We're using Firebase Crash reporting in our app currently - and we've noticed something odd. In order to help us debug any crashes, we use FirebaseCrash.log to add information about the server requests/responses being made to our servers.
But recently, we've noticed that the logs are being redacted. From what we can tell, this is happening server side, leaving us with logs that look like this:
7:51:11.914 AM gmp_nav20_crash <-- 201
https://[REDACTED_DOMAIN_NAME][REDACTED_URL_BASIC](287ms, unknown-length body)7:51:11.626 AM gmp_nav20_crash --> POST
https://[REDACTED_DOMAIN_NAME][REDACTED_URL_BASIC]http/1.1 (67-byte body)
Is there any way we can disable this at least for certain domains? It makes tracking down exactly what went wrong more difficult than it should be, and doesn't provide any meaningful protections for the user that I can see.
As the comments above show this is not configurable and you want the results readable from the Firebase console, I suggest processing the URL in a way that obfuscates the fact it is a URL while leaving it human readable. Just make sure you're careful to only do this to non-sensitive information - especially if you are in Europe with new GDPR regulations.
It could be as simple as:
url.replaceAll("\\.", "[dot]");
But I'd suggest masking the protocol (and maybe the slashes) too
url.replaceAll("https://", "[secure]")
.replaceAll("http://", "")
.replaceAll("\\.", "[dot]");
Edit (To answer bounty question: "Is it legal to track Base64 encoded URLs and domain names according to Firebase policies?")
According to the Firebase Policies page
You will not facilitate the merging of personally-identifiable information with non-personally identifiable information unless you have robust notice of, and the user's prior affirmative (i.e., opt-in) consent to, that merger.
Assuming you have not asked for consent, I would take this to mean you should also strip any queries or identifiable information from the URL.
Again this could be as simple as splitting the string at the first or last slash (if present), depending which parts of the url are important to you