From 78c16557afaf904a5d8ac5b867f25d0452a4f6fa Mon Sep 17 00:00:00 2001 From: dadachi Date: Wed, 25 Mar 2026 15:26:54 +0900 Subject: [PATCH 1/2] Prevent sensitive data from leaking to iOS console in Release builds Migrate Failure/Event logging to os.Logger with .private sensitivity for PII fields, and wrap all remaining print() calls with #if DEBUG guards to strip keychain data, NFC tag IDs, and error details from Release builds. Co-Authored-By: Claude Opus 4.6 (1M context) --- NativeAppTemplate/Logging/Logger.swift | 14 ++++++-------- NativeAppTemplate/Login/LoginRepository.swift | 4 ++++ NativeAppTemplate/Login/SignUpRepository.swift | 2 ++ NativeAppTemplate/NFCManager.swift | 4 ++++ .../Persistence/KeychainStore/KeychainStore.swift | 2 ++ NativeAppTemplate/Utilities/Utility.swift | 4 ++++ 6 files changed, 22 insertions(+), 8 deletions(-) diff --git a/NativeAppTemplate/Logging/Logger.swift b/NativeAppTemplate/Logging/Logger.swift index 34dbdb2..09e7d80 100644 --- a/NativeAppTemplate/Logging/Logger.swift +++ b/NativeAppTemplate/Logging/Logger.swift @@ -3,6 +3,10 @@ // NativeAppTemplate // +import os + +private let appLogger = os.Logger(subsystem: "com.nativeapptemplate", category: "app") + struct Failure { static func signUp(from source: (some Any).Type, reason: String) -> Self { .init(source: source, action: "signUp", reason: reason) @@ -63,13 +67,7 @@ struct Failure { private let reason: String func log() { - print( - [ - "source": source, - "action": action, - "reason": reason - ] - ) + appLogger.error("source: \(self.source, privacy: .public), action: \(self.action, privacy: .public), reason: \(self.reason, privacy: .private)") } } @@ -95,6 +93,6 @@ struct Event { private let action: String func log() { - print("EVENT:: \(["source": source, "action": action])") + appLogger.info("EVENT:: source: \(self.source, privacy: .public), action: \(self.action, privacy: .public)") } } diff --git a/NativeAppTemplate/Login/LoginRepository.swift b/NativeAppTemplate/Login/LoginRepository.swift index fda2957..e5f45e1 100644 --- a/NativeAppTemplate/Login/LoginRepository.swift +++ b/NativeAppTemplate/Login/LoginRepository.swift @@ -18,7 +18,9 @@ import Foundation let loggedInShopkeeper = try keychainStore.retrieve() _currentShopkeeper = Shopkeeper(from: loggedInShopkeeper) } catch { + #if DEBUG print(error) + #endif } } return _currentShopkeeper @@ -86,7 +88,9 @@ import Foundation do { try keychainStore.remove() } catch { + #if DEBUG print(error) + #endif } } } diff --git a/NativeAppTemplate/Login/SignUpRepository.swift b/NativeAppTemplate/Login/SignUpRepository.swift index 3f6c823..0e65b48 100644 --- a/NativeAppTemplate/Login/SignUpRepository.swift +++ b/NativeAppTemplate/Login/SignUpRepository.swift @@ -100,7 +100,9 @@ import Foundation do { try keychainStore.remove() } catch { + #if DEBUG print(error) + #endif } } } diff --git a/NativeAppTemplate/NFCManager.swift b/NativeAppTemplate/NFCManager.swift index 80b930a..602638b 100644 --- a/NativeAppTemplate/NFCManager.swift +++ b/NativeAppTemplate/NFCManager.swift @@ -205,7 +205,9 @@ extension NFCManager: NFCNDEFReaderSessionDelegate { isLock: isLock ) { error in guard error == nil else { return } + #if DEBUG print(">>> Write: \(userNdefMessage)") + #endif } } @@ -263,6 +265,8 @@ extension NFCManager: NFCNDEFReaderSessionDelegate { func readerSessionDidBecomeActive(_ session: NFCNDEFReaderSession) {} func readerSession(_ session: NFCNDEFReaderSession, didInvalidateWithError error: Error) { + #if DEBUG print("readerSession error: \(error.localizedDescription)") + #endif } } diff --git a/NativeAppTemplate/Persistence/KeychainStore/KeychainStore.swift b/NativeAppTemplate/Persistence/KeychainStore/KeychainStore.swift index f1152c6..3ac03ed 100644 --- a/NativeAppTemplate/Persistence/KeychainStore/KeychainStore.swift +++ b/NativeAppTemplate/Persistence/KeychainStore/KeychainStore.swift @@ -60,7 +60,9 @@ extension KeychainStore { func store(_ data: DataType) throws { let archived: Data + #if DEBUG print("data: \(data)") + #endif do { archived = try NSKeyedArchiver.archivedData(withRootObject: data, requiringSecureCoding: true) } catch { diff --git a/NativeAppTemplate/Utilities/Utility.swift b/NativeAppTemplate/Utilities/Utility.swift index d1b67f3..0257a80 100644 --- a/NativeAppTemplate/Utilities/Utility.swift +++ b/NativeAppTemplate/Utilities/Utility.swift @@ -75,12 +75,16 @@ enum Utility { if let itemTagId = item.value { itemTagInfo.id = itemTagId } + #if DEBUG print("item_tag_id: \(String(describing: itemTagInfo.id))") + #endif case "type": if let type = item.value { itemTagInfo.type = type } + #if DEBUG print("type: \(String(describing: itemTagInfo.type))") + #endif default: break } From 9c29fc67a34f92db75cbb1706090d6423890775e Mon Sep 17 00:00:00 2001 From: dadachi Date: Wed, 25 Mar 2026 17:03:34 +0900 Subject: [PATCH 2/2] Improve Failure log format for better readability Co-Authored-By: Claude Opus 4.6 (1M context) --- NativeAppTemplate/Logging/Logger.swift | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/NativeAppTemplate/Logging/Logger.swift b/NativeAppTemplate/Logging/Logger.swift index 09e7d80..873e051 100644 --- a/NativeAppTemplate/Logging/Logger.swift +++ b/NativeAppTemplate/Logging/Logger.swift @@ -67,7 +67,13 @@ struct Failure { private let reason: String func log() { - appLogger.error("source: \(self.source, privacy: .public), action: \(self.action, privacy: .public), reason: \(self.reason, privacy: .private)") + appLogger.error( + """ + \(self.action, privacy: .public) \ + source=\(self.source, privacy: .public) \ + reason=\(self.reason, privacy: .private) + """ + ) } }