

PhoneHome: Remote Logging for Android - mattspitz
http://mattspitz.me/post/69143620992/phonehome-remote-logging-for-android

======
e28eta
Looks like a good candidate for a feature that should be opt-in, depending on
how interesting the data you're logging is.

Also, it might be interesting to increase the logging verbosity to the remote
service for users who've opted in and are experiencing problems.

I wasn't aware reading from the log now required root, but I'm guessing it's
still a best practice to avoid logging sensitive data and/or copious amounts
to the system log in production applications.

~~~
mattspitz
Good points all around.

PhoneHome home doesn't send any data that your application couldn't otherwise
expose. It just provides an easier way to do it for the developer.

Regarding sensitive data, Facebook has had issues leaking user tokens in logs,
and I imagine they're not alone. The typical way to handle this is to put all
the sensitive information (if you have to log it at all) at a certain level
and then use ProGuard to strip the calls out of the bytecode when making a
production build, but between Android and remote libraries, I found that this
involves a lot of whack-a-mole to get a config file that works.

But, if you've got everything through a layer of indirection (using
PhoneHome), it's easy enough just to switch on the BuildConfig.DEBUG to decide
whether to print to the system log.

------
dz0ny
"PhoneHome retrieves Hoot’s logs from mischievous devices without asking
anything from the user."

Sentry anyone?

~~~
mattspitz
Sure, you could route it through Sentry or whatever other logging-type backend
you'd like, but the Android library takes care of the indirection and batching
for you.

~~~
dz0ny
Sentry+ACRA is my recipe :)

