Let's say you have a app which uses passwords. During development, you want to troubleshoot some things, and use NSLog() to print out the password to see if it is working properly.
At a certain moment you are happy and everything is working. You send your app to Apple and finally the app is accepted and submitted to the App store.
You forgot to remove the NSLog() which output the password....
Is there any way this can be bad? Or is there any way a hacker can listen to those NSLogs()?
Yes, this could be very bad, if your app crashes. Once users sync their device, the crash logs will make their way to their computer, along with the content of NSLog. This makes plaintext passwords available to anyone with a binary file reader.
For example, if Alice gives her phone to Bob, then Bob enters his password, completes his task, logs off, and gives Alice her phone back. Then your app crashes. Once Alice syncs her phone, she gains access to Bob's password.