Card information shown in the card.io logs

Question

Card information shown in the card.io logs

bande14 opened this issue 8 years ago · comments

bande14 commented 8 years ago

General information

SDK/Library version: 5.4.0

compile 'io.card:android-sdk:5.4.0'

Issue description

Using an app with log disabled we can still see some logs reported by the card.io library with confidential information in it. Please take into account that the library shows the last four digits of the PAN, the payment scheme and - when successful - also the expiry date. We tried to remove such logs but we were not able - any hint?

See below for instance:

01-17 16:32:14.073 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.139 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.206 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.248 16039-16039/? D/CardScanner: detected card: {MasterCard: •••• •••• •••• 6658}
01-17 16:32:14.248 16039-16039/? D/CardIOActivity: onCardDetected()
01-17 16:32:14.250 16039-16039/? D/CardScanner: setFlashOn: false
01-17 16:32:14.273 636-15231/? W/libsonylc: Invalid ConfigID 24 25

Issue seen for all devices and Android OS used.

Luke Korth · Answer 1 · Wed Mar 15 2017 03:26:18 GMT+0800 (China Standard Time)

Logging this information is less than ideal. We'll make some changes to remove the logging in the next version.

Luke Korth · Answer 2 · Sat Mar 18 2017 02:36:32 GMT+0800 (China Standard Time)

The fix for this was just released in 5.5.1

bande14 · Answer 3 · Mon Mar 20 2017 21:12:45 GMT+0800 (China Standard Time)

Thank you guys!