Prevent All Debug Logs

Prevent All Debug Logs is an Android hardening control that suppresses logging output produced by the protected app process. It combines a build-time pass over the host app's bytecode with a runtime suppression layer that silences logging from any code loaded into the app at runtime.

Use this control when:

• Release builds should not expose application or third-party debug messages through logcat.
• The app includes development logging calls that were not removed by the original build.
• You want to prevent logging from bundled SDKs, framework helpers, vendor overlays, or dynamically loaded code that you do not control at build time.

How It Works

Prevent All Debug Logs operates in two layers:

• Build-time pass. During Android wrapping, AppTego scans decompiled bytecode and replaces common managed logging call sites with no-op instructions while preserving valid control flow. This covers Android Log calls, System.out and System.err style PrintStream output, Timber, SLF4J, and java.util.logging. The legacy Android READ_LOGS permission is also removed when present.
• Runtime suppression. When the protected app launches, AppTego installs a process-wide log suppression layer that discards messages produced by any code running inside the app process — including app code, bundled SDKs, framework helpers, and vendor overlays. Standard output and standard error from native code are routed away from the system logger as well.

Logs emitted by other processes on the device — including the operating system, other apps, separate isolated services, or external accessory firmware — are outside the app process and are not affected by this control.

How to Enable the Control

Navigate to Code Obfuscation from the AppTego portal, and expand the Metadata Reduction section. Under this section you will find the Prevent All Debug Logs control. Click Enable to include it in the next protected Android build.

API Configuration Example

{
  "PreventAllDebugLogs": {
    "protection": true
  }
}

Compatibility Notes

• Validate support, analytics, and crash reporting flows after enabling this control. Some apps intentionally use logs for local support workflows. Crash reporters that read logcat from outside the app process continue to work; in-process log scrapers do not.
• Calls such as Log.isLoggable() are preserved because their return values can affect application control flow.
• This control requires a protected rebuild. Once enabled, both layers activate automatically when the app starts; there is no live runtime toggle.

Related Controls

• Strip Debug Info
• Set Debuggable to False
• Encrypt All Code