Does it has to be invoked in application.onCreate()?

[H4oK3]

Hey, I would like to ask does Stetho.initializeWithDefaults(this) has to be invoked within application.onCreate()? I am a security researcher and using stetho for reverse engineering; I tried to invoke initializeWithDefaults(context) at some point after the activity has been rendered; and I only got <com.foo.bar.myapp></com.foo.bar.myapp> dumped with nothing inside. I assume this initializeWithDefaults has to be invoked no later than certain point so it can work well.

[longinoa]

What happens if you rotate the screen? I am assuming this is due to how the activity is loaded.

[jasta]

@H4oK3 hmm, not really sure what you're really after. Older versions of Android don't automatically detect activity transitions so you can end up only seeing the screens that were added after you attached. On newer Android versions though this isn't an issue since we use the global activity lifecycle listener (which we install eagerly during Stetho initialization and as an aside it's one of the only things we init eagerly).

If you're concerned about the security of Stetho I can speak pretty confidently to the design choices we made and why I'm confident that installing it on app create unconditionally is the right choice. Only a device with adb shell access will work and if your app configuration is in debug mode then already adb shell run-as would be possible so any notion of security from the connected peer's point of view is out the window.