24

I am getting very conflicting information regarding the use of android.permission.READ_LOGS Android permission. Firstly, the Android Documentation website does not specify the protection level of this permission. It is neither classified as normal, nor dangerous. They do specify the following:

"Not for use by third-party applications, because Log entries can contain the user's private information."

Some websites say not to use it for the same privacy concerns. However I have some issue with that:

  1. When I tested this permission in my app on Android 7.1.1 (Nexus 5X) and Android 4.4.2 (old Samsung 8" tablet), neither of them prompted me that the app required this permission. Both said that the app requested "no special permissions". This only happens if the permission is deemed "normal", in which case it is automatically granted.
  2. Secondly, using this permission, I can only view logs from logcat pertaining to my app, which does not log any personal information. Hence, I don't violate any privacy either. I thought this permission may allow me to see other app's logs, causing privacy issues.

So, if this is the case, then is it deemed safe to use this permission in a production version of the app? It would help me a lot in debugging strange bugs users face if they can send me a logcat by the press of a button.

EDIT: Ok, now I am quite confused. It appears that I don't need to explicitly specify this permission in the manifest either.

lite-whowantstoknow
  • 799
  • 3
  • 9
  • 18
  • 1
    Well, after further digging, this thread on github corroborates my observations and it appears to be okay to use the permission: https://github.com/ACRA/acra/issues/292 – lite-whowantstoknow Jul 23 '17 at 22:48
  • Okay, it appears that I do not need the READ_LOGS permission on either Android 7 or Android 4.4, as I tested it. So, why do people mention that you need this permission for reading logs on all websites I read? – lite-whowantstoknow Jul 23 '17 at 22:54

1 Answers1

24

Is READ_LOGS a normal or dangerous Android permission?

Neither. As of Android 7.1, it is signature|privileged|development. That basically means that apps signed as part of the firmware build or installed on the privileged partition can hold the permission, but nothing else can.

the Android Documentation website does not specify the protection level of this permission

Correct. READ_LOGS is still in the SDK, for backwards-compatibility reasons, but ordinary apps have not been able to hold it since Android 4.1, which came out five years ago.

This only happens if the permission is deemed "normal", in which case it is automatically granted.

No.

I thought this permission may allow me to see other app's logs, causing privacy issues.

It did, on Android 4.0 and earlier.

then is it deemed safe to use this permission in a production version of the app?

Well, bear in mind that there has never been a documented and supported way for apps to access LogCat contents. Most likely, you're using one of the script-kiddie solutions that have been posted, such as running the logcat command and capturing its output. So, it is entirely possible that there are devices, now or in the future, that will not support your particular approach towards accessing LogCat. So, the permission is not your problem; the lack of a supported API for LogCat access is your problem.

Personally, I'd use a logging library to log the content to both a file and to LogCat, using the file for whatever your app needs it for.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • 2
    Thanks for the quick response. This was very confusing indeed, but I think I finally got it. Your answer, along with this: https://stackoverflow.com/a/16795874/2611713 clarified this for me. My use case fits the current scenario, as I only want to read logs created by my app due to any unexpected crashes. I am using this method to read my own logs: https://stackoverflow.com/a/20497850/2611713. I dunno if that is considered a script-kiddy approach! My main source of confusion was the need for the permission. – lite-whowantstoknow Jul 23 '17 at 23:05
  • Also, I target min API of 19. So I don't need to worry about backward compatibility either. – lite-whowantstoknow Jul 23 '17 at 23:06
  • @lite-whowantstoknow: "I dunno if that is considered a script-kiddy approach" -- yes, insofar as the availability of the `logcat` command is not guaranteed, and the behavior of any on-device `logcat` command is not documented. – CommonsWare Jul 23 '17 at 23:08
  • I see. In any case, I handle errors there gracefully. I do collect logs directly to a file as well for other debugging purposes, but for some bugs I just cannot seem to do it without logcats. This has to do with getting a list of installed apps using packagemanager API, but it is erroring out. But that is a different matter! – lite-whowantstoknow Jul 23 '17 at 23:15
  • @CommonsWare "Could you please suggest a library which will save the log messages to a file". I can see so many and not able to choose the right one. Thanks – Kameswari Nov 11 '19 at 06:04
  • But system app with READ_LOGS permission can still read logs of other applications through logcat in non rooted device? – Arsenius Oct 09 '20 at 15:29
  • @Arsenius: I assume so, though I have never tried it nor read much about it. – CommonsWare Oct 09 '20 at 16:34
  • Is it possible to read only logs of the current app though? Even without a permission? If so, how is it done? – android developer Mar 15 '21 at 12:41
  • @androiddeveloper: "Is it possible to read only logs of the current app though? Even without a permission?" -- in principle, yes. Personally, I have never done it. My understanding is that it involves running a shell command from inside the app. – CommonsWare Mar 15 '21 at 13:00
  • @CommonsWare It could be useful for the common task of "send logs to developer". – android developer Mar 15 '21 at 13:19