Privacy configuration for Android Logging Framework
In the Android Logging Framework, the settings to control data masking and blocking and the fields to use to specify what is controlled are available in the TLFConfigurableItems.properties file.
The same method of blocking or masking is applied to all items configured to be controlled. You cannot specify multiple methods of blocking or masking.
Default Privacy Configuration for Android
In the default TLFConfigurableItems.properties file, the privacy configuration settings are specified to mask data:
#Masking settings
HasMasking=true
MaskIdList=com.tealeaf.sp:id\/EditText*,com.tealeaf.sp:id\/login.password
HasCustomMask=true
SensitiveSmallCaseAlphabet=x
SensitiveCapitalCaseAlphabet=X
SensitiveSymbol=#
SensitiveNumber=9
In the configuration, privacy in Android is defined as follows:
- Since HasMasking=true, privacy is enabled.
- Since HasCustomMask=true, a custom mask is applied. So, data masking is enabled. If it was false, then it would use blocking.
- The masking characters are defined in the Sensitive settings.
The list of fields in the response data to which to apply the mask is defined in the MaskIdList, where fields are delineated by a comma. In the default configuration, there are two fields, defined by using regular expressions.
- Field
- Description
- com.tealeaf.sp:id\/EditText*
- For the specified namespace, privacy masking is applied to all fields whose id includes /EditText. For Android applications, this configuration applies privacy to all fields where text is entered, which is the safest, most conservative privacy configuration.
- com.tealeaf.sp:id\/login.password
- For the specified namespace, privacy masking is applied any field that includes /login.password, which might correspond to the identifier for the password field in your application.
In the above, the value before the colon in each regular expression (com.tealeaf.sp) identifies the namespace to which the regular expression is applied.
You can use these configuration settings or modify them to meet the requirements for your application. The following sections describe data blocking and data masking in general, and examples are provided later in the section.
Configuring data blocking
To configure data blocking in the Android Logging Framework, set the following values in the TLFConfigurableItems.properties file:
- Item ID
- Value
- HasMasking
- Set this value to true.
- MaskIdList
- Comma-delimited ids or regular expressions to find ids.
- HasCustomMask
- Set this value to false.
- SensitiveSmallCaseAlphabet
- Do not specify a value.
- SensitiveCapitalCaseAlphabet
- Do not specify a value.
- SensitiveSymbol
- Do not specify a value.
- SensitiveNumber
- Do not specify a value.
When the HasCustomMask setting is set to false, the masking function returns an empty string, which is inserted in place of the value to be masked.
For more information about these settings, see "Tealeaf® Android Logging Framework Configuration File" in the IBM® Tealeaf Android Logging Framework Reference Guide.
Configuring masking
To configure data masking, you must set HasCustomMask to true and augment the example configuration with the masking characters. These values are set in the TLFConfigurableItems.properties file:
- Item ID
- Description
- HasMasking
- Set this value to true.
- MaskIdList
- Comma-delimited ids or regular expressions to find ids.
- HasCustomMask
- Set this value to false.
- SensitiveSmallCaseAlphabet
- This single value specifies the masking character that is applied to lowercase letters. It can be any string value.
- SensitiveCapitalCaseAlphabet
- This single value specifies the masking character that is applied to uppercase letters. It can be any string value.
- SensitiveSymbol
- This single value specifies the masking character that is applied to symbol characters. It can be any string value.
- SensitiveNumber
- This single value specifies the masking character that is applied to numerals. It can be any string value.