Issue #1776

Write tool to strip off privacy sensitive information from "logcat -b radio"

Added by Denis 'GNUtoo' Carikli 3 months ago. Updated 21 days ago.

Status:New Start date:01/14/2017
Priority:Normal Due date:
Assignee:Denis 'GNUtoo' Carikli % Done:

0%

Category:Telephony and mobile data
Target version:Replicant 4.2
Resolution: Device:

Description

Users sometimes have issues related to the telephony network. In that case a good way to know what is going on is to post the logs, unfortunately such logs contain privacy sensitive information.
Having such logs publicly available in the issue tracker, would be better.

To do that, stripping the privacy sensitive information should be possible. What is privacy sensitive and what is not might depend on the users and their use case.

There seem to be more request concerning the devices using the libsamsung-ipc, probably because they are more popular.

So starting by parsing the logs on the most recent/popular devices, like the i9300 would be a good idea.

The wiki page that lists the requests in samsung-ril might be a good starting point:
https://redmine.replicant.us/projects/replicant/wiki/Samsung-RIL

Denis.

History

Updated by Wolfgang Wiedmeyer about 1 month ago

If you need different logs for testing, I can send you a few. I got some because of the issue where certain SIM cards are not detected. For this particular issue, this tool would be quite useful as a full radio log from the device boot is needed.

Yesterday, I created a repo for user scripts. Currently, it contains scripts for usb tethering, the wifi dongle and for taking screenshots. Maybe we could include the tool there?

Updated by Wolfgang Wiedmeyer about 1 month ago

A suggestion for the meantime until the tool is implemented:

If users need to submit a full radio log for a particular issue, they could attach it encrypted to the issue. I could update GettingLogs with instructions how to encrypt the log using your, Paul's and my public key.

This would keep private messages to a minimum and users are still encouraged to submit an issue. Users, who are offered to send the log in a private message, usually don't bother to open an issue separately.

We could then still paste relevant parts unencrypted in the issue comments, as long as we have ensured that the parts don't contain privacy-sensitive information.

Updated by dje dje 21 days ago

I agree, in the #1783, I can't post the logs due to sensitive informations. A tool like this is interesting, I'm in to develop it.
It could be a bash script which captures relevant logs, filters sensitive informations and encrypts the whole filtered logs (because it's not possible to be aware about all sensitive informations from the beginning.).

I found from my logs that

  1. Libsamsung-ipc library logs :
    • IMEI in IPC FMT Data for IPC_MISC_ME_VERSION command.
    • ...
  1. TelephonyManager logs :
    • androidboot.serialno (phone serial number)
    • ...

What other kinds of sensitive informations could be removed ?

Updated by Wolfgang Wiedmeyer 21 days ago

dje dje wrote:

It could be a bash script which captures relevant logs, filters sensitive informations and encrypts the whole filtered logs (because it's not possible to be aware about all sensitive informations from the beginning.).

I'm not sure if it's worth it to create such a script if the log is encrypted in the end, anyway. The goal is to be able to publicly share the logs, so everyone can contribute in solving the issue while the privacy of the submitter is protected. It should be possible to catch all the sensitive information with high certainty. As Denis wrote, all the requests from Samsung-RIL need to be checked and it needs to be investigated what information other RIL-related parts like UiccCard print. There aren't many of these. Then the script can be safely used for all devices that use Samsung-RIL.

I found from my logs that

  1. Libsamsung-ipc library logs :
    • IMEI in IPC FMT Data for IPC_MISC_ME_VERSION command.
    • ...
  1. TelephonyManager logs :
    • androidboot.serialno (phone serial number)
    • ...

What other kinds of sensitive informations could be removed ?

IMSI, IccId and the telephony number might be somewhere, too. This is just from the top of my head. There is also information related to the telephony provider. But I don't consider this privacy-sensitive as long as it is not specific to a single user.

In the meantime, I added a section to GettingLogs with instructions to encrypt the logs.

Also available in: Atom PDF