ADR‐002: Move Android Logs to Protected App Data Folder - status-im/status-wiki GitHub Wiki

ADR-002: Move Android Logs to Protected App Data Folder

Status: Draft
Date: 2025-03-11
Deciders: @Frank @icaro @pavlo_burykh @Samuel
Participants: Mobile Core Team, Mobile QA Team
Context: Status Android app

TL;DR

To improve user privacy and align with best practices, Android logs will be moved from the public downloads directory to the app's private data directory. While this restricts adb pull access on non-rooted devices, mitigation strategies such as shake-to-share and multi-app log sharing have been implemented.

Context

Historically, Android logs were stored in a publicly accessible download directory to simplify access for developers and QA. However, this posed privacy and security risks:

  • Log files were accessible to other apps and users with physical access.
  • Sensitive user data could be unintentionally exposed or mishandled.

As Status places a high priority on user privacy, a move to store logs in the app’s protected internal storage was proposed. This would improve data safety but could introduce friction for QA and support workflows.

Decision

We will store log files in the app’s internal protected storage (e.g. context.getFilesDir()) instead of the public download directory.

This decision is based on:

  • Aligning with Android’s security recommendations.
  • Ensuring logs are only accessible to the app itself.
  • Reducing accidental data exposure in production environments.

To support existing workflows:

  • The shake-to-share functionality remains available from all app states, including pre-login.
  • Multi-app log sharing (e.g. via Telegram or Files) is supported using Intent.ACTION_SEND.
  • Additional fallback options are being considered to address edge cases (e.g. log size limits, crashes during init).

Consequences

Positive

  • Enhances user privacy by isolating log data.
  • Prevents unintended access to sensitive debug info.
  • Keeps developer workflows intact via emulator or adb shell.
  • Offers improved UX with shake-to-share and broader sharing options.

Negative

  • Prevents adb pull access on non-rooted physical devices.
  • QA must rely on in-app log sharing, which may be less flexible.
  • Catastrophic crashes that block app startup may prevent access to logs.

Alternatives Considered

  • Keep logs in the public directory — Rejected due to security concerns.
  • Make log location configurable per build type — Adds maintenance complexity.
  • Use root access for physical device debugging — Not feasible or scalable.

Next Steps

  • Redirect log storage to protected app data folder.

  • Support multi-app log sharing using `Intent.ACTION_SEND`.

  • Owner: Frank — Investigate fallback UI to save logs to OS file system.

  • Owner: QA Team — Monitor QA feedback on log sharing workflows.

  • Owner: Frank / icaro — Document new logging and sharing flow in internal QA/dev guides.

References

  • Discord conversation threads from March 6–21, 2025 (Mobile & QA channels).
  • Testing feedback from @pavlo_burykh regarding log file size issues.
  • Comparison with iOS multi-app log sharing behaviour.