Concern over Motorola access to log files

stevehsteveh

Well-known member
Jun 1, 2010
148
17
0
Visit site
Is anyone besides me concerned over the access Motorola through MotoBlur has to log files on the phone? As an example; I write medical software a d if I crash while browsing a confidential file the patient name may be exposed, which is a violation of HIPAA (federal) and I am potentially liable.
Another example, you are browsing or viewing information that you don?t necessarily want others to be aware of and you crash, the log of what you were doing is automatically sent to Moto.
I find this disturbing and creepy. I bought a phone, did not relinquish my privacy to Moto. This is way too intrusive for me, and because you must register for MotoBlur, this is part of the rights given to the, and they use this frequently.:mad:
 

jess.hickey

Well-known member
Nov 23, 2010
491
61
0
Visit site
I posted something about some issues over on the moto site a week or two ago and they came back and said that my crash logs showed x,y & z. I replied back asking how did they get that data and here is their response

Crash data is reported back to Motorola to help better analyze failures and so we can promplty fix any major problems seen in the field. For example, the significant number of crashes in different 3rd party applications allows us to follow up with the authors of those applications so they can make the necessary updates to minimize or eliminate future crashes on ATRIX.

With this sort of real world feedback we can ensure the software upgrades our consumers receive address not only the functional issues reported in the forum, but the major crashes and device resets as well.

I don't think they have access to the information, they can just see what apps were running when a crash occurred. Others here might have more insight into this. I would recommend posting over on their forums and see if they can provide you with exactly what info they have access to.

I personally don't have an issue with it but I am not dealing with confidential information like you are. However, this is going to become more of an issue as we all continue to live out of "the cloud".
 

corneliusm

Well-known member
Jan 6, 2011
170
25
0
Visit site
Is anyone besides me concerned over the access Motorola through MotoBlur has to log files on the phone? As an example; I write medical software a d if I crash while browsing a confidential file the patient name may be exposed, which is a violation of HIPAA (federal) and I am potentially liable.
Another example, you are browsing or viewing information that you don’t necessarily want others to be aware of and you crash, the log of what you were doing is automatically sent to Moto.
The android crash log contains a stack trace and some other [non-invasive] debugging info. It will not send open files back to Google or Motorola, but the trace may contain sensitive info if the file handles (ie- filenames, paths, etc) contain anything that might identify a patient. Also, if you're dumb enough to be logging patient data (unencrypted) to android.util.Log, you should be liable.

Disclaimer- I am a software engineer, and I used to work at a medical device company developing 3D GUIs for physicians to assist them with operating on their patients. I had actually researched a very similar issue dealing with the Microsoft crash handler (since our stuff ran on Windows- it wasn't safety critical). Problem is, our systems supported remote operation via TCP/IP, and was connected to the internet (web browsers were disabled however). If it crashed, a Doc could hit "send report" on the crash dialog, which did send stuff to Microsoft. Turns out we didn't violate HIPAA as long as our stack trace remained clean.
 
Last edited:
  • Like
Reactions: stevehsteveh

stevehsteveh

Well-known member
Jun 1, 2010
148
17
0
Visit site
Corneliusum, thanks for the succinct answer. No, I'm not dumb enough to expose unencrypted info but I was conerned about fragments left in memory and captured by the log. Again, thanks.
 

corneliusm

Well-known member
Jan 6, 2011
170
25
0
Visit site
Corneliusum, thanks for the succinct answer. No, I'm not dumb enough to expose unencrypted info but I was conerned about fragments left in memory and captured by the log. Again, thanks.
I wasn't implying you personally were dumb, but it wouldn't surprise me if someone was logging sensitive info to a publicly-accessible log. There are a *lot* of dumb developers out there that do things that cause me to scratch my head and wonder how they managed to graduate college... but that's another story. :)