IBM Support

PH07893: IOS DEVICE LOGS SHOW SENSITIVE DATA LIKE ADAPTER RESPONSES AND ACCESS TOKENS IN DEVICE LOGS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Product components impacted: SDK
Affected mobile development environments: Hybrid
Mobile Devices Operating Systems impacted: iOS
User roles impacted: Developer
Distribution: Fix Central
Versions affected: 7.1
iOS application running in release mode shows sensitive data
 like adapter responses and access tokens in device logs

Local fix

  • MobileFirst SDK v7.1 by default is built with log level as
debug. So unless a developer explicitly use OCLogger setLevel
API to set it to
Error or FATAL, by default the app using MFP print responses
from the MobileFirst server.
You  should make use of following API to prevent debug
information getting printed on device in release mode.
[OCLogger setLevel:OCLogger_ERROR];

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* Developers of MobileFirst apps on iOS native & Hybrid        *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Potentially sensitive data such as adapter responses are     *
* printed in the device logs on iOS. This is because the       *
* server responses are logged in debug mode and the            *
* MobileFirst SDK prints all debug statements by default       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

  • The MobileFirst SDK was modified to prevent logging of
potentially sensitive information even in debug mode.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH07893
    • 

  • Reported component name
    MOBILE1ST PF EN
    • 

  • Reported component ID
    5725I4300
    • 

  • Reported release
    710
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-01-29
    • 

  • Closed date
    2019-02-20
    • 

  • Last modified date
    2019-02-20
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MOBILE1ST PF EN
    • 

  • Fixed component ID
    5725I4300
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            20 February 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback