one of these regexps is 
excluded of the data collection.

Original comment by kevin.gaudin on 16 Jun 2012 at 9:47

GoogleCodeExporter commented 8 years ago

Original comment by kevin.gaudin on 7 Sep 2012 at 9:31