Skip to main content

Android Data Scrubbing

Memfault provides configurable, on-device & server-side scrubbing of Android data. To configure data scrubbing, navigate to Settings and Data Scrubbing.

Allowed Application IDs

note

Memfault will start filtering by Allowed Patterns when the first Allowed Pattern rule is added, so it is important to add a comprehensive set of Allowed Patterns.

The first processing step applied is to include log lines only from applications that match one or more Allowed Patterns.

For example, the Allowed Pattern:

  • com.memfault.* would allow logs from applications whose ID started with com.memfault.
  • * would match all application IDs and let all log lines pass.

Logs from applications that match any pattern will be allowed. Logs from applications that do not match any pattern will be scrubbed.

Data scrubbing is applied at the time of processing, so it will not be retroactively applied to data that has already been processed.

Android OS Application IDs

In addition to your own application IDs, you may wish to add the following Allow Patterns to ensure that system applications are included:

android*
com.android.*

Text Scrubbing

note

Text scrubbing rules will only be applied if one or more Allowed Pattern have been added.

Memfault can also perform additional scrubbing of logs that may appear to contain sensitive information, such as email addresses or credentials.

If text scrubbing is enabled, a string that appears to be sensitive will be replaced with a hash of that string, rendering it obfuscated. Since it is replaced with a stable hash, you will still be able to see if the same string appears multiple times in the logs.

Tombstone Scrubbing

Tombstone files captured by the Android SDK can optionally be scrubbed before upload to remove the content of memory/code dumps. Stacktraces will remain untouched. This can be controlled by navigating to Settings and Data Sources.

Custom Scrubbing Rules

note

Custom log scrubbing rules will only be applied on-device, to Caliper-collected log files (not to bugreports).

If there are specific types of data that should not be uploaded, then custom scrubbing rules may be defined in the Android SDK. These are added in CustomLogScrubber.kt by customizing the clean method. This will be called for every log line collected by Caliper. The return value will be uploaded by Bort, in place of the input (by default, the input is returned directly, which has no effect). This is in addition to the other scrubbing rules mentioned above.

Server-side vs On-device scrubbing

Uploaded bug reports are always scrubbed server-side, filtering traces and scrubbing logs based on the configured rules described above.

The same rules are fetched by the Android SDK and used to filter Caliper traces and scrubs logs on-device. The rules are synchronized to the devices using the Over the Air Settings system, so they can be updated at any time using the Memfault dashboard.