2

Crashlytics is powerful , but it uploads the dSYM files to server automatically for crash issues analyzing, is that safe enough?

Suge
  • 2,808
  • 3
  • 48
  • 79
  • 1
    What kind of things that you see it is not safe enough, to get understanding of this, please check http://stackoverflow.com/questions/22460058/how-is-a-dsym-file-created – Nghia Luong Jul 06 '15 at 09:30
  • Eh.., sorry for my low level of `dSYM` understanding, I was worrying, is it easier to decompile `dSYM` than the release binary file ? – Suge Jul 06 '15 at 09:35

1 Answers1

6

It's a matter of convenience and trust. Are you afraid that Crashlytics team will hack your app? Or are you afraid someone is listening on your network and will intercept the dSYM file while it's uploading? Theoretically access to the dSYM will make hacking an app easier, but it is still possible even without having the dSYM file.

Most of the clients that I've worked with were fine with using external crash reporting services, but you should always ask before using them.

Malthan
  • 7,005
  • 3
  • 20
  • 22
  • Eh..., I'm a litte ecurity obsessive-compulsive, I'll think about what you asy. – Suge Jul 06 '15 at 10:03
  • In my opinion being able to fix bugs and prevent crashes is worth the risk, but of course that depends on the kind of app you're making, if you're handling banking or medical data then the added security is worth more difficult crash fixing. – Malthan Jul 06 '15 at 10:12
  • Yes, your opinion is keerect, I can follow it to the decision-making。 – Suge Jul 06 '15 at 14:54