Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Is Your Private Information Logged? An Empirical Study on Android App Logs

Zhiyuan Chen, Soham Sanjay Deo, Poorna Chander Reddy Puttaparthi, Vanessa Nava-Camal, Yiming Tang, Xueling Zhang, Weiyi Shang

TL;DR

This study addresses the privacy risks inherent in Android app logs by conducting an empirical investigation across three dimensions: real-world developer concerns, the prevalence of privacy leaks in a constructed Android log dataset, and the characteristics of leaking logs. The authors built a public dataset from 83 apps (with longitudinal updates to 78 latest versions), identified 610 privacy-leak points in the old data and 651 in the new data, and categorized leaks by data structure and logging context. They found five developer-concern categories, with the largest share focusing on replacing sensitive information, and demonstrated that most leaks originate from app-internal logs rather than third-party libraries, though third-party libraries can propagate leaks. The work reveals that privacy leaks in Android app logs often involve complex data structures, especially JSON, and that many leaks occur at runtime due to higher logging levels, underscoring the need for improved privacy-aware logging practices and tooling for detection and mitigation.

Abstract

With the rapid growth of mobile apps, users' concerns about their privacy have become increasingly prominent. Android app logs serve as crucial computer resources, aiding developers in debugging and monitoring the status of Android apps, while also containing a wealth of software system information. Previous studies have acknowledged privacy leaks in software logs and Android apps as significant issues without providing a comprehensive view of the privacy leaks in Android app logs. In this study, we build a comprehensive dataset of Android app logs and conduct an empirical study to analyze the status and severity of privacy leaks in Android app logs. Our study comprises three aspects: (1) Understanding real-world developers' concerns regarding privacy issues related to software logs; (2) Studying privacy leaks in the Android app logs; (3) Investigating the characteristics of privacy-leaking Android app logs and analyzing the reasons behind them. Our study reveals five different categories of concerns from real-world developers regarding privacy issues related to software logs and the prevalence of privacy leaks in Android app logs, with the majority stemming from developers' unawareness of such leaks. Additionally, our study provides developers with suggestions to safeguard their privacy from being logged.

Is Your Private Information Logged? An Empirical Study on Android App Logs

TL;DR

This study addresses the privacy risks inherent in Android app logs by conducting an empirical investigation across three dimensions: real-world developer concerns, the prevalence of privacy leaks in a constructed Android log dataset, and the characteristics of leaking logs. The authors built a public dataset from 83 apps (with longitudinal updates to 78 latest versions), identified 610 privacy-leak points in the old data and 651 in the new data, and categorized leaks by data structure and logging context. They found five developer-concern categories, with the largest share focusing on replacing sensitive information, and demonstrated that most leaks originate from app-internal logs rather than third-party libraries, though third-party libraries can propagate leaks. The work reveals that privacy leaks in Android app logs often involve complex data structures, especially JSON, and that many leaks occur at runtime due to higher logging levels, underscoring the need for improved privacy-aware logging practices and tooling for detection and mitigation.

Abstract

With the rapid growth of mobile apps, users' concerns about their privacy have become increasingly prominent. Android app logs serve as crucial computer resources, aiding developers in debugging and monitoring the status of Android apps, while also containing a wealth of software system information. Previous studies have acknowledged privacy leaks in software logs and Android apps as significant issues without providing a comprehensive view of the privacy leaks in Android app logs. In this study, we build a comprehensive dataset of Android app logs and conduct an empirical study to analyze the status and severity of privacy leaks in Android app logs. Our study comprises three aspects: (1) Understanding real-world developers' concerns regarding privacy issues related to software logs; (2) Studying privacy leaks in the Android app logs; (3) Investigating the characteristics of privacy-leaking Android app logs and analyzing the reasons behind them. Our study reveals five different categories of concerns from real-world developers regarding privacy issues related to software logs and the prevalence of privacy leaks in Android app logs, with the majority stemming from developers' unawareness of such leaks. Additionally, our study provides developers with suggestions to safeguard their privacy from being logged.
Paper Structure (33 sections, 4 figures, 5 tables)

This paper contains 33 sections, 4 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Privacy Leaks in Software Logs
  4. Privacy Leaks in Android Apps
  5. Privacy Awareness about Information Leaks
  6. Study Design
  7. Research Questions
  8. Data Collection: Android App Log Generation and Collection.
  9. Subject apps
  10. User profile for testing
  11. Log generation
  12. Experimental Results
  13. Developers' Concerns about Privacy Issues Related to Software Logs (RQ1).
  14. (a) The developers are attempting to replace sensitive user information in the software logs with non-sensitive information (35.59%)
  15. (b) The developers use software logs to seek the solution to privacy-related issues (27.12%)
  16. ...and 18 more sections

Figures (4)

  • Figure 1: An overview of our study.
  • Figure 2: Logging level distribution for the android logs with privacy leaks.
  • Figure 3: The location of privacy leaks in the Android app logs.
  • Figure 4: Privacy leaking Android app logs' logging level distribution across different privacy leaking log data structure categories.