Information disclosure via logcat
Android applications may leak sensitive information either inherently or as a result of harmful influence. When this happens, it's called an Information disclosure vulnerability. This recipe talks about how to check an application for potential leaks of sensitive information by inspecting the Android logcat, which is used by the application developers as a debugging tool. We will also talk about how you can take advantage of one of Android's built-in benchmarking tools to help make logcat inspection a little more rewarding.
Getting ready
Before we begin, you will need the following:
An emulator or an Android device set up and connected to your machine via ADB, this will require USB Debugging to be enabled on your Android device
The Android Debug Bridge (ADB)
Before beginning with this recipe, you should have already downloaded and updated your Android SDK. You should have either set up your PATH
variables appropriately, or you should be in the working directory...