Card information shown in the card.io logs
bande14 opened this issue · comments
General information
SDK/Library version: 5.4.0
compile 'io.card:android-sdk:5.4.0'
Issue description
Using an app with log disabled we can still see some logs reported by the card.io library with confidential information in it. Please take into account that the library shows the last four digits of the PAN, the payment scheme and - when successful - also the expiry date. We tried to remove such logs but we were not able - any hint?
See below for instance:
01-17 16:32:14.073 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.139 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.206 636-15231/? W/libsonylc: Invalid ConfigID 24 25
01-17 16:32:14.248 16039-16039/? D/CardScanner: detected card: {MasterCard: •••• •••• •••• 6658}
01-17 16:32:14.248 16039-16039/? D/CardIOActivity: onCardDetected()
01-17 16:32:14.250 16039-16039/? D/CardScanner: setFlashOn: false
01-17 16:32:14.273 636-15231/? W/libsonylc: Invalid ConfigID 24 25
Issue seen for all devices and Android OS used.
Logging this information is less than ideal. We'll make some changes to remove the logging in the next version.
The fix for this was just released in 5.5.1
Thank you guys!