Should I release an app to the App Store with print statements in it?

Question

I intend to release my app to the App Store soon (after TestFlight). I have quite a few view controllers with print statements in them. The print statements are for testing purposes (debugger) and the user will never see them.

Will it make any difference if I do or don't include the print statements inside the app once I release it?

Will the print statements make any difference as far as reducing speed when switching between scenes even if by milliseconds?

Can I get rejected for including them inside my app?

In couple of vcs I print the uids just for clarity on my part. Are there any security risks by including those print statements in the app?

No your app will not be rejected it's a good habit to clean your app as much as you can but still it doesn't affect your app. — Khalid Afridi, Apr 07 '17 at 21:27

score 19 · Accepted Answer · edited May 23 '17 at 10:30

19

I assume you are using Swift, then print is completely safe, even for AppStore builds. You are not going to be rejected and it's not a security risk either.

print, unlike similar NSLog, is not going to produce any logs anywhere that would be visible to the user (e.g. in Xcode Device Console).

More info on the difference between print and NSLog: Swift: print() vs println() vs NSLog()

edited May 23 '17 at 10:30

Community

1
1

answered Apr 07 '17 at 21:51

Tom Kraina

3,159
1
31
53

thanks. I only used printf because the description for print that of an actual printer. Your answer is exactly what I needed to know :) – Lance Samaria Apr 08 '17 at 02:05
Thank you for this answer. I was unsure about the safety. – A. Petrizza Jul 25 '18 at 01:09

score 2 · Answer 2 · answered Nov 05 '18 at 13:54

The premise of the question assumes you are facing an adversary who wants to introspect your app. So the question you need to answer is: "to what extent do you want (or are required) to make it difficult for these people?".

All you are doing by using print instead of NSLog is raising the bar to introspection. There is no 100% guaranteed way to prevent an attacker from introspecting your app; assuming they are able to execute it on a device that has had its security compromised (ie. is jailbroken).

One system-level tweak i created, is to hook every print() call, and NSLog its arguments... thus converting a print() to an NSLog. Now there are tweaks like Logify, that will hook all classes and methods in an app so you can trace its execution flow completely, but this is a bit of a nightmare to read through.

If you are creating a particularly sensitive app and want to be make things harder, you could just wrap print() calls in a compiler statement to see if you are on a simulator:

#if TARGET_OS_SIMULATOR
    print()
#endif

This is still a fallible mechanism, but does raise the bar even higher. Just depends what your requirements are :)

Me: Im a penetration tester for mobile apps, and have extensive experience in "how not to do things".

interesting answer. Makes sense that a determined individual would get in one way or another. I came across this code, I forgot which SO post, but it said that it would kill all print statements when pushing your app live. Just add it to the AppDelegate. func print(_ items: Any...) { #if DEBUG; Swift.print(items[0]); #endif; } — Lance Samaria, Nov 05 '18 at 14:06

Should I release an app to the App Store with print statements in it?

2 Answers2

Linked

Related