From Logging to Leakage: A Study of Privacy Leakage in Android App Logs

Android is the most popular mobile operating system, which attracts countless users. However, Android app logs, which record Android runtime information, are often overlooked in privacy leakage vulnerability research. Existing studies on privacy leakage vulnerabilities in Android apps primarily focus on static and dynamic analysis, with a lack of comprehensive studies specifically addressing privacy leakage vulnerabilities in Android app logs. In this paper, we propose to conduct a comprehensive study to fill this research gap. Our study includes two aspects: (1) gathering real-world developers' views on privacy leakage vulnerabilities in Android app logs and (2) exploring the status of privacy leakage vulnerabilities in the latest Android app logs. Our preliminary results indicate the potential of this study.

Privacy leakage in software logs, especially in Android apps, has become a major concern. While the significance of software logs in debugging and monitoring software state is well recognized, the exponential growth in log size has led to challenges in identifying unexpected information, including sensitive user information. This paper provides a comprehensive study of privacy leakage in Android app logs to address the lack of extensive research in this area. From a dataset constructed from PlayDrone-selected Android apps, we analyze privacy leaks, detect instances of privacy leakage, and identify third-party libraries that are implicated. The findings highlight the prevalence of privacy leaks in Android app logs, with implications for user security and potential economic losses. This study emphasizes the need for developers to be more aware and take proactive measures to protect user privacy in software logging practices.