问题
I intend to release my app to the App Store soon (after TestFlight). I have quite a few view controllers with print
statements in them. The print
statements are for testing purposes (debugger) and the user will never see them.
Will it make any difference if I do or don't include the print statements inside the app once I release it?
Will the print statements make any difference as far as reducing speed when switching between scenes even if by milliseconds?
Can I get rejected for including them inside my app?
In couple of vcs I print the uids just for clarity on my part. Are there any security risks by including those print statements in the app?
回答1:
I assume you are using Swift, then print
is completely safe, even for AppStore builds. You are not going to be rejected and it's not a security risk either.
print
, unlike similar NSLog
, is not going to produce any logs anywhere that would be visible to the user (e.g. in Xcode Device Console).
More info on the difference between print
and NSLog
: Swift: print() vs println() vs NSLog()
回答2:
The premise of the question assumes you are facing an adversary who wants to introspect your app. So the question you need to answer is: "to what extent do you want (or are required) to make it difficult for these people?".
All you are doing by using print instead of NSLog is raising the bar to introspection. There is no 100% guaranteed way to prevent an attacker from introspecting your app; assuming they are able to execute it on a device that has had its security compromised (ie. is jailbroken).
One system-level tweak i created, is to hook every print() call, and NSLog its arguments... thus converting a print() to an NSLog. Now there are tweaks like Logify, that will hook all classes and methods in an app so you can trace its execution flow completely, but this is a bit of a nightmare to read through.
If you are creating a particularly sensitive app and want to be make things harder, you could just wrap print() calls in a compiler statement to see if you are on a simulator:
#if TARGET_OS_SIMULATOR
print()
#endif
This is still a fallible mechanism, but does raise the bar even higher. Just depends what your requirements are :)
Me: Im a penetration tester for mobile apps, and have extensive experience in "how not to do things".
来源:https://stackoverflow.com/questions/43287231/should-i-release-an-app-to-the-app-store-with-print-statements-in-it