AccuWeather, what had you hired? Monkeys?
I’m an Android developer so every day i’m reading and confronting with logs. Logs here, logs there, logs everywhere. ADB is my friend.
Since Retrofit is the most popular HTTP client for Android, we want to see our requests and responses. In this case, Square comes to our rescue with Interceptors.
We add an interceptor easy as:
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(Level.BASIC);
client.addInterceptor(logging);All our requests and responses will be logged to our Logcat. The problem comes when we just add that interceptor as it is. We want and need to show logs only in DEBUG. We don’t want to show those logs when app is in production and available to Google Play.
In this case, we should add that interceptor only in DEBUG. As a quick fix, we add it to OkHttp using a validation in this way:
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(Level.BASIC);
if(BuildConfig.DEBUG)
client.addInterceptor(logging);Obviously, there are many ways to handle this.
Constant BuildConfig.DEBUG is true only when the application is in development, in this case we want our logs from Retrofit to be printed only now, not when is in production. We can send secrets in those requests, in this case we don’t want to show those to everyone. Those secrets can be our credit card informations, as example.
While developing applications i saw that AccuWeather is still printing HTTP traffic to console. In those logs i can observe an API Key. That key has some limitations in free version, but it can give precious informations about weather. Here is an example:
As i can see, AccuWeather has interceptor level set to Level.BODY , meaning we can see also headers and body content, means more and more informations are leaking.
As i know, they have a pricing plan available here. Is not the most expensive plan, but money are money. Since they have a pricing plan, why the are still printing HHTP traffic to console? In this case, anyone can build an app with weather informations for free using this service.
And i want to you to know, i see those logs for more than 2–3 years with the same API Key.
AccuWeather, what had you hired? Monkeys?
If you need better developers, send me an email.
