这是一个经过编辑的问题 - 已经找到问题的根源,所以添加了我自己的答案。 Logcat几乎输出了与UI的每次互动,包括我们输入的密码框(用**突出显示的“密码”一词的开头):
D/cr_Ime (10392): [ImeAdapter.java:313] showSoftKeyboard
D/cr_Ime (10392): [InputMethodManagerWrapper.java:47] showSoftInput
D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [] [0 0] [-1 -1] [true]
D/cr_Ime (10392): [ImeAdapter.java:387] dispatchKeyEvent: action [0], keycode [44]
D/cr_Ime (10392): [AdapterInputConnection.java:393] sendKeyEvent [0] [44] [112]
D/cr_Ime (10392): [AdapterInputConnection.java:239] updateSelectionIfRequired [1 1] [-1 -1]
D/cr_Ime (10392): [InputMethodManagerWrapper.java:74] updateSelection: SEL [1, 1], COM [-1, -1]
D/cr_Ime (10392): [ImeAdapter.java:253] updateKeyboardVisibility: type [2->2], flags [66], show [false],
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [p] [1 1] [-1 -1] [false]
D/cr_Ime (10392): [ImeAdapter.java:387] dispatchKeyEvent: action [1], keycode [44]
D/cr_Ime (10392): [AdapterInputConnection.java:393] sendKeyEvent [1] [44] [112]
D/cr_Ime (10392): [ImeAdapter.java:387] dispatchKeyEvent: action [0], keycode [29]
D/cr_Ime (10392): [AdapterInputConnection.java:393] sendKeyEvent [0] [29] [97]
D/cr_Ime (10392): [AdapterInputConnection.java:239] updateSelectionIfRequired [2 2] [-1 -1]
D/cr_Ime (10392): [InputMethodManagerWrapper.java:74] updateSelection: SEL [2, 2], COM [-1, -1]
D/cr_Ime (10392): [ImeAdapter.java:253] updateKeyboardVisibility: type [2->2], flags [66], show [false],
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [•a] [2 2] [-1 -1] [false]
D/cr_Ime (10392): [ImeAdapter.java:387] dispatchKeyEvent: action [1], keycode [29]
D/cr_Ime (10392): [AdapterInputConnection.java:393] sendKeyEvent [1] [29] [97]
D/cr_Ime (10392): [ImeAdapter.java:387] dispatchKeyEvent: action [0], keycode [47]
D/cr_Ime (10392): [AdapterInputConnection.java:393] sendKeyEvent [0] [47] [115]
D/cr_Ime (10392): [AdapterInputConnection.java:239] updateSelectionIfRequired [3 3] [-1 -1]
D/cr_Ime (10392): [InputMethodManagerWrapper.java:74] updateSelection: SEL [3, 3], COM [-1, -1]
D/cr_Ime (10392): [ImeAdapter.java:253] updateKeyboardVisibility: type [2->2], flags [66], show [false],
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [••s] [3 3] [-1 -1] [false]
在混合sendKeyEvent
中还输出了按键的ASCII / UTF代码。这是在Genymotion模拟设备和实际设备上发生的 - 都使用发布apk。在发布模式下,这种行为更加明显 - 只输出上面的**日志条目,这样可以很容易地看到密码是什么:
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [p] [3 3] [-1 -1] [false]
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [•a] [3 3] [-1 -1] [false]
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [••s] [3 3] [-1 -1] [false]
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [•••s] [3 3] [-1 -1] [false]
**D/cr_Ime (10392): [AdapterInputConnection.java:174] updateState [••••s] [3 3] [-1 -1] [false]
等等...
答案 0 :(得分:0)
经过一段时间的挖掘后,测井发生在人行横道核心与地铁之间的某处。 chrome本机代码,它似乎不受您在Cordova配置中设置的日志记录级别的影响。解决方案是使用ProGuard删除对android日志记录方法的引用,方法是指定删除对这些方法的所有调用是安全的。建议的配置是:
-keep class ** { *; }
#Remove the logging classes - do not remove e, this has security implications...
-assumenosideeffects class android.util.Log {
public static *** d(...);
public static *** w(...);
public static *** v(...);
public static *** i(...);
}
-keep class ** { *; }
或多或少保留所有课程 - YMMV,您可能需要更积极的清理来降低您的APK大小。
在线帮助建议在自定义配置旁边使用默认的proguard-android.txt配置。在大多数情况下,这是一个很好的建议但不幸的是,对于这个用例,包含标记-dontoptimize
,它禁用了我们需要删除日志记录的-assumenosideeffects
子句。这是意外的并且导致了很多困难 - 我对这些东西不熟悉并且无法弄清楚我是什么"出错了"在我们的自定义配置中,而我正在测试的配置默认是禁用的。
为了解决这个问题,我从build .gradle中删除了对默认Proguard配置的引用:
android {
buildTypes {
release {
minifyEnabled = true
// Original line with our custom proguard-android.pro for reference:
// proguardFile getDefaultProguardFile('proguard-android.txt'), 'proguard-android.pro'
proguardFiles 'proguard-android.pro'
}
}
}
接下来,我复制了默认Proguard文件的内容并粘贴到我们自定义文件的开头,删除了有问题的-dontoptimize
标志。