- https://github.com/OWASP/MSTG-Hacking-Playground/wiki/Android-App#omtg_datast_002_logging
- https://github.com/OWASP/MSTG-Hacking-Playground/tree/master/Android/MSTG-Android-Java-App/app
The intent here is to show that logging sensitive data is leading to information disclosure. Even if debugging is disabled in the AndroidManifest, the app can be repackaged and debugging can be enabled. Therefore all logging and debugging code should be deleted before creating a production release.
adb shell ps | grep owasp
adb logcat | grep [pid]
Tools used