4

The Problem

I am working with an Android app where user data is being saved to a database encrypted by SQLCipher. The Android keystore is being used to store the keys. There is a device specific issue happening (likely to do with the data that is being saved). I can potentially get my hands on the device that is experiencing this issue, however, from what I can find, the info I can extract from the said device is very limited. Is there any possible way I can somehow attach a debugger to the current APK that is loaded onto the device or somehow replace it with a debuggable version without losing the user data?

The device is running android 6.0.1 and I am using Android Studio

What I found trying to debug the release APK

When I connect an android tablet loaded with the APK that was downloaded from the PlayStore, the only data I am able to see are the app specific debug logs using logcat (Android Studio). When I try to debug the app, Android Studio is telling me to uninstall the existing APK first before I can load the debuggable APK. However, this will delete existing data, which I do not want to happen.

Other things I have tried to solve my original problem

Try to get the specific user to send me their problematic database

This won't work as I don't have access to the private key, so I would not be able to decrypt the data even if I got the file.

Try to get specific user to send me the app logs

This won't work as since Android 4.1, app specific logs are private to only those specific apps (unless the device is rooted, which the device in question is not, and rooting it is not really an option). This actually leads to another, lightly related, question I have. Why am I able to see the application specific logs in logcat even though they are not visible when view logs on an unrooted device through an app such as CatLog?

Vladimir Jovanović
  • 2,261
  • 2
  • 24
  • 43
crazyshark
  • 133
  • 1
  • 11
  • Cant you install debug version on the problematic device and reproduce the error? If it is rooted phone you can save the corupted DB, reinstall the app and overwrite the DB – X3Btel Feb 08 '17 at 16:02

1 Answers1

6

You can install a debuggable APK by simply signing with your release keys instead of the debug ones and making sure the Debug flag is set. I always do this as it becomes a pain to keep uninstalling and reinstalling different versions especially when swapping between different computers with different debug keystores.

Installing an APK signed with your release keys will just perform an in place upgrade and leave all app data intact even if the debuggable flag is set.

e.g

 buildTypes {

    debug {
        minifyEnabled false
        debuggable true
        signingConfig signingConfigs.release
    }

    release {
        minifyEnabled false
        signingConfig signingConfigs.release
    }

}

You can get logs from a user device so long as the log was generated by your own app. Your own process is allowed to access your own apps log entries.

Read logcat programmatically within application

Community
  • 1
  • 1
Kuffs
  • 35,581
  • 10
  • 79
  • 92